As the environment surrounding the company becomes more complex and diversified, the Ricoh Group positions risk management as an essential initiative in appropriately controlling the various internal and external uncertainties that surround the Group's business and in implementing management strategies and achieving business objectives. And then all Group employees strive to improve risk management.The Board of Directors assumes the role and responsibility of overseeing and monitoring whether the execution of risk management by executives is effective and efficient.
The Ricoh Group’s risk management systems can be divided into two main levels, as shown in Figure 1 below.
These two levels exist for the purpose of clarifying bodies responsible for risk management so as to facilitate agile decision-making and swift action in response to each level of risk, and together form an integrated risk management system. The management of some risks may be transferred from one level to the other, due to changes in the level of impact caused by environmental changes.The reevaluation and replacement of risks addressed at each level, based on changes in the level of impact due to environmental changes, are carried out at a frequency of at least twice a year.
The role of each risk management body is shown on the right-hand side of Figure 1.
The Risk Management Committee was established as an advisory body to the Group Management Committee (GMC) with the aim of enhancing the overall risk management process within the Ricoh Group. The committee is supported by a separate risk management support department, independent of the business divisions, which serves as the secretariat. The committee is chaired by the Risk Management Officer and includes experts from various organizational units. This composition ensures comprehensive risk coverage and facilitates in-depth discussions, enabling the committee to propose to the GMC the risks that should be addressed and prioritized in the management of the Ricoh Group. Additionally, as part of strengthening the practicality of risk management within the Ricoh Group, the risk management system, as shown in Figures 1 and 2, is periodically reviewed and reconstructed as needed.
Furthermore, to establish a more effective and cohesive risk management system that aligns with the management and various business execution units, risk management responsible officers and promoters are appointed from each organizational unit. This enables the development of autonomous risk management structures within each organization.
Moreover, the Risk Management Support Department organizes a "Risk Management Collaboration Enhancement Meeting" targeting risk management promoters. In this meeting, study sessions and information sharing related to risk management are conducted to foster a risk-resilient organization. Continuous efforts are being made to become an organization that is robust in managing risks.
The GMC and Risk Management Committee determine managerial risks based on a comprehensive recognition of risks, through activities such as stress tests, that exert a significant impact on management, in light of the Company’s management philosophy and business purpose, and are actively involved in countering these risks. (Figure 2: Process of determining managerial risks)
The Ricoh Group is taking various measures to prevent incidents from occurring. For example, it can be used by all officers and employees of the Ricoh Group in Japan (including part-timers, part-time workers, and dispatched laborers) as a contact point for reporting and consulting on regular business audits and compliance violations. Ricoh Group Hot Line Sysetem We have established and are strengthening monitoring. In addition, we have established the Ricoh Group standard "Standard for responding to incidents" for all affiliated companies in Japan and overseas.
In the event of an incident that adversely affects the corporate activities of the Ricoh Group, the president, internