Internal Control System
The Ricoh Group has established the RICOH Way, a set of guiding principles that serves as a foundation for its business activities. Abiding by these principles in corporate ethics and legal compliance and maintaining adequate transparency in corporate management, the group strives to continuously improve its corporate governance system, through which it ultimately aims to enhance its competitiveness.
- Ricoh's board of directors and GMC oversee the group's overall business operations and take charge of decision-making. To ensure effectiveness of such efforts, managerial regulations concerning the group's affiliated companies have been formulated, while supervising organization has been set up as a central function responsible for each official company.
- Ricoh has developed a basic disclosure policy to ensure that disclosed corporate information is accurate, timely, and comprehensive, and the "Disclosure Committee," an independent body in charge of verification of the process to prepare information to be disclosed, has been put in place.
- Ricoh has established a set of common rules, the Ricoh Group Standard (RGS), and has ensured adherence to these rules across the group.
- In order to thoroughly implement the Ricoh Group CSR Charter, which sets forth the principles of corporate behavior including compliance, and the Ricoh Group Code of Conduct, which articulates the general rules of conduct for Ricoh Group employees, a Specialty Committee and a hotline for reporting incidents and seeking advice have been established. In addition, various training programs have been set up to enhance compliance both domestically and internationally.
- The Ricoh Group is operating a total risk management (TRM), which allows us to identify, examine, and address risks faced in a comprehensive and across-the-board manner. Basic objectives of the TRM is to realize stable and sustainable development of the Group and increase corporate values.
- An integrated internal audit (U.S. SOX Act audit, financial audit, operational audit, etc.) has been conducted to ensure the reliability of our financial reports, improve operational efficiency, confirm compliance to laws and regulations, and check how risk management measures are implemented.
Excecutive Officers of the Ricoh Group will acknowledge possibilities of favorable or unfavorable results based on uncertainties surrounding the corporation. Management should perform integrated risk management activities which consider uncertainly related to business opportunities and uncertainly related to execution of business activities.
Accordingly, the group identifies risks that may exert a significant influence on the group's business operations. Risk management is performed mainly by a management division assigned to each individual risk, while conducting daily business activities. These efforts prevent the occurrence of an incident* that may significantly adversely affect the Ricoh Group's corporate activities. In addition, an initial response standard has been put in place that clearly states which division will be primarily responsible for incident control (depending on incident type) should a crisis occur, along with the reporting levels. It also explains the process of consecutive reporting to the president and managers concerned in accordance with the president's instructions.
Furthermore, a business continuity plan (BCP) has been formulated to prepare for natural disasters such as earthquakes and epidemics, including new strains of influenza. The BCP defines measures to minimize any possible damage and achieve prompt recovery and business continuity.
- *"Incident" refers to an event or an accident that can seriously affect the Ricoh Group's business operations.
Major risk management items
- Violation of compliance (fraudulence in relation to business operations, bribery and corruption, insider trading, etc.)
- Natural disasters (earthquakes, typhoons, deluge, etc.)/Serious accidents
- Human rights issues
- Serious Quality Problem (violation of laws, product liability, etc.)
- Information security (personal information protection, leakage of trade secrets, etc.)
- Violation of expert and import related legislation
- Administrative disposition, Claim for damages, etc.
- Others (harmful rumors, brand devaluation, etc.)
Regarding compliance with laws, regulations and corporate ethics, Ricoh considers it important to ensure all group members fully understand the Ricoh Group CSR Charter, which outlines principles of corporate behavior to be shared across the group, and the Ricoh Group Code of Conduct, which consists of the basic standards and values to be upheld by all Ricoh managers and employees, and the company ensures that all individuals act in strict compliance with the stated principles.
To this end, we provide all employees with educational programs, including e-learning programs, to deepen their understanding of the Ricoh Group Code of Conduct and learn the importance of compliance with laws, regulations and corporate ethics every year. Moreover, employees are required to sign a document to pledge that they will comply with the code of conduct.
The Ricoh Group stipulates the basic anti-corruption policy in its Code of Conduct and promotes it across the Group through the Code of Conduct education. In addition, for the purpose of appropriately complying with relevant laws and regulations that prevent illegal transactions by companies, such as the Foreign Corrupt Practices Act of the United States or the Bribery Act of Great Britain, the Ricoh Group works with lawyers and other specialists as well as stakeholders to prevent business irregularities.
Whistle-blowing system "Hotline"
As part of Ricoh's whistle-blowing system, a hotline has been in operation since April 2003 as a contact point for employees wishing to report incidents or seek advice. To protect whistle blowers, operational rules for the system have been prepared as Ricoh Group standards. In addition to internal contact, an independent external contact has been opened.
Risk management response to the Great East Japan Earthquake
To prepare for possible incidents that may seriously affect business activities, the Ricoh Group has created a set of standards as emergency response measures. To further strengthen our disaster prevention measures, we began developing a Business Continuity Plan (BCP) in 2007. The plan was designed with a major focus on securing continued business activities with our customers even in the event of a massive earthquake.
When Japan faced the Great East Japan Earthquake on March 11, 2011, these standards along with the BCP were activated and a disaster headquarters was immediately established, led by the company president. Meetings with the participation of top managers were held daily in March and twice a week in April and May. These mangers directed the headquarters to collect information, discuss various response measures and provide support to people in affected areas. At the headquarters, information that included the latest conditions of our offices and plants located in the affected areas and our efforts to support the damaged areas was organized, and the news was posted on various sites, including Ricoh's websites and those of Group companies.
Our preventive measures successfully maintained an internal network and other IT infrastructure functions following the earthquake. Notably effective were our decisions to maintain contracts with more than one network provider and to base our servers at two different locations. These measures allowed us to continue normal business operations, as well as to gather and share information from the afflicted areas and to provide support for the earthquake-hit communities.
In June 2011, we began reviewing the BCP to reflect our experiences following the Great East Japan Earthquake, and preparing the BCP for other types of disasters that may arise from a wider range of areas.