Governance

Risk Management

The Ricoh Group implements risk management in order to accurately respond to risks that may give serious adverse impact on corporate activities of Ricoh. The basic purpose, when implementing risk management, is to realize effective and efficient total risk management (TRM), by grasping exhaustively and systematically, and organizing and responding to the risks surrounding the Ricoh Group, in order to increase stability, sustainable development and corporate value of the Ricoh Group.

Total Risk Management (TRM) system

In addition, the Group has established a Risk Management Support Division, which is independent of its business divisions, and which provides comprehensive support for executives, divisions responsible for managerial risk, and all divisions within the Group.

To streamline risk management groupwide, the Group Standard (which defines the Basic Rules & Regulations for Ricoh Group Total Risk Management) is explained to major affiliates through the Guidelines for Implementing Affiliated Company Risk Management.

In the fiscal year ending March 2019, in order to create a further “upward spiral” of improvement to facilitate total risk management activities, the Ricoh President has appointed one member of the management team as an evaluator for each managerial risk, and adopted a process whereby that evaluator assesses and provides feedback with regard to results produced over a one-year period, starting from the initial formulation of the relevant risk management plan.

To streamline risk management groupwide, the Group Standard (which defines the Basic Rules for Ricoh Group Total Risk Management) is explained to major affiliates through the Guidelines for Implementing Affiliated Company Risk Management.

We create risk management journals for specific risks relating to events, factors, preventive measures and advance preparations, and response measures. We accordingly rank implementation items each year, and plan, undertake, and report on them.

Focus managerial, managerial and sectoral Risks

We undertake risk management PDCAs according to risk levels. We deem sectoral risks managed by Ricoh divisions and Group companies as managerial risks if the impact on human life or society or the monetary damage could be major if such risks materialize. We prioritize focus managerial risks where considering it important to undertake initiatives focusing on them in the relevant fiscal year.

Determining and reviewing managerial risk

The Group assigns a risk value based on frequency and degree of impact for external risks such as world trends, incidents and accidents, as well as for internal risks such as changes in the business structure, and creates a two-dimensional risk map to define managerial risk. This is reviewed annually at the time the business plan is being created.

Priority management risks

In the fiscal year ending March 31, 2019, the Group will take a more essential approach in its risk management activities, by narrowing down the number of risk items in order to focus on priority risks, and adding an evaluation process by the management team.

• Information security
• Inappropriate accounting

• Misappropriation and embezzlement of assets by employees
• Significant quality problems
• Employment compliance violations
• Harassment issues
• Long-term supply delays and stoppages of products
• Export/import control law violations
• Large-scale disasters, incidents and accidents (in Japan and overseas)
• Human rights issues (child labor, etc.)
• Software copyright issues
• Competition law violations
• Strategy and management judgments (M&A)
• Contracts on intellectual property in the initial stages of R&D/Business and business operation

Responding to incidents and accidents

Setting down the Ricoh Group “Incident Management Standard” for all affiliate companies in Japan and overseas, the Ricoh Group has created a system to deal with incidents that may have a negative impact on corporate business activities and to prevent reoccurrence based on the president's policies. “TRM incidents” are to be reported from the division in which the incident occurred through the management division primarily responsible for each incident, to the Ricoh President, the Internal Control Committee members, the disclosure management division, officers connected to the case, and Audit and Supervisory Board Members.

A summary of TRM incidents that have occurred during the most recent six months, together with a description of how they were dealt with and the measures taken to prevent reoccurrence, as well as changes in the numbers of occurrences classified by incident, are reported to the Board of Directors every half fiscal year. The GMC will refer to the content of these TRM Incident reports as well as changes and trends in the number of occurrences when reviewing managerial risks for the next fiscal year.

Among the reported incidents, the number of compliance-related TRM incidents (corresponding to GRI G4 SO5 (a)) in the past three years were 16 in the fiscal year ended March 31, 2016, 19 in the fiscal year ended March 31, 2017, and 27 in the fiscal year ended March 31, 2018.

Of these compliance-related TRM incidents, there was one major incident that required disclosures to external organizations in the fiscal year ended March 31, 2016, which was an accounting violation occurred in India. However, there is no major incident in the fiscal year ended March 31, 2017. We will leverage our website and other vehicles to promptly share any information that should be disclosed regarding Ricoh India.

An independent auditor that Ricoh India appointed in 2015 raised concerns regarding reporting, and delayed the publication of the results until the matter could be concluded. Ricoh India's audit committee, together with its accountants and lawyers in India, undertook an internal investigation which revealed that some employees had falsified accounts. Ricoh India announced its fiscal 2016 results on November 18, 2016.

• Ricoh India bolstered corporate governance by changing its independent auditor after filing its results for the first quarter ended June 30, 2015.
• In the second quarter of that year, the new independent auditor raised concerns toward Ricoh India's management and audit committee regarding financial irregularities on the part of some employees.
• Ricoh India's audit committee appointed external experts and under¬took an internal investigation, which heightened concerns that accounting violations had occurred, with the company filing a report with the Bombay Stock Exchange on April 20, 2016.
• On July 19, Ricoh India continued its probe into financial irregularities by some employees, announcing that it projected losses for the year ended March 31, 2016, to reflect corrected results.
• On November 18, Ricoh India announced its results for the year ended March 31, 2016.
• On September 11, 2017, FDS (one of Ricoh India's vendors) filed a petition to initiate insolvency resolution process against Ricoh India under the Insolvency and Bankruptcy Code of India.
• On September 29, the National Company Law Tribunal dismissed the petition and FDS withdrew the petition based on this settlement.
• On October 26, FDS filed a petition to initiate corporate reorganization proceedings as one of Ricoh India's creditors under the Insolvency and Bankruptcy Code of India.
• On January 1, 2018, Ricoh India filed a petition with the National Company Law Tribunal to initiate insolvency resolution process under Section 10 of the Insolvency and Bankruptcy Code of India.

