After deliberation by the Risk and Crisis Management Committee and the Management Board, Kao has selected the 14 particularly significant risks as the main risks that could have a negative impact on its sustained profitable growth and contribution to the sustainability of the world. We also review these main risks at least once every six months based on changes in the business environment.
The division in charge formulates countermeasures for main risks and manages its progress. Details of main risks are disclosed in the Annual Securities Report*1 .
We conducted a risk survey for Genba from the on-site operations perspective, interviews with management from the management perspective and analysis of the external environment to identify and assess the major risks and action issues that could hinder the achievement of the Mid-term Plan (K27). Among these, we have defined “corporate risks” as the risks that would have a major impact on management and require an enhanced response. The Risk and Crisis Management Committee examines the themes of these risks, and the Management Board decides upon risk themes and risk owners (Executive Officers). Each owner establishes a countermeasure team to carry out initiatives.
The Risk and Crisis Management Committee deliberates on the effectiveness of countermeasures and manages its progress, and the Management Board reviews themes every year. In its reviews, we also consider new corporate risks and make changes to the content of our priority efforts, and continuously strengthen our responses. For corporate risks that have been addressed to a certain level of success, they are shifted to a day-to-day management system by the department in charge.
“Risk surveys”
We conduct risk surveys of divisions and subsidiaries in Japan, as well as subsidiaries in Asia, Europe and the US, regarding risks that may impede the achievement of the Mid-Term Plan (K27), and identifies important risks and issues to address them from the perspective of the on-site operations. The number of risks that come up in risk surveys is in the hundreds. We analyze and assess these risks, addressing those that can be managed at the operational level through on-site responses. For risks that require a company-wide approach, such as cross-organizational risks, we strengthen our responses in collaboration with the relevant departments.
“Analysis of the external environment”
We continuously analyze risks that are rapidly changing, complex, and diverse, such as the international situation, the business environment, and social issues, in collaboration with internal and external experts. We also conduct analysis with reference to reports on risks from think tanks around the world.
“Interviews with executives“
Based on “risk surveys” and “analysis of the external environment”, we conduct interviews with members of the Management Board and others to deepen discussions on important risks for the Kao Group from a management perspective and risks that we should strengthen our response to. By discussing risks and issues identified in the field with management priorities and strategic perspectives, we reconcile the risk perceptions of the on-site operations and management.
In this way, “On-site operations” and “management” work together to promote ERM.
Theme | Details of risks | Response |
Large-scale earthquakes and other natural disasters and BCP response |
|
|
Geopolitics |
|
|
Risk of cyberattacks |
|
|
Responsiveness to social Issues |
*
2 Greenwashing: Exaggerating or overstating the environmental and sustainability aspects of a company’s products or services, or making unsupported claims about the environmental or sustainability actions it takes.
*
3 Greenhushing: Refraining from disclosing or disseminating information about a company’s environmental initiatives and climate change measures for fear of greenwashing.
|
|
Product quality issues |
|
|
Reputation management |
|
|
Pandemic response |
|
|
We defines “emerging risks” as risks that are new risks, risks with insufficient data, and a lack of verifiable information and knowledge needed for decision-making. Emerging risks have a significant impact on management over a long period of time. As part of our annual review of main risks, we also identify emerging risks.
It is essential to strengthen risk intelligence*4 in order to identify and respond to emerging risks at an early stage. In order to strengthen risk intelligence, we are collaborating with a various external experts to enhance risk insight (the ability to read signs of change without relying solely on experience). Additionally, we are enhancing scenario planning, which involves considering responses to potential uncertain future situations.
In addition, in response to corporate risks such as Large-scale earthquakes/natural disasters, and geopolitical risks, we implement Business Continuity Management (BCM) based on actual emergency responses. We also strengthen scenario planning through simulations and drills that assume long-term supply chain outages aiming to strengthen more concrete preparations and swift responses.
We use a significant amount of naturally derived resources, such as palm oil and paper/pulp, as raw materials in its products. These materials are not only susceptible to external factors such as price fluctuations and climate change, but in recent years, increasing attention has been placed on ensuring environmental and human rights considerations throughout the procurement process. The palm oil and paper/pulp that we use are sourced through multi-layered supply chains (from plantations and farms to processors and suppliers), and it remains a challenge to fully grasp the conditions of smallholder farms and primary producers, particularly in the palm oil supply chain, as well as to ensure full traceability.
If environmental or human rights issues arise at raw material suppliers within the supply chain, or if our efforts to address such issues are deemed inadequate, we may face procurement disruptions, product supply delays, or even suspension of business operations. These outcomes could lead to the loss of brand image or credibility, a decline in business performance, and severe threats to business continuity.
In light of these risks, we recognize risks related to responsible law material procurement in consideration of environment and human rights as an emerging risk that could have a significant impact on future operations. And we are promoting it through the following key initiatives:
Geopolitical risks have remained high in Europe and East Asia, where we conduct businesses. In addition, such risks may increase in countries and regions where we procure raw materials.
If destabilization of political and social conditions, diplomatic tensions, or other reasons cause a deterioration in the environment surrounding our business, human casualties, a temporary suspension of operations due to supply chain disruptions, or changes in consumer purchasing behavior, our targets for net sales and profit may be unattainable.
From these situations, we recognize geopolitics as an emerging risk that could have a significant impact on future operations. And we prepare risk scenarios for countries and regions with heightened geopolitical risks, provide systems for response where needed, and monitor the political and social situations. In addition, we have established guidelines for ensuring employee safety and are working to strengthen its supply chain networks. We address geopolitics as a corporate risk.
In recent years, cyberattacks leveraging AI and other technologies have become increasingly advanced and targeted, with a growing trend of attacks not only on individual companies but across interconnected supply chains. As global business networks expand, supply chains are becoming more complex, making it structurally difficult for a single company to fully defend itself. In manufacturing environments, efforts to improve efficiency have led to the digitization and networking of control equipment and robots, creating new potential entry points as previously closed control networks become connected to external systems.
Cyberattacks can cause factory shutdowns and system failures at partner companies, which may lead to delays in product supply and interruptions in business operations. Such disruptions can severely affect performance and business continuity.
From these situations, we recognize cyberattacks targeting production facilities and business partners as an emerging risk. To strengthen cybersecurity in factory control systems, we are working to detect risks early and minimize potential damage by implementing centralized management of security logs, promoting real-time monitoring, and introducing systems to detect network anomalies. In particular, we consider the potential impact to be significant in areas where control systems are connected to the internet—such as remote sensing, remote maintenance, and the use of external cloud services—and are taking both technical and operational countermeasures tailored to each connection type. As part of our broader supply chain cybersecurity initiatives, we assess the security measures of key business partners and conduct follow-up activities as needed. We address response to cyberattack risk as a corporate risk.
Through these initiatives, we aim to identify and address risks at an early stage from a global perspective.