Risk Management

Risk Management

Under normal conditions, assess and analyze risks, and strive to mitigate and prevent them from materializing; and in the event of a crisis that could have a significant impact on management activities, strive to prevent damage from increasing, by bringing the situation quickly under control and normalizing conditions with a prompt and appropriate response.

Basic Approach

Toray Group identifies potential management risks affecting the Group’s management activities in order to mitigate risks and seeks to prevent a crisis.
In addition, the Group strives to prevent damage from spreading and to promptly control and normalize the situation by ensuring quick and appropriate responses using the emergency quick response system it has established.

Structure

The risks affecting Toray Group are constantly changing. The Group recognizes the critical importance of reinforcing its system for responding to risks that materialize suddenly due to changes in the surrounding environment and for responding promptly when crises do occur, which is essential for the operation of the business.
To this end, Toray Industries, Inc. established a dedicated team within the General Administration, Legal & Risk Management Division to manage overall risk under normal conditions and to ensure a quick response when crises do occur.
The general manager of the General Administration, Legal & Risk Management Division regularly reports on the status of risk management to the Board of Directors and makes certain to inform the Board when a critical issue or emergency arises.
In addition, risk management activities across Toray Group are conducted in accordance with the Risk Management Regulations, which are defined as group-wide rules. Deliberation, discussion, and information sharing are carried out through the Risk Management Committee.

Structure of the Risk Management Committee

Chaired by the general manager of the General Administration, Legal & Risk Management Division1, the Risk Management Committee is tasked with reviewing, discussing and promoting shared awareness of risk management across the entire Toray Group. This committee primarily carries out mitigation activities for Toray Group Priority Risks as part of regular risk management. In addition, the Overseas Crisis Management Committee and Local Crisis Management Committees, which manage employees’ overseas travel under normal conditions and compile information on overseas risks, have also been made subordinate to the Risk Management Committee.
Discussions and reports from the Risk Management Committee are regularly reported to the Board of Directors.
Moreover, the Risk Management Committee has been created in accordance with the Three Lines Model2, a global standard for internal control. Specifically, the committee includes representatives of internal organizations representing the first line (i.e. business operation functions such as production, R&D, and sales), the second line (i.e. corporate functions), and the third line (i.e. internal auditing), with each line taking on their respective roles in risk management. This model promotes the efficient alignment of organizational roles and processes to enhance governance and risk management.

Risk Management Committee System
Board of Directors
Risk Management Committee
Chair: General Manager of the General Administration, Legal & Risk Management Division
Secretariat: Risk Management Group, General Administration, Legal & Risk Management
Division
Risk mitigation activities
for priority risks
Divisions and
Departments responsible
for priority risk mitigation
Toray Industries, Inc.
and its Group companies
Overseas Crisis Management
Committee
Local Crisis Management Committees
in each country and region
Management and
decision making
Report
Directions on
implementation
measures
Activity
reports
Direction
Report
Direction
Report
Direction
Report
Business Execution
Functions
Risk Management Committee System
  1. 1 As of July 2025, a senior vice president serves as the Risk Management Committee Chair.
  2. 2 Three Lines Model: This is a global standard model for internal control. The role of the first line is to provide products and services to customers and manage risks. The role of the second line is to provide expertise, support, monitoring, and objections on matters related to risk. The third line’s role is internal auditing. It provides independent and objective assurance and advice on the appropriateness and effectiveness of governance and risk management. Within the Toray Group, the first line conducts self-assessments across a wide range of control areas, including legal and compliance, product safety, quality assurance, occupational health and safety, and information systems. The second line carries out monitoring and support, while the third line provides assurance and advice.

Emergency Quick Response System

Toray Group has established Risk Management Regulations, a set of clear fundamental principles that form the basis of a company-wide response in the event of a major crisis. The Group works to ensure the thorough implementation of these rules when required. Moreover, the Group reviews the rules as appropriate to prepare for new risks that emerge due to changes in the social environment. In order to ensure quick management decisions especially in the event of a crisis, Toray Group has clarified the reporting channel from a department where a crisis has occurred, covering group companies in and outside of Japan.

Emergency Quick Response System
President Propose establishment of Emergency Headquarters to the president General Manager of the General Administration, Legal & Risk Management Division; Leader of Risk Management Group Officials responsible when emergency occurs (Heads of divisions and departments) First report Report from department where crisis occurred Media coverage Accusations and misinformation from external organizations, etc. Company-wide Emergency Headquarters - Emergency press releases Chief Sub chief Staff Secretariats Overall Secretariat: Risk Management Group; Head of Secretariat: General Manager of the General Administration, Legal & Risk Management Division On-site emergency headquarters (Emergency headquarters of each office, plant, and company/country) Chief Staff Secretariats Supporting Plants Notification to relevant divisions

Risk Management Activity Process

At Toray Group, the plan-do-check-act (PDCA) cycle method is used for managing Priority and Specified Risks as part of regular risk management activities. In addition, the Auditing Department of Toray Industries conducts internal audits of these activities every six months.

Risk Management Activities
Detection and assessment→Determining the necessity of addressing the risks→Mitigation (1) Normal conditions Detection and assessment→Determining the necessity of addressing the risks ・Periodic and exhaustive risk assessment Questionnaire surveys on risks→Assessment of potential risks→Deliberation at the Risk Management Committee→Priority Risks ・Routine risk monitoring Collection of information within the organization→Assessment of identified risks→ Deliberation with top management→Specified Risks Mitigation Establishment of a response system →Risk mitigation activities→Follow-up the status of the activities←Improvement of the risk mitigation activities through periodic follow-up (2) In the event of a crisis Detection and assessment Reporting in the event of a crisis Determining the necessity of addressing the risks Assessment of the crisis level Mitigation Establishing a quick response system which corresponds to the level of crisis and responding to the crisis

Toray Group Priority Risks are determined comprehensively every three years in conjunction with preparation of each new Medium-Term Management Program. These risks are then prioritized based on a score indicating their potential risk degree, calculated as the probability of occurrence multiplied by the impact. For each Priority Risk, a department is assigned responsibility for leading relevant mitigation efforts.
With regard to Specified Risks, Toray Industries routinely monitors domestic and overseas risk trends, conducts surveys and analyses, identifies and assesses risks that may have a major impact on management, and designates risks as Specified Risks in consultation with top management.
Specified risks include risks arising in a short period of time, and have a complementary relationship with priority risks, which are three years as one term.

As part of the regular risk identification process, the following steps are carried out.

  1. An extensive survey is conducted to assess over 100 categorized risks related to Toray Group's operations and business environment, as well as natural disasters, the environment (E), society (S), and governance (G). This provides an understanding of urgent risk situations and specific concerns across the Group worldwide.
  2. After aggregating and analyzing information obtained from the survey, discussions on risk awareness, issues, and countermeasures are held with risk-related departments and top management.
  3. The information gathered from the discussions is consolidated with the survey analysis results to propose Priority Risks that require cross-organizational action. The proposed Priority Risks are then deliberated and formalized by the Risk Management Committee, and each business division also identifies the risks they need to mitigate.
Identifying Risks that Inhibit the Achievement of the Targets of the Medium-Term Management Program
Changing business environment
Conduct of
business
and
operations
Achievement
of the targets
of the
Medium-term
Management
Program
Responsibilities that must be fulfilled
Business
environment
Disasters
Operations
E (Environment)
S (Society)
G (Governance)
Country, Politics
Economy, Society
Technology, Industry
Natural disasters
Human-made disasters
Contract, Trade, Procurement, Production, transport and
delivery, Products and service, Management, Equipment and
facility related accidents, Social infrastructures
Climate changes, Water usage,
Biodiversity, Leakage
and waste, Environmental
regulation, Social needs
Occupational health and
safety, Labor and management,
Abuse of human rights,
Securing talented personnel,
Technology, know-how,
and abilities, Morale
and moral
Compliance, Information
security, Intellectual property,
Finance, IR, PR,
Communication,
Risk management
Identifying Risks that Inhibit the Achievement of the Targets of the Medium-Term Management Program

Related Information

    See the following page for information on Toray Group Priority Risks and other major risks that could have a significant impact on the Group, as well as its mitigation measures.

  • Business Risks

CSR Roadmap 2025 Targets and Results

CSR Roadmap goals

  1. Reduce risks by identifying and mitigating risks that affect the resolution of management issues across the Group
  2. Enhance internal controls across the Group and raise the level of risk mitigation efforts
  3. Instill greater risk management among employees by rolling out risk management education throughout the Toray Group

Main Initiatives and Key Performance Indicators

KPI
⑴ Under normal conditions, manage risks by identifying and addressing two main types of risks:
  1. ① Priority risks for Toray Group, which are established based on periodic assessments every three years
  2. ② Specified risks, which are established based on constant monitoring, investigation and analysis of risk trends in and outside Japan
 -
⑵ In the event of an emergency, respond appropriately in accordance with the Risk Management Regulations
 -
⑶ Follow up on progress made to address Toray Group’s priority risks
 -
⑷ Follow up on the status of internal control implementation at each group company concerned
 5-❶
⑸ Enhance cooperation with crisis management committees at Group sites outside Japan concerning crisis management under normal conditions
 -
⑹ Implement risk reduction across the Group for information security risks such as cyberattacks and information leaks
 5-❷
⑺ Provide risk management education
 -
Key Performance Indicator (KPI) Targets / Results
Fiscal 2023 Fiscal 2024 Fiscal 2025
5-❶ Group companies implementing self-assessment and results follow-up using the internal control checklist (%)3
 35% / 35% 70% / 70% 100% / -
5-❷ Group companies implementing information security evaluation and risk reduction (%)
 35% / 35% 70% / 54% 100% / -
  1. Reporting scope: Toray Group
  1. 3 Self-assessments and results follow-ups are now being carried out for all group companies every year, with the level of these assessments being gradually raised over a three-year period. For the first stage conducted in fiscal 2023, self-assessments and follow-ups were completed to determine whether rules and frameworks for risk management are in place at each group company, and a 35% achievement level was reached. In fiscal 2024, self-assessments and results follow-ups were completed regarding specific risk management activities at group companies. This marked a 70% achievement level for the second stage. Self-assessments and follow-ups regarding the level of improvement in the plan-do-check-act (PDCA) cycle are planned for the third stage in fiscal 2025.

Related Materiality for CSR

  • Strengthening Corporate Governance

Click here (536KB)PDF for the Materiality View of CSR Roadmap 2025.

Looking to the Future

In line with its CSR Roadmap 2025, Toray Group will continue to periodically and routinely identify potential risks in management activities, mitigate risks, and prevent crises from ever occurring.
In fiscal 2025, the Group will conduct a comprehensive group-wide risk review survey in preparation for the selection of the seventh set of priority risks covering the period of the next Medium-Term Management Program (fiscal 2026-2028).

Click here (771KB)PDF for the main initiatives and KPIs for CSR Guideline No. 5 "Risk Management" during the CSR Roadmap 2025 period (fiscal 2023–2025).

CSR Activity Report