Business Case Study: Enterprise Risk Management at Toyota

Instructor: James Walsh

M.B.A. Veteran Business and Economics teacher at a number of community colleges and in the for profit sector.

After two unexpected disasters did great damage to Toyota's reputation and finances, a renewed emphasis on risk management was put into place. Let's look at the risk management infrastructure at Toyota and how this company identifies and deals with risks.

Disaster Strikes

By 2009, Toyota's world class production methods and reputation for manufacturing quality cars pushed it past GM to take the lead as the world's number one vehicle seller. But its stay at the top would not last long. Jammed gas pedals that caused a sudden and unstoppable acceleration in the cars were first discovered in its Lexus brand vehicles. After fatalities occurred, Toyota was ordered to recall over four million vehicles and replace the faulty pedals. Subsequent recalls spread to other Toyota brands and pushed the total much higher. The recalls were costly but didn't come close to the damage to Toyota's reputation for quality that was central to its success.

Another unplanned ''disaster'' hit Toyota in 2011. It was the magnitude nine East Japan earthquake and tsunami. The Tohoku region is an auto making center that suffered great damage and loss of life. Toyota had to shut down four assembly plants that made vehicles for Japan. On top of that, many of the small suppliers in the region used by Toyota to source parts and components had to close their doors. That put a great strain on Toyota's supply chain, which would have to be reconfigured.

The East Japan Earthquake of 2011 did great damage and caused four Toyota assembly plants to close

It was clear by then that risk management was going to need a new emphasis at Toyota. Risk management is the forecasting and evaluation of financial risks and identification of strategies to avoid or minimize their impact.

The Organizational Response

Toyota makes vehicles in 27 different countries, including the US. It sells them in 170. A global enterprise the size of Toyota faces a large number of risks in its various markets. Toyota has a management infrastructure designed to identify and act on risks.

To give risk management visibility, Toyota appointed a C-level executive, the Global Chief Risk Officer (CRO), to lead the way. Below the Global CRO are Regional CROs responsible for risk management in their particular part of the world. At the company headquarters, each functional department has a risk manager. These risk managers coordinate and cooperate with the Global CRO.

As part of the corporate governance function, meetings are held where all of the risk managers from around the world assemble to identify new risks and review and report on current risk items. Toyota puts special emphasis on two areas of risk that it believes merit the most attention in the current environment. They are information security and business continuance.

Information Security

Toyota has plenty of information to secure:

  • Customer information - Toyota finances millions of vehicle purchases for customers worldwide. In order to do that, it obtains customer data like addresses, ages, and social security numbers. This data needs to be safeguarded from data breaches to protect customers.
  • Proprietary information - Toyota's modern production methods are automated with the aid of proprietary computerized control systems. It would be a blow to Toyota's competitive advantage if this information fell into the hands of rival auto makers, so it also needs to be secured. The vehicle of the future will also be a connected one. Making vehicles with technology that is safe and hacker proof is another concern.
  • Company financial and employee data - This information must also be secured from hackers and competitors.

Toyota has a Chief Information Security Officer and, in 2016, established an Information Security Policy that emphasizes the company's obligation to protect customer information and provide vehicles with safe technology. Current initiatives involve preventing leaks of sensitive company information and safeguarding data from cyberattacks.

Business Continuance

The earthquake of 2011 affected Toyota at many levels. Toyota City, which houses the global headquarters, is located along the Nankai Trough, underneath which lies a fault line. Keeping the different areas of the business going in the event of a future earthquake is a major concern. Toyota formulated a three-step plan to be followed in the event of disaster:

  1. Provide humanitarian aid. Saving lives and providing relief is the top priority.
  2. Assist in the initial recovery of communities affected by disaster. Toyota has entered into agreements with local governments to provide affected residents with disaster support in the form of food and water, evacuation shelters, and provision of land for local infrastructure.
  3. Restore production operations. This is the final step. You can't say enough for Toyota putting people ahead of production.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account