Risk Management

NSK’s Approach

At the NSK Group, the executive management team oversees the implementation of a risk management system guided by the Group’s basic internal control policy. Risks faced by the NSK Group are identified, categorized and prioritized by the risk management department, before being assigned to responsible departments. This system is designed to avoid and minimize risks for the entire Group and to coordinate response measures when risks actually materialize.

System

Risk Management Systems

NSK conducts risk management based on clearly stipulated fundamental principles aimed at effectively enabling the Group global management and internal control functions; however, to further increase the effectiveness of risk management, starting from FY2024, NSK introduced a new Enterprise Risk Management (ERM) framework setting out more clearly the “Three Lines of Defense” approach.

Key pillars for operation of the new framework are the introduction of risk stratification and enhancement of potential risk management. In terms of stratification, based on management’s risk recognition and instructions, risks identified through group-wide risk assessments were divided into three categories: group-wide level risk, headquarters-level risk, and on-site level risk, and responsibility for addressing each risk was clarified. The Operating Committee determines group-wide material risks based on consideration of their severity in addition to an evaluation of likelihood of occurrence and impact and reports them to the Board of Directors. In addition, for each risk identified in accordance with the new risk classification, we are required to determine countermeasures from the viewpoints of avoiding, mitigating, diverting, or accepting risk and to seek more effective prevention through more thoroughgoing implementation of the cycle of taking and reporting such actions, and monitoring and giving instructions. At the same time, we adopt a system where, in the event of an incident, the Dedicated Risk Management Division (Business Division Headquarters or Functional Division Headquarters) in charge of managing the relevant risk seeks to mitigate the impact by working with the affected business site to take prompt and appropriate steps and assumes responsibility until the incident is over.

In addition, the internal audit division (Internal Audit Department) checks the ERM system framework and reports its findings to the Audit Committee.

Determination of Group-Wide Level Risks
Determination of Group-Wide Level Risks
Enterprise Risk Management (ERM) System
Enterprise Risk Management (ERM) System

Representative Risks and Countermeasures

Risk ItemDetails of Representative RisksCountermeasures
(1) Risks associated with technological innovation
  • Risk of delayed development response to market changes and customer technology demands brought on by technological innovation
  • Ensure development plan management and operation based on mid- to long-term policies
  • Leverage open innovation and alliances
(2) Risks associated with safety, prevention of fire, and natural disasters
  • Risk of operations being impacted by an inadequate BCP response to events such as a natural disaster or pandemic
  • Risk of a major industrial accident occurring
  • Risk of a halt in operations due to a fire
  • Prioritize through impact analysis and specify and implement concrete countermeasures
  • Strengthen management systems and step up preventive activities at priority business sites
  • Enhance group-wide in-house training activities
(3) Risks associated with quality
  • Risk of occurrence of serious quality problems
  • Risk of decline in capability to deal with problems due to shortcoming in quality assurance system
  • Risk of quality data fraud and falsification
  • Strengthen countermeasures based on analysis of past incidents
  • Mitigate impact in the event of a problem through the introduction of a group-wide traceability system
  • Enhance information sharing and quality audit activities, and strengthen training
(4) Risks associated with the environment
  • Risk that delayed measures to reduce energy use in the long term will lead to lost business opportunities and damage to corporate value
  • Risk of a leak of environmentally harmful substances or overrun of emission standards
  • Implement investment plan based on cycle for achieving energy reduction targets
  • Strengthen management systems and step up preventive activities at priority business sites
(5) Risks associated with compliance
  • Risk of delayed response to changes in various laws and regulations
  • Risk of our products being used by users of concern under security export controls
  • Risk of shortcomings in our responsiveness to global taxation issues
  • Information sharing, and education and training through the Group compliance system
  • Step up initiatives based on the Three Lines of Defense, thoroughly implement customer management and conduct regular audits
  • Strengthen tax management system including increasing resources to deal with international taxation and sharing data and risks between parent company and subsidiaries
(6) Risks associated with human resources and labor
  • Risk of being unable to secure the globally competent human resources needed to expand business and implement strategies
  • Risk of being too slow to embrace diverse work styles and review personnel systems and measures accordingly
  • Risk of disruption to business operations as a result of failure to comply with each country’s labor laws and regulations
  • Strengthen recruitment process and enhance succession planning according to the status of businesses and capabilities under the condition of each country and region
  • Formulate and implement measures and action plans within the Group based on engagement surveys and step up awareness-raising activities
  • Engage in information exchange and monitoring with the Human Resource division of each region around the world on a regular basis and collaborate with external experts
(7) Risks associated with procurement
  • Risk of disruption to procurement due to overreliance on specific suppliers
  • Consider alternatives, have more than one supplier, and encourage local procurement
(8) Risks associated with DX and information security
  • Risk of delivery delays and rising costs in connection with the introduction of core systems
  • Information security risks such as cyber attacks and the leakage of confidential information
  • Tighten project management and establish a rigorous review process for additional development
  • Well scheduled system updates, and conduct vulnerability assessments on a regular basis
  • Improve ability of early detection and coping skills, and strengthen prompt recovery capability
(9) Risks associated with mid- to long-term improvement in corporate value
  • Risk that unexpected changes in the business environment prevent achievement of the mid-term management plan
  • Risk that inadequate dialogue with stakeholders, including shareholders, investors, employees, and others, impacts improvement in corporate value or external evaluations
  • Monitor achievement of the plan and formulate and implement new countermeasures in the event any negative changes occurred
  • Increase engagement activities with all stakeholders and improve disclosures and communication