Risk Management
Group-Wide Risk Management System
Based on effective and efficient risk management systems, the Kajima Group strives to identify risks in its businesses and operations and to prevent them from materializing. The Group also works to keep improving corporate value by winning the trust of stockholders, customers, and others with timely information disclosure.
The Compliance and Risk Management Committee(chaired by the President) oversees the overall risk management framework. For business risks, such as those associated with new businesses and development investments, the committee draws on deliberations by the Management Committee and special-purpose committees to identify risks and formulate countermeasures. For operational risks, including potential legal or regulatory violations, the committee designates a responsible department for each risk, monitors and evaluates the operational status of the risk management system, and deliberates on risk management policies and responses to significant risk events.
In addition, the Internal ControlCommittee (chaired by the President) reviews the operational status and effectiveness of the risk management system and reports its findings to the Board of Directors. The Risk Management Liaison Committee, composed of individuals in charge at the Head Office department responsible for risk management, meets regularly (24 times in FY2024) to report and share risks that have materialized in the Group, revisions to laws and regulations, social trends, case studies at other companies, and risk communication methodologies. It also reports important information to the Compliance and Risk Management Committee as appropriate.
Risk Management Framework
Risk Management Activity Cycle
Risk management activities
To enhance the effectiveness of risk management activities, Kajima analyzes various risks anticipated in corporate operations at the beginning of each fiscal year from two perspectives: frequency of occurrence and level of impact. Based on this analysis, operational risks requiring prioritized management are identified and designated as “priority risk management issues.” Preventive risk management activities are then promoted accordingly. For risks that have materialized, prompt reporting is mandatory. Such cases are reported and shared at the Risk Management Liaison Committee, which implements organizational measures to prevent escalation and recurrence. During and at the end of each fiscal year, these activities are reviewed and evaluated, and the findings are incorporated into the following year’s initiatives, ensuring that risk management remains effective and aligned with the PDCA cycle. The General Administration Department, serving as the secretariat of the Compliance and Risk Management Committee, continuously monitors the status and progress of responses to materialized risks and submits regular reports to the Committee. The main domestic and overseas Group companies adopt standardized systems in line with those of Kajima, and they independently introduce risk management initiatives.
Information Security
The Kajima Group has established an Information Security Policy to protect buildings, customers, and various types of management, technical, and intellectual property information from external attacks and leaks caused by human error, and strictly enforces risk management.
As the team responsible for promoting Company-wide information security activities under the leadership of the Chief Information Security Officer, who oversees all management of information security, K-SIRT*1 takes the lead on working with each of the branches, departments, and domestic and overseas Group companies to reduce risks.
As a prevention measure, employees throughout the Group take an annual online course on information security. This makes everyone aware of incidents and the risks when using generative AI and other IT technologies. The Group also provides repeated education and training on risks such as targeted email attacks. At its offices, Kajima conducts regular inspections and audits to evaluate and improve physical, personal and technical measures. For partner companies, Kajima also distributes standard check sheets, awareness posters, and educational materials such as a video provided by the Japan Federation of Construction Contractors (JFCC), to improve the level of information security, including throughout the supply chain.
Handbook for Strengthening Information Security
*1 KAJIMA Security Incident Response Team
Information Security Management Framework
Cybersecurity
Kajima is addressing today’s increasingly diverse and sophisticated cybersecurity threats in accordance with the Cybersecurity Management Guidelines from Japan’s Ministry of Economy, Trade and Industry.
K-SIRT is a member of the Nippon CSIRT Association and stays on top of the latest trends in security and cyber-attacks, cooperating on a regular basis with external organizations and CSIRT teams at other companies. Kajima is also strengthening its protection and detection measures as well as its systems for monitoring unauthorized access, computer viruses, and other events around the clock, 365 days a year, and it quickly addresses all potential threats to minimize potential damage.
Response guidelines have been formulated on rapidly launching a response to an incident and minimizing the damage and impact as much as possible. Every year, Kajima conducts a training drill based on a scenario of damage from a cybersecurity attack in an effort to improve systematic response capabilities and our ability to maintain business continuity.
Multi-Hazard Business Continuity Plan (BCP)
In the event of a natural disaster, Kajima has formulated a business continuity plan (BCP) to ensure “the safety of officers, employees, and their families” and “the continuation and early restoration of business activities.” We regularly conduct training and pursue continuous improvements. Our strong business continuity capability has been recognized through certifications such as the Business Continuity and Disaster Recovery Certification for Construction Companies*2 and the Resilience Certification*3. We also strive to enhance the business continuity capabilities of the entire supply chain by preparing and distributing BCP manuals for partner companies.
*2 A program offered by the Kanto Regional Development Bureau under theMinistry of Land, Infrastructure, Transport and Tourism to evaluate and certifythe basic business continuity.*3 With the aim of enhancing disaster preparedness in Japan, this programprovides certification to entities that are actively engaged in business continuityefforts. They are certified as organizations that contribute to national resiliencethrough their preparations for large-scale natural disasters.
Certificate
Resilience certification
FY2024 training class
Kajima is enhancing its cooperation with local governments and public infrastructure operators via disaster preparedness agreements to support recovery after a disaster, as well as preparing Group-wide frameworks capable of rapidly responding to foreseeable disasters, such as wind and flood damage. Furthermore, Kajima continues to enhance its supply chain and business continuity capabilities by formulating and providing BCP manuals to partner companies.
Building a disaster recovery support system based on disaster preparedness agreements*4
In the construction industry, companies play an essential role in the early restoration of social infrastructure following natural disasters, such as road clearance operations. Kajima has entered into disaster preparedness agreements with the JFCC, which receives requests from the national government, as well as with local governments and public infrastructure operators. Based on these agreements, we have established recovery support systems
*4 Agreements concluded concerning disaster recovery operations and theprocurement of construction materials in the event of a disaster.Action for Overseas Risks
Kajima has established an International Emergency Response Committee (Chairperson: President) to ensure the safety of employees and their families when emergencies arise outside of Japan. In the event of a terrorist attack, large-scale natural disaster, conflict or other emergency outside of Japan, Kajima focuses first on gathering information to verify the safety of employees and their families and next on providing aid to the affected area.
Kajima is raising awareness of the manual on preparedness measures and emergency response among employees on assignment outside of Japan and is providing information and alerts on security, epidemics and other concerns to employees traveling internationally.
