Our Company has established the TOKYO KEIKI Group Code of Ethical Conduct as a
code for acting in compliance with laws, regulations, our Articles of
Incorporation, and social norms. We recognize that the awareness of every
employee is of utmost importance in the establishment of corporate ethics, and
strive to uphold corporate ethics in our everyday activities. We also refuse
any relationships with antisocial forces that threaten order and security in
civil society.
To manage corporate ethics activities across the organization, we have
established a permanent Corporate Ethics Committee chaired by the Chief
Legal Governance Officer.
Corporate ethics-related organizational chart
The TOKYO KEIKI Group Code of Ethical Conduct* forms a basis for
encouraging sound behavior by every employee. Working from basic stances
that include the avoidance of words and acts in violation of laws and
regulations, and appropriate response to acts that violate corporate
ethics, the Code of Ethical Conduct sets out our responsibilities to all
stakeholders, including the provision of products and services of benefit
to society, contribution to society through our corporate activities, and
the creation of safe and comfortable working environments. By complying
with this code of conduct, we will fulfill our responsibilities to
society.
Note that we also translate the Code of Ethical Conduct into local
languages and ensure that our overseas subsidiaries are thoroughly versed
in the code.
*https://www.tokyokeiki.jp/company/rinri.html
Under the recognition that the awareness of all employees is of utmost
importance in establishing corporate ethics, every year in April we carry out
education on our code of conduct (the Code of Ethical Conduct) for all
employees.
Our Code of Ethical Conduct education has been provided to all employees through a combination of
classroom learning and e-learning. Following completion of the course, all employees submit an Affidavit
Concerning the Code of Ethical Conduct.
Our internal audits consist of “regular audits,” which are conducted
periodically based on a predetermined annual audit plan, and
“extraordinary audits,” which are conducted at the direction of the
President and CEO and the Audit and Supervisory Committee, or whenever
needed. Both types of audit are conducted by the Internal Auditors Office.
The Internal Auditors Office investigates the appropriateness and
effectiveness of Group internal control systems from a standpoint that is
independent of the division, department, or consolidated subsidiary being
audited, and by implementing improvements based on the results, helps to
increase Group management soundness and efficiency.
Our directors ensure that employees are fully aware of the significance of
internal audits, as well as the duties, authority, and responsibilities of
the Internal Auditors Office, and make every effort to ensure that
internal audits are conducted smoothly and efficiently. Audits by the
Internal Auditors Office cover all aspects of the Group’s corporate ethics
and activities. The Company’s directors ensure that the Manager of the
Internal Auditors Office and audit staff are able to conduct internal
audits without undue interference from employees. Audit personnel
appointed by the Manager of the Internal Auditors Office are prohibited
from engaging in the operations of their departments, divisions, or
consolidated subsidiaries during the internal audit period, whether or not
they are serving concurrently in the Internal Auditors Office. In
addition, employees who receive instructions from the Audit and
Supervisory Committee as necessary for their audit duties are not to
receive instructions or direction from any other party with respect to
such instructions. Furthermore, any personnel transfers, evaluations, or
disciplinary actions involving employees belonging to the Internal
Auditors Office must be approved by the Audit and Supervisory Committee.
The Manager of the Internal Auditors Office and audit staff may request
that a department being audited submit forms and other materials necessary
for conducting the internal audit, explain facts, and otherwise cooperate
in the audit as required. If necessary, they may also inquire about
details and request explanations of facts from related departments,
divisions, consolidated subsidiaries, and external parties other than the
department being audited. Furthermore, only when deemed necessary for the
execution of internal audits, access to the minutes of various meetings
may be requested.
The audit staff objectively evaluate the content of the audit and prepare
an audit report within one month after its completion. The Manager of the
Internal Auditors Office reports the results of the audit to the President
and CEO, and delivers copies of the audit report to all directors as well
as to the Chief of Legal Governance, the Audit and Supervisory Committee,
and the audited department. If the President and CEO deems it necessary to
report to the Management Conference, the Manager of the Internal Auditors
Office reports the results of such audit to the Management Conference. In
addition, if the Audit and Supervisory Committee determines that a report
to the Board of Directors is necessary, the Manager of the Internal
Auditors Office reports the results of such audit to the Board of
Directors. In the event that a matter requires urgent attention or is
deemed to have a significant impact on the management of the company, the
Manager of the Internal Auditors Office promptly reports to the President
and CEO and all directors without waiting for the internal audit to be
completed or for the audit report to be produced.
