Risk Management Structure
The risk management structure works toward the thorough reduction of risks on a Groupwide basis, and is led by the Risk Management and Compliance Committee. The Committee, chaired by the President and Chief Executive Officer, monitors risks on a Groupwide basis while also implementing measures to address any significant risks imposed on the Group.
Specific activities are carried out as per the Rules of Risk Management, and the risk management supervising section manages Groupwide risk management activities.
From Risk Assessment to Response
Risk responses are carried out repeating a PDCA cycle based on the following steps.
- Risks specific to operating divisions and Group companies can be added to the risk management ledger as appropriate, and assessed.
- In addition to the results of risk assessment at the Group level, significant risks at the Group level can be comprehensively determined and designated based on the Group’s business strategy, legal and regulatory changes inside or outside the Group, or other developments including information concerning the likelihood of a risk event occurring or the operating environment.
- Operating divisions and Group companies also carry out activities to address risks that they have identified themselves that are not designated significant risks at the Group level.
Significant Risks at the Group Level
Significant risks to the Yamaha Motor Group at the Group level are as follows, and are addressed under the guidance of the risk management supervising section.
“Cyber security” has been newly added as a significant risk at the Group level from 2018, and is being addressed Groupwide.
|2017 Significant Risks at the Group Level
||2018 Significant Risks at the Group Level
|Major accident involving a Yamaha product
||Major accident involving a Yamaha product
|Fire or explosion*
|Risk related to transfer pricing*
|Violation of antimonopoly law*
* The risk management supervising section has addressed the three risks of “Fire or explosion,” “Risk related to transfer pricing,” and “Violation of antimonopoly law” by establishing a structure to address these risks at the Group level, and with the establishment of this framework for continuous monitoring, these risks have been transferred from significant risk at the Group level designation to risks managed at the division level.
Crisis Management Structure and Activities
The Yamaha Motor Group works to minimize the damage from and quickly resolve crisis situations as per the “Rules for Initial Response to an Emergency.”
In the event of a disaster, accident, or compliance-related incident at the Group, the division involved will report to the risk management supervising section at the head office as per standards for determining the level of reporting, which are set in advance. If the reported event is of a scale significant enough to warrant the involvement of Group management or multiple divisions and/or companies, the risk management supervising section will refer the matter to a response team designated in advance, and an Emergency Countermeasure Headquarters, chaired by the Company President, will be established. The Headquarters will work to understand the situation and formulate a provisional response, and if necessary will promptly report on the matter to customers and related parties.
Business Continuity Planning
To prepare against envisioned risks that could impact the continuity of our business, Yamaha Motor has formulated “Rules of Business Continuity” and responds as per those Rules.
Yamaha Motor’s primary operations are concentrated in Shizuoka Prefecture, and could be affected if a major earthquake were to occur in the Nankai Trough. To prepare for this, we have formulated a Business Continuity Plan to maintain the continuity of business operations, based on the damage projected by government bodies and placing foremost priority on the lives and safety of our employees.
Specifically, buildings and equipment have been made earthquake and tsunami resistant, emergency stockpiles of food, water, and other essentials are maintained, emergency methods for telecommunications are in place, Companywide evacuation drills (including Group companies located nearby and night drills) and safety confirmation drills are carried out regularly, regular initial response drills are carried out at the headquarters and individual business units, procedures to restore operations have been clarified, and a system for gathering supply chain information is in place. These and other measures addressing both tangible and intangible effects are carried out comprehensively and continuously.
Another concern is the outbreak of a potentially global pandemic. To prepare for this possibility, Group companies identify issues that could affect the continuity of their operations and formulate response plans. Drills simulating actions to be taken at various stages prior to the full-scale outbreak of a pandemic are carried out regularly, and a structure is in place to guarantee that businesses are able to continue operating.
Structure for and Initiatives in Information Security
Management of information
The Yamaha Motor Group has formulated the Group Operational Guidelines for Information Management to ensure the proper handling of confidential information, including information received from customers and employees, and the Company’s financial and technical information. We aim to increase the awareness and understanding of these Guidelines at Group companies by sharing educational materials and other template tools with employees at those companies.
Organizations handling important information involving the Yamaha Motor Group regularly inspect the status of management and this information becomes the basis for reviews and revisions of information management. The results of these inspections are communicated to the employees in positions of each organization as a way to raise awareness of information management.
Employees handling personal information received from customers undergo training and education via compliance seminars held by the risk management supervising section and e-training. The risk management supervising section of the parent company also provides direct advice and guidance and other measures to ensure that customer information is handled appropriately.
No complaints were filed with regard to infringements of personal privacy in fiscal 2017.
Based on the IT Risk Management Group Guidelines, the Yamaha Motor Group has implemented IT-related information security measures for the entire Group, covering areas including access management, malware countermeasures, and disaster responses. Group employees also undergo IT risk training annually, and assessments are carried out every year at Group companies as we strive to strengthen security. In addition, given the increasing sophistication of cyberattacks in recent years, a set of new Cybersecurity Group Guidelines has been formulated covering both tangible and intangible aspects of cybersecurity to increase our protection against external attacks, and to detect an attack at an early stage and to minimize the damage in the event an attack were to occur. A Groupwide Computer Security Incident Response Team has also been established to prepare against unforeseen events and also to function as a structure for receiving and transmitting security information inside and outside the Company.