As the environment surrounding the company becomes more complex and diversified, the Ricoh Group positions "Risk Management" as an essential initiative to appropriately control various internal and external uncertainties that surround Group‘s business to implement management strategies and achieve business objectives.
All Officers and Employees of the Ricoh Group (including contract employees, part-timers and temporary employees) are committed to this approach.
The Ricoh Group have established the "Ricoh Group Management Basic Regulations" and the "Ricoh Group Risk Management Basic Regulation", which include risk management principles, and are working to ensure that everyone is aware of the contents.
Based on the risk management principles, the Group Management Committee, Risk Management Committee and responsible manager and promoter of each organization are in charge to control risks based on concept of Enterprise Risk Management from both opportunity and threats perspective that may affect the Ricoh Group's business.
Figure1:Basic concept of Risk Management
Ricoh Group's risk management system is broadly divided into "Focused Managerial Risks" that are selected and managed independently by management, and "Functional Organization Risks/Business Unit Risks" that are managed responsibly by each business execution organization. (Figure2)
These two levels exist for the purpose of clarifying bodies responsible for risk management in order to facilitate agile decision-making and swift action in response to each level of risk, and together form an integrated risk management system. Futhermore, the risks handled by each layer are reviews at least twice a year to correspond to changes in the level of impact in response to environmental changes.
Figure 2:Ricoh’s Risk Management System for Implementation
To ensure that the risk management process is appropriately operated, Ricoh also have system of regular checks by third parties.
- Internal Audit and Supervisory Members to audit risk management department (once a year)
- Independent Auditor to conduct top interview to audit head of the risk management department (once a year)
As part of strengthening the practicality of risk management within the Ricoh Group, the risk management system, as shown in Figure 2, is periodically reviewed and reconstructed as needed.
To establish a more effective and cohesive risk management system that aligns with the management and various business execution units, risk management responsible managers and promoters are appointed from each organizational unit. This enables the development of autonomous risk management structures within each organization.
The Risk Management Support Department organizes a "Risk Management Collaboration Enhancement Meeting" targeting risk management promoters. In this meeting, study sessions and information sharing related to risk management are conducted to foster a risk-resilient organization. Continuous efforts are being made to become an organization that is robust in managing risks.
The Group Management Committee and Risk Management Committee determine managerial risks based on a comprehensive recognition of risks, through activities such as stress tests, that exert a significant impact on management, in light of the Company’s management philosophy and business purpose and are actively involved in countering these risks.
Figure 3:Process of determining Focused Managerial Risks
Figure 4:Risk Assessment Process of Focused Managerial Risks
Focused Managerial risks are classified and managed as "Strategic Risks" and "Operational Risks" based on their characteristics. Strategic Risks cover a wide range of risks that affect management, from risks related to the accomplishment of short-term business plans to emerging risks in the medium- to long-term.
Figure 5:Risk Category
The Risk Management Support Division plans the "Group Risk Management Collaboration Reinforcement Conference" approximately three times a year. It is mainly aimed for risk management promoters to hold study sessions and information sharing related to risk management. We are making continuous efforts to become an organization that can be more responsive to risks.
The Ricoh Group strives to ensure that all officers and employees (including contract employees, part-time workers, and temporary employees) are fully aware of the contents of the "Ricoh Group Management Basic Regulations" and "Ricoh Group Risk Management Basic Regulation", which include the risk management principles. Regulations are regularly reviewed and revised.
Additionally, in training for newly appointed managers, we arrange time to review the content again, striving to raise awareness and ensure depth understanding.
| Date | Category | Contents | |
|---|---|---|---|
| 2020 | June | Inform |
|
| Aug | RMCR Mtg |
|
|
| Oct | RMCR Mtg |
|
|
| 2021 | June | RMCR Mtg |
|
| Inform |
|
||
| Oct | RMCR Mtg |
|
|
| Jan | RMCR Mtg |
|
|
| 2022 | Sep | RMCR Mtg |
|
| Oct | Inform |
|
|
| 2023 | Oct | RMCR Mtg |
|
| Inform |
|
||
| Feb | RMCR Mtg |
|
|
| Inform |
|
||
| 2024 | Oct | RMCR Mtg |
|
| Mar | Inform |
|
|
The Ricoh Group is taking various measures to prevent incidents from occurring. For example, it can be used by all officers and employees of the Ricoh Group in Japan (including part-timers, part-time workers, and dispatched laborers) as a contact point for reporting and consulting on regular business audits and compliance violations. Ricoh Group Hot Line System We have established and are strengthening monitoring. In addition, we have established the Ricoh Group standard "Standard for responding to incidents" for all affiliated companies in Japan and overseas.
In the event of an incident that adversely affects the corporate activities of the Ricoh Group, the president, internal control committee, and disclosure control department of Ricoh Co., Ltd. will promptly treat the incident as a "serious incident" from the outbreak area through the supervising area for each incident. , We have established a system to report to officers, corporate auditors, etc. related to the case, and take measures based on the president's policy and prevent recurrence.
The summary of significant incidents that occurred in the past six months, including their responses and measures for prevention of recurrence, as well as the trend of incident occurrence by incident category, are reported to the Board of Directors on a semi-annual basis. Please note that the reported details of significant incidents, the trend and patterns of incident occurrence, are taken into consideration as a reference during the management risk review in the following fiscal year by the GMC.
Please refer to the table below for the significant incidents reported to the Board of Directors and their corresponding status of handling for the fiscal year up to 2023.
| incident category | FY2021 | FY2022 | FY2023 | |
|---|---|---|---|---|
| Labor law violation | Substantiated | 1 | 2 | 1 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 1 | 2 | 1 | |
| Professional misconduct | Substantiated | 16 | 8 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 16 | 8 | 0 | |
| Embezzlement or theft | Substantiated | 13 | 8 | 8 |
| Under investigation | 0 | 1 | 0 | |
| TTL | 13 | 9 | 8 | |
| Corruption | Substantiated | 0 | 0 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 0 | 0 | 0 | |
| Fraudulent accounting | Substantiated | 3 | 2 | 3 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 3 | 2 | 3 | |
| Harassment | Substantiated | 0 | 2 | 0 |
| Under investigation | 0 | 0 | 1 | |
| TTL | 0 | 2 | 1 | |
| Human rights violation | Substantiated | 0 | 0 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 0 | 0 | 0 | |
| Information Security (Customer Privacy Data) |
Substantiated | 1 | 2(0) | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 1 | 2(0) | 0 | |
| Conflicts of Interest | Substantiated | 0 | 0 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 0 | 0 | 0 | |
| Money Laundering or Insider trading | Substantiated | 0 | 0 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 0 | 0 | 0 | |
| Others | Substantiated | 3 | 6 | 3 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 3 | 6 | 3 | |
| TTL | Substantiated | 37 | 30 | 15 |
| Under investigation | 0 | 1 | 1 | |
| TTL | 37 | 31 | 16 |
The following items had a high percentage of incidents in the fiscal year 2023:
Malpractice in business operations includes fraudulent activities related to documents such as receipts. Embezzlement and theft include incidents involving the theft of inventory and internal company property. Our company has been rigorously and appropriately addressing these incident cases. So far, we have taken disciplinary actions against 8 individuals in accordance with internal regulations. Additionally, we have implemented preventive measures to ensure similar incidents do not occur again. Examples of these measures include the installation of security cameras, strengthening the approval process for procurement and delivery tasks, sharing information about fraudulent activities within the organization, and providing ethics education in the workplace.
Furthermore, in the fiscal year 2023, there was no serious violations of law that required external disclosure.
Ricoh Group established 4 basic policies to ensure all Ricoh Group Company to take necessary actions promptly in event of serious crisis.
(1)Ricoh Group places the highest priority on life, safety and health of its employees, executives, their families, customers, and business partners.
(2)We will strive to provide the services and products required by society and customers, prioritizing who are in essential business.
(3)We will strive to fulfill our corporate roles and responsibilities with the local community, government, and society.
(4)Ricoh Group shall make sufficient preparations and responses in advance to the possible damage to our business to minimize the impact and responding promptly and appropriately in the event of such damage.
In the event of a crisis, task force will be set up based on level of the crisis (if multiple businesses or regions are affected, Group Task Force will be in charge; otherwise within each organization) and will carry out emergency response in accordance with crisis management response standards.
Once safety and necessary work environment is ensured, each organization will make decision to activate their own BCP (Business Continuity Plan) and correspond to ensure business continuity of important business.
Serious crisis which has impact to affect whole Ricoh Group performance, require different knowledge and responses depending on the type of crisis. Therefore, Ricoh appoints main organization to take in charge of each serious crisis and creates Emergency Response Plan (ERP) based on business effect simulation. We also conduct training and exercises in accordance with the created ERP.
Currently, we have selected below as serious crisis that could affect whole Ricoh Group performance and they are described in Ricoh internal standards. Risk Management Department will review and make necessary revisions as necessary.
(1)Large Scale Natural Disaster
(a)Large Scale Earthquakes / Tsunami
(b)Volcanic Eruptions
(c)Heavy Storm / Heavy Snow / Floods / Storm Surge
(2)Severe Accident/ Fires at Ricoh Group’s facility
(3)Spread of serious infectious diseases (Pandemic)
(4)Severe system failure
(5)Severe Information security related incidents/accidents
Each organization in Ricoh Group identifies important businesses/operations that cannot be stopped or that require immediate recovery in the event of crisis and develops Business Continuity Plan (BCP).
In the first stage of developing BCP, we created BCP based on assumption of “Spread of New influenza” and “Large scale disaster such as a serious earthquake in Japan”. However, risks have become more diverse, and it has become difficult to quickly respond to unexpected events by responding to each risk. Therefore, as a second stage, we have adopted the concept of "all-hazards response" which will not limit our responses to each crisis. We will continue to develop BCP that follow this concept and strengthen our resilience.
Ricoh has “Crisis Response Standard for Natural Disaster, Accident and Instance (Outside Japan)” for our overseas group companies, and it clarifies roles and responsibilities of each organization/company.
Ricoh Group Headquarter are working together with overseas group companies by giving additional instructions when there is gap between the natural disaster risks provided by each group company and third-party information, confirming reporting route in event of serious crisis and supporting to create BCP to strengthen crisis response as a whole Ricoh Group.
To minimize impact of natural disaster such as large scale earthquake etc, Ricoh conduct joint disaster response drills within group companies in Japan. We also conduct disaster prevention drills in each office which includes night evacuation drills. Group Task Force who takes in charge of the whole group conducted training in a remote environment, taking into consideration of new work style. In recent years, we have strengthened our efforts to address flood risks and volcanic eruptions. Also, conducting tabletop and hands on training based on created plans.
In various training exercises, we verify whether our systems and operations are working and continue to make improvements. By doing so, we are preparing to ensure the safety of our employees and to quickly restore the office and business.
Regarding overseas, Ricoh Group Headquarters have distributed “Crisis Response Standard for Natural Disaster, Accident, and Instance (Outside Japan)”and at the same time shared “BCP creation manual” to deepen understanding of BCP and to promote review of plans to strengthen responses in all region and businesses.
Training and exercises of serious crisis are conducted on regional basis, depending on the local risk situation.
