| |
 |
Promoting Internal Control
|
The Ricoh Group has undertaken measures
to strengthen internal control in order to keep the reliability
of its financial reports at a high level; elevate operational
effectiveness and efficiency; and enforce compliance with
laws, the code of conduct and internal rules. Subsequent to
the legislation of the Public Company Accounting Reform and
Investor Protection Act (or the Sarbanes-Oxley Act, commonly
called SOX) in the United States in July 2002, all companies
with financial reporting based on generally accepted accounting
standards in the United States (U.S. GAAP) faced the urgent
task of complying with the requirements stipulated in Section
404 of the Act. The following section describes examples of
actions taken by the Ricoh Group with respect to internal
control.
|
Compliance with
the SOX Act |
 |
|
|
Actions taken up to fiscal 2005
The Ricoh Group rolled out a variety of
measures to strengthen and promote internal control and encourage
its further penetration, as well as to ensure compliance with the
SOX Act of the United States. In April 2003, the company set up
a disclosure committee at headquarters pursuant to Section 302.
It also set up telephone and e-mail hotlines, which enabled the
company to pay closer attention to observations by insiders, and
clarified the code of conduct that all employees are required to
comply with, by setting forth the Ricoh Group Corporate Social Responsibility
Charter and Code of Conduct.
To meet the Section 404 requirements, Ricoh completed (1) the management's
statement of the responsibilities and framework related to internal
control, (2) attestation by management of the effectiveness of internal
control, and (3) implementation of internal auditing by a financial
auditor in fiscal 2006 and disclosure of the auditor's opinions.
In March 2004, the Internal Management & Control Office (IMCO) (now
known as the Internal Management & Control Division (IMCD)) was
created. During fiscal 2005, self-tests were given to major departments
and companies throughout the Group. They were given to determine
the states of readiness and of implementation of the respective
sections in regard to internal control processes. Results of the
tests were subject to management review and assessment.
Actions in fiscal 2006
To comply with the new Company Law, Ricoh established the Basic
Policy Concerning the Development of an Internal Control System.
This was approved by the Board of Directors meeting in May 2006.
For the second year in a row, in fiscal 2006 the Ricoh Group conducted
self-tests and a management review to improve internal control and
solve relevant problems. Based on the results of these test and
review, the Fiscal 2006 Internal Control Report was made, summarizing
assessments of the effectiveness of internal control of the entire
Group, and was audited by an external auditor. The Internal Control
Report was published in June and announced in Ricoh Group Annual
Report 2007.
Compliance with
the Financial Instruments
and Exchange Law |
 |
|
|
As the Financial Instruments and Exchange
Law went into force in June 2006, the Financial Services Agency
issued Evaluation and Auditing Criteria for Internal Control Pertaining
to Financial Reporting, along with implementation criteria. The
Ministry of Economy, Trade and Industry published IT Control Guidance
Pertaining to Financial Reporting. The Ricoh Group believes that
measures it took to comply with the SOX requirements have readied
the Group to meet the internal control requirements as set forth
in the Law, in terms of overall control for the group and control
of business process flows other than IT control. As for IT control
requirements, Ricoh already completed work to satisfy the Section
404 requirements of SOX in line with the overall IT control framework
including governance and business processing control.
For IT control matters in the Financial Instruments and Exchange
Law that require action, models such as the Guidance referred to
above were presented by the Ministry of Economy, Trade and Industry.
The Guidance consists of: (1) internal IT control in an entire corporate
group (group-wide control of IT matters), (2) activities to create
an environment for effective business processing control directly
concerning financial reporting reliability (overall IT control),
and (3) internal control in business processes for accurate processing
and recording of all approved tasks of information technology that
controls business (control of IT business processing).
Both frameworks are based on the COSO control framework. Their basic
components are IT control including IT governance over the entire
Group, overall IT control including IT security, and control of
IT business processing. Therefore, the experiences of administering
measures to become SOX-compliant can be fully used in meeting the
IT control requirements specified by the Law.
The Ricoh Group plans to merge IT control frameworks such as the
IT Control Guidance Pertaining to Financial Reporting and activities
to maintain and improve information security. This will promote
the internal controls essential for the transformation of the company
into a global corporation with higher corporate value.
Note: |
Reporting requirements concerning the evaluation and auditing
criteria for internal control pertaining to financial reporting
are diverse. This Report primarily deals with IT control
and IT security/IT governance. For more details, please
consult securities reports and internal control reports. |
|
|
|
|