Areas identified for improvement or correction in the audit report are
addressed by the audited department, which develops remedial or corrective
measures under the guidance of the Legal Governance Affairs Office. The
audited department promptly implements internally any improvements or
corrective measures decided upon. The Manager of the Internal Auditors
Office confirms the status of the implementation of improvements or
corrective measures in a timely manner, reports to the President and CEO,
and delivers copies to all directors, the Chief of Legal Governance, and
the audited department. If the President and CEO deems it necessary to
report at the Management Conference, the Manager of the Internal Auditors
Office reports the confirmed status of the implementation to the
Management Conference. In addition, if the Audit and Supervisory Committee
determines that a report at the Board of Directors is necessary, the
Manager of the Internal Auditors Office reports the confirmed status of
the implementation to the Board of Directors.
Our Group has set up contact points inside and outside the company for
directly accepting information on legally suspect acts or similar
information, with the guarantee that no disadvantage will befall
whistleblowers.
Two contact points inside the company are the Internal Auditors Office and
the Audit and Supervisory Committee. The latter handles violations of laws
and regulations by directors and executive officers, playing a role in
preventing the concealment of violations by officers.
In fiscal 2023, there was one case of whistleblowing,
which involved a minor issue, handled by the company’s internal points of contact. We will continue working to
entrench this system and enforce compliance with laws and regulations.
In order to properly implement security export control for the purpose of
maintaining international peace and security, the TOKYO KEIKI Group has
established a set of Security Export Control Regulations and is implementing
them appropriately. The Representative Director acts as chief responsible
officer, and the Legal Governance Affairs Office, as the department in charge
of export control under the Chief responsible officer’s direct supervision,
controls export control for the entire Group. In addition, an export control
supervisor and an export control manager have been appointed in each
department to ensure compliance with the relevant rules and regulations and to
properly implement export control operations.
Periodic audits are conducted after the end of each fiscal year to ensure that
security export controls have been properly implemented. The results of the
audit are reported to the department in charge of export control, and if the
results indicate that there are areas in need of improvement, the department
in charge of export control instructs the export control supervisor of the
relevant department to take the necessary corrective measures. The department
in charge of export control reports the results of the audit, including such
corrective measures, to the chief responsible officer after confirming the
results of the corrective measures taken by the department concerned.
Our Group’s Code of Ethical Conduct stipulates that we will not pursue profits
through improper means, and that we will conduct dealings in accordance with
domestic and foreign laws and rules.
To address overseas dealings, we have established Regulations for the
Prevention of Bribery of Foreign Public Officials, and offer education every
year to deepen understanding of laws and regulations related to the prevention
of bribery in key countries. The regulations stipulate the appropriate method
of approval for gifts and entertainment to foreign public officials, etc.,
depending on the nature of the gift or entertainment. When signing a contract
with a new overseas distributor, etc., the Legal Affairs Governance Office
conducts a review in advance to ensure that payment of compensation to the
distributor does not constitute bribery and that there are reasonable grounds
not to suspect bribery, in addition to the normal contract review process.
Furthermore, we thoroughly ensure that Group employees do not provide
instructions, encouragement, or assistance to overseas distributors or any
other party in bribing foreign public officials, etc. Education is conducted
mainly as hierarchy-specific education for managerial-class employees in
e-learning and classroom formats regarding overviews of laws on the prevention
of bribery of foreign civil servants, the US Foreign Corrupt Practices Act,
and cases of exposure of bribery of foreign public servants in Japan.
In Japan, since many of the Group’s projects are for public agencies, the
Group strictly prohibits so-called bid rigging, which is prohibited by the Act
for Promoting Proper Tendering and Contracting for Public Works.
In our business activities, we face risks that must be identified,
evaluated, and analyzed at the management level, and for which the priority
of responses must be made clear. Our Group’s risk management system is
organized into a Legal Governance Affairs Office, Internal Auditors Office,
Audit and Supervisory Committee, and other bodies, centered on the
Management Conference and with the President & CEO as the chief officer
responsible for company-wide risk management.
We have established Risk Management Rules that are shared Group-wide and
that apply to the entire Group.
We implement risk management separately for “serious management risks” and
for all other risks.