Ricoh takes the above matter seriously, and will fully cooperate with any continuing oversight by India regulators and courts. Concerning its global systems, it will reflect external expert assessments of the effectiveness of governance and internal controls at overseas subsidiaries in formulating and deploying measures to reinforce internal audits at those subsidiaries and prevent similar incidents from recurring.

Page Top

BCP (Business Continuity Plan) of the Ricoh Group

The Ricoh Group has created a Business Continuity Plan (BCP) to enable the business to quickly recover and continue and to minimize the degree of damage in the event of an unanticipated disaster or accident.

In addition to the business continuity plan itself, this document introduces BCM issues such as implementation, application, education, training, correction and reviews as the coverage of BCPs.

«BCP Conceptual diagram»

The Ricoh Group has been formulating its BCP by referring to the 2nd edition of “Business Continuity Guidelines” published by the Cabinet Office of the Government of Japan. The Risk Management Support Division, as the secretariat, organizes functional teams within the Ricoh Group, and formulates and promotes BCP.

1. Policy
2. Plan

   (1)

   Identification of phenomenon to be examined

   (2)

   Evaluation of impact

   (3)

   Assumption of “important operations” damage

   (4)

   Extraction of “important elements”

   (5)

   Development of BCPs

3. Implementation and application
4. Education and training
5. Inspection, correction and review by the management

Currently, the Ricoh Group has two BCPs, one being formulated on the assumption of “New Influenza epidemic” and the other being the “Widespread disaster in Japan, such as major earthquakes.”

New Influenza BCP

The Ricoh Group establishes response systems and execute necessary actions against the risk of a new influenza epidemic, based on the following basic policy.

Alert Level

In order to facilitate Ricoh Group companies around the world to recognize the conditions of outbreak of new influenza, and to respond based on a prescribed action plan, in the event of an outbreak of new influenza the Ricoh Group has established and has been applying the original alert level and criteria of issue. Having experienced the new influenza (A/H1N1) epidemic around the world from 2009 to 2010, the Ricoh Group conducted a review of the alert level in order to enable appropriate responses according to the individual conditions, and has been adopting the current level since FY2011.

The 5-step decision levels are formulated, and each Ricoh Group company implements countermeasures according to each level.

By referring to the phases released by the WHO, the Headquarters of Ricoh conducts a comprehensive study of : (1) the spread of infection, (2) the severity level, and (3) the damage to the Ricoh Group in each region, etc., and make a specific assessment of the alert level in each region.

The following is the overview of the alert levels.

Action Guideline

The Ricoh Group has established and is implementing the “Ricoh Group New Influenza Action Guideline.”

The Action Guideline provides operations and activities to be conducted by each department and employee, approved/prohibited actions under each alert level. It also provides necessary preparations and execution items for operations to be continued under the alert level 5.

Important business operations

Ricoh Group companies / Divisions decide the business operations with priority that should be continued even during the pandemic of alert level 5, ensuring that safety of Employees is secured.

Response Plan

The Ricoh Group has prepared a Response Plan, to continue business under the alert level 5.

Each company and each department has conducted analysis of impacts on the Continuing businesses with the utmost priority and Continuing jobs with priority, and prepared response plans based on the “Ricoh Group New Influenza Action Guideline.”

Large Scale Disaster BCP in Japan

In order to respond quickly and effectively to widespread natural disasters and accidental disasters in Japan, the Ricoh Group has established the Large Scale Disaster BCP in Japan based on the following basic policy.

Assumption

For the purpose of facilitating quick, appropriate and wide-ranging response to various disasters likely to occur in widespread regions in Japan (e.g., earthquakes, large-scale flood disasters, volcanic eruptions, nuclear power plant accidents, etc), BCP assumes representative disasters, such as “Tokyo-Epicentered Major Earthquake” and “Nankai Trough Huge Quake” as a basis of its formulation.

Steps for BCP establishment

After selecting the important functions which the Ricoh Group should address (e.g., disaster prevention, establishment of information infrastructure, sales, production & procurement, etc.) each of these functions establishes BCP according to the following steps.

«Diagram for BCP establishment steps»

Review of the assumed risk

The formulation of this BCP was started in 2007, assuming “Tokyo-Epicentered Major Earthquake” and the “Tokai earthquake.” It was completed in December, 2010, and the report was submitted to the top management of the Ricoh Group. By the lessons and reflections based on the experience of the Great East Japan Earthquake in March, 2011, the assumed risk was expanded and the reviews are conducted still now.

Education and training

“Large Scale Disaster Response Manual” for employees was distributed, while at the same time, an e-learning material titled “Major disaster : Preparation in advance and responses to the outbreak – BCP of the Ricoh Group –,” was prepared to educate the outline of BCP that the Ricoh Group has developed and how to respond to disasters.

In addition to the evacuation trainings conducted by each company and business site every year, various types of simulation trainings are provided for specific groups, including “the Group Disaster Task Force”, “the Group Companies Local Disaster Task Force”, “each company and business site of the Ricoh Group”, etc.
In the simulation trainings, Message Board ^(*) browsing training is also included, which was newly developed as a means of being contacted by the company.

* What is Message Board?

Message Board was developed as a means of transmitting all necessary information from the company to their respective employees even when it becomes difficult due to congested communication lines after an outbreak of a disaster.

In addition to the use of conventional safety confirmation systems and emergency contact networks, “Message Board” is applied as a way by which employees can read messages from their companies using their PCs and smartphones.