Sustainability TOP
Governance
Risk Management

Risk Management

Basic Approach
Management Structure
Risk Management Process
Business and Other Risks
Information Security

Basic Approach

In a rapidly changing business and operating environment marked by increasing uncertainty, Isuzu has established a risk management framework by appointing a chief risk management officer (CRMO) to oversee the risk management structure within the Group. The CRMO regularly identifies and assesses risks in the Group’s management and business operations and strives to manage them in an appropriate manner, making particular efforts to reduce them.

Management Structure

The Isuzu Group CRMO holds quarterly risk management review meetings to assess the progress of risk countermeasures in business execution departments and group companies, as well as to address emerging risks. Additionally, these meetings provide instructions for enhancing risk countermeasures and continuously reviewing the awareness of key risks that impact management.

Furthermore, if a risk emerges and triggers a major crisis, the Group CRMO is responsible for forming a response team, in which personnel chosen by the Group CRMO determine and execute various responses to minimize the impact of the risk in question. The results of these activities are constantly reported to management to ensure thorough crisis management at all times.

Risk Management Process

Isuzu comprehensively identifies risks related to its business activities, conducts risk assessments, selects priority risks that require special attention as a company, and formulates and implements response plans and other measures. Additionally, through monitoring, periodic reviews, management reporting, and external dissemination of information on the status of management, we strive to appropriately manage and reduce risks by reviewing priority risks and their countermeasures.

Risks Associated with Business and Others

As risk factors pertaining to Isuzu Group's business operations, the following are the risk factors in the development of Isuzu Group’s operations that relate to the business information, financial information and other information stated in the annual securities report and that may materially affect the judgment of investors. These forward-looking statements are based on the future mentioned in this document are based on Isuzu Group's assessment as of the end of March 2023.

Risk item	Action
Risks attributable to global economy, financial market or automobile market
(1) Fluctuation in economic situations and aggregate demand in major markets	Accurately identify prospects of economic situations and demand Disperse markets to sell our products
(2) Competition in the automobile market	Achieve improvements in terms of product performance, safety, fuel efficiency, environmental impacts, prices and after-sales service among others Continuously develop, manufacture and sell competitive products and provide after-sales service for such products
(3) Fluctuations in exchange and interest rates	Encourage local production Utilize derivatives including forward exchange contract transactions
Risks associated with business operations
(4) Reacting to phenomena such as technological innovations and changes in business models	Set up permanent departments to swiftly address technological and social changes and promote multiple projects all across the Isuzu Group
(5) Research and development	Develop new technologies and products through the prediction of market needs and prioritization of R&D fields Obtain new technologies and products through alliance and cooperation with parts manufacturers
(6) Joint ventures and other forms of alliance	Discuss the necessity for partnership formation based on a broad range of information, such as management conditions and governance of a joint venture partner or an alliance partner and other important non-financial information
(7) Reliance on specific channels in sales and supply	Maintain relations with major clients and find new clients to disperse risks
(8) Delays and shortages in procurement of materials and parts and soaring procurement costs	Keep regularly updated on production capacity and credit risks of suppliers and the quality and costs of products etc Confirm the status of human rights due diligence efforts, compliance with laws and regulations, and climate change issues in the supply chain
(9) Compliance reputation	Build preparedness for preventing violations of laws and for taking action in the event that a compliance-related problem is identified Set up a compliance committee consisting of learned individuals from the outside (e.g. attorneys)
(10) Product defects	Follow strict quality control standards in manufacturing products Find failure-related information early and share it through the Quality Assurance & Customer Satisfaction Improvement Committee, discuss quality improvements across the Isuzu Group and supervise the operation of Group-wide quality management practices Purchase of product liability insurance
(11) Information security risks faced by an IT society	Appoint a person responsible for handling information security risks and set up an organization specialized in information security Implement safety measures aimed to maintain and improve our information security by, for example, protecting personal and confidential data, keeping data and systems available and preventing falsification of data Conclude agreements with alliance partners on information security
(12) Risks concerning protection of intellectual property	Promote efforts to protect intellectual property
(13) Securing and retaining excellent talent, generating results, etc.	In the new personnel system, the following enhancements: Establishing job descriptions and compensation systems to secure talent suitable for the job. Creating an attractive workplace environment that supports self-directed career development. Initiatives to support the growth of subordinates through ensuring frequent dialogue opportunities between superiors and subordinates. In accordance with the Isuzu Group Human Rights Policy, educational and awareness-raising activities to heighten human rights awareness among executives and employees, as well as initiatives for Human Rights Due Diligence.
(14) Legal restrictions etc.	Gather information about legal restrictions and related issues from different countries, especially Japan, the United States, Thailand, China and Europe Make investments and develop new technologies and products in preparation for changes in legal restrictions
(15) Risks latent in international activities and overseas expansion	Keep updated on the following risks in different countries. Fluctuation of political and economic situations Unilateral changes in policies on permission, authorization and other issues and direct or indirect expropriation of the Isuzu Group’s assets Restrictions on imports, exports, and technology transfers Restrictions on the control and transfer of information and data Restrictions related to the use and procurement of facilities, software, cloud services, and contractors that pose security risks. Potentially negative effects on taxes Restrictions on money transfer and redemption Difficulty to recruit and secure human resources Underdeveloped technological and social infrastructure (e.g. electric power, water and sewage, roads, ports) Social confusion resulting from terrorism, warfare, natural disaster, economic sanction and other factors
(16) Disasters, etc.	Periodically inspect all equipment for prevention of disasters Formulate action plans in case a disaster or any other problem occurs, and provide training based on the plans Formulate preventive and action plans against new types of influenza and other unknown infectious diseases, and provide training based on the plans At an early stage, use outside consultants and other resources to obtain global information on new types of influenza and other unknown infectious diseases Properly stockpile masks and other necessary supplies
(17) Climate change	Formulation of the Isuzu Environmental Vision 2050 The Sustainability Committee manages the identification and assessment of the following risks, as well as the progress of countermeasures: Consideration and analysis of the specific impact on products, services, and business activities based on multiple long-term environmental scenarios Measures considering the degree of impact on the business with respect to risks/opportunities such as the transition to a decarbonized society, the increase in natural disasters due to climate change, and the depletion of water resources Disclosure of climate change-related information in accordance with the framework recommended by the TCFD (Task Force on Climate-related Financial Disclosures) Enhancement of business continuity posture Development, market introduction, and production system establishment of GHG-free products, and decarbonization across the entire value chain.

*For details of these risk items, also see our annual securities report.

Information Security

Isuzu established the Group Information Security Policy under the leadership of the Group Chief Information and Security Officer (CISO) from April 2020 to March 2023 and is promoting Group-wide information security management across Isuzu and its consolidated subsidiaries.

At our company, we are establishing and providing education on the information security management structure and standards within the Isuzu Group. We have developed standards for information security not only for IT systems that manage internal confidential information but also for products, plants, and IT system cybersecurity. We have implemented these standards in sequence.
We participate in J-Auto-ISAC^*, which collects and analyzes information on automobile cybersecurity and records issues detected in the industry. Moreover, we have established a system to develop and manufacture automobiles with cybersecurity in mind.
These activities are conducted with reference to the Ministry of Economy, Trade and Industry's Cyber Security Management Guidelines, the international regulation UN-R155 adopted by the World Forum for Harmonization of Automotive Standards (WP29) of the United Nations Economic Commission for Europe, and international standards such as ISO21434, ISO27001, and NIST SP800-171. Regarding automotive cybersecurity and systems that impact automotive cybersecurity, we comply the international standards on automotive cybersecurity, which came into effect in July 2022.
Furthermore, based on the aforementioned standards, we conduct an annual review of operational status and continue to advance information security management and improvements.

*J-Auto-ISAC: Japan Automotive ISAC, a Japanese automotive cybersecurity organization.