What is deemed serious management risks is reviewed and re-drafted annually
by the Legal Governance Affairs Office in accordance with the Risk
Management Rules as a report titled “Serious Management Risks and Key
Measures.” The Chief Legal Governance Officer submits this report for
approval to the Management Conference and the Board of Directors. Various
divisions, departments, and subsidiaries are identified as being in charge
in “Serious Management Risks and Key Measures.” Based on the ideal
situations and key measures described in the report, these divisions,
departments, and subsidiaries create “Serious Risk Measure Programs” for
each specific measure that are submitted to the Legal Governance Affairs
Office by the end of each year. The Legal Governance Affairs Office verifies
the content of the “Serious Risk Measure Programs” submitted by the various
departments in charge and, in the event of any deficiencies, indicates
improvements to the relevant department. Each department integrates the
determined risk measures into their medium-term business plans, and those
measures that can be put into effect immediately are implemented as
required.
Risks other than serious management risks are handled in accordance with the
Risk Management Rules. Each department, etc. follows a risk questionnaire to
discover and identify risks that pose the possibility of causing a loss to
the department. Departments conduct this process by investigating each risk
category identified in the rules for that department’s own business goals.
Even when risks may not be applicable at the current time, full
consideration is given to enumerating risks that can be expected to arise in
the future due to environmental changes.
Each department then engages in evaluation and calculation of all identified
risks. This evaluation and calculation includes an evaluation of the
frequency of occurrence and the impact of each risk. These values are in
turn multiplied to produce an overall evaluation. Risks whose overall
evaluation score is 10 or more points are identified as serious risks.
Measures for these serious risks are recorded according to a set format and
submitted to the Legal Governance Affairs Office. They are also integrated
into the department’s own medium-term business plan. In addition, those
measures that can be put into effect immediately are implemented as
required. Those risks whose overall evaluation score is less than 10 points
are, based on the respective department’s controls (measures, practices, and
self-evaluation), tackled as part of work efficiency improvement activities,
etc.
At the end of each term, the departments evaluate the status of the
implementation of the risk measures they formulated in the preceding fiscal
year and report the results to the Legal Governance Affairs Office.
The Internal Auditors Office evaluates the “Serious Risk Measure Programs”
from an independent perspective and, as necessary, conducts internal audits
(inspections) and indicates corrections and improvements.
| 1. Domestic and foreign economic changes |
7. Transactions with public agencies |
| 2. Natural disasters and epidemics |
8. Increasing competition |
| 3. Development of new products |
9. Material and component procurement |
| 4. Product quality |
10. Information security |
| 5.Securing human resources |
11. Intellectual property rights |
| 6.Interest rate fluctuations |
12. Retirement benefit liabilities |
*Details regarding the above risks are provided in our Annual Securities
Report.
In the event of emergencies, we place utmost priority on ensuring the safety
of human life and promptly resolving the situation. The foundation of our
response is minimization of losses and quick recovery from damage to ensure
business continuity.
Toward this end, we maintain and improve regulations and work manuals common
across our Group, namely, the Crisis Management Regulations that set forth
basic matters concerning crisis management, and the Crisis Management Manual
that describes procedures for responding to specific incidents.
The chief officer responsible for crisis management is the President & CEO,
or a director or executive officer who is appointed to the position by the
President & CEO. The organization that actually responds to an emergency is
generally the department in charge involved in the crisis situation, with
the Legal Governance Affairs Office providing support. When deemed necessary
by the chief responsible officer, an emergency response task force is set up
with the chief responsible officer as the task force head and the department
in charge as the secretariat.
In 2020, we established a COVID-19 Emergency Response Task Force with the President & CEO as the chief responsible
officer, but this task force was dissolved at the end of fiscal 2023.
The rapid increase in extreme weather events and natural disasters in recent
years has contributed to the heightened need to review BCPs. There have been
frequent occurrences of natural disasters caused by abnormal or extreme
weather phenomena, such as flooding and river overflows caused by localized
downpours and linear rainbands, heavy snowstorms caused by bomb cyclones, and
widespread wind and flood damage caused by super typhoons. Such disasters pose
increased risks to business continuity for companies and organizations by
impacting production activities, logistics, and supply chains. In densely
populated areas, the impact of disasters is more pronounced. In particular,
metropolitan areas such as the Tokyo metropolitan area, where the TOKYO KEIKI
Group’s head office functions are located, are densely populated and have high
concentrations of infrastructure, making the effects of disasters particularly
severe. Natural disasters such as earthquakes and floods can be expected to
cause complex and wide-ranging problems, such as interruptions in business
activities, transportation, and power supply, factors that make it important
to review the BCPs that have been put in place so far.
In today’s business environment, many companies, including our Group, have
global supply chains and close relationships with suppliers, manufacturers,
and logistics networks in Japan and abroad. A major natural disaster or
extreme weather event somewhere in the world could have a serious impact on
the supply chain, which could cause a chain reaction of production stoppages
and parts shortages for the Group, increasing risks related to business
continuity.
Furthermore, in recent years, digital technology and information systems have
become important risk factors for the Group. Many business processes today
rely on IT infrastructure, including network computing, online trading with
business partners, and integrated data management. As such, power outages and
communication disruptions caused by natural disasters and extreme weather
conditions can have a direct impact on the Group’s business activities.
Recognizing that these factors require the development of more effective BCPs and periodic reviews, the Group
has begun reviewing its continuous business operations, including improving disaster response capabilities,
conducting risk assessments, and establishing appropriate preventive measures and recovery
processes. In order to provide continuous support, as a manufacturer, for measurement, cognition, and control in
each of the industries we deal with, even in the event of a disaster, we have begun reviewing our disaster response
manual, starting with our main production sites, under the direction of the Legal Governance Affairs Office, the
department responsible for risk management within the TOKYO KEIKI Group. In fiscal 2023, we began this task
for the Yaita Plant, the main production plant for various navigational instruments for large commercial vessels
and other ships, electronic equipment for construction machinery, and printing quality inspection devices. The Yaita Plant incorporates multiple operative functions
for various businesses, including a product design department, a production department including material
procurement and production control, a quality assurance department, an information system management
department to support production, and a general affairs department to manage the plant as a whole. In conducting the review, we first convened line managers
from each department and conducted desktop training.
Through this training, managers familiar with practical operations discussed in a workshop style what each
workplace must prioritize in the event of an emergency, what is currently being done and what is not being done,
and identified problems at the plant and the necessary countermeasures. Going forward, we will use the results
of this review to prioritize the manuals that need to be developed or revised. We plan to implement similar
initiatives at our major sites, including the Nasu Plant, Sano Plant, and the headquarters.
Our Information Security Basic Policy is aimed at ensuring the
confidentiality, integrity, and availability of the information that
constitutes a vital asset of ours, as well as protecting that information
from threats including disasters and accidents. The appropriate
discretionary measures that we undertake in this area are grounded in the
aims of this Basic Policy.
The Information Security Basic Policy consists of the following four
categories.
- Information security initiatives
- Compliance with laws and regulations, etc.
- Protection of information assets
- Incident response
We have established an Information Security Management Conference (ISMC),
chaired by the Chief Information Officer and composed of members selected
from departments. Our Strategic Information Planning Department under the
Corporate Planning & Administration Office oversees formulation of measures
related to information security. When formulating key measures, the
department submits these to the ISMC and, depending on the content, consults
with the Management Conference. In addition, TOKYO KEIKI INFORMATION SYSTEMS
INC. (TIS), a subsidiary of ours, is in charge of our Group’s information
system development and operation. TIS has acquired ISO/ IEC 27001
certification, an international standard for an information security
management system (ISMS).
We have created flowcharts and made these available on our intranet
explaining in an easy-to-understand way what actions a user should
immediately take in order to respond quickly when the risk of an information
leak occurs due to the loss of a PC or smartphone, or when there is a
serious information asset threat due to a computer virus infection, etc.
Depending on the scope of the incident as reported by the chairperson of the
ISMC, in accordance with the Crisis Management Regulations and per the
judgment of the President & CEO, an emergency response task force for the
information security incident may be established with the aim of swiftly
bringing the incident under control and resolving it.
User education is extremely important in order to increase the effectiveness
of information security management. The Strategic Information Planning
Department under the Corporate Planning & Administration Office holds
briefings for users when new systems and services are implemented. The
department also conducts e-learning classes on basic information security.
Since fiscal 2022, we have conducted security training for all employees
regarding email, one major source of infection by computer viruses wreaking
havoc. Specifically, we issued an alert to employees on how to deal with
suspicious emails so that they can recognize suspicious content and avoid
risky behavior such as opening attachments or clicking on URLs in the email
body.
In addition, in order to achieve a “new normal” way of working after the
COVID-19 pandemic, we are continuing to improve the remote access
environment and expanding the range of eligible employees. In parallel,
security assessments by specialized outside contractors are being conducted
on IT infrastructure, and feedback on the results of these assessments is
being used to strengthen cybersecurity measures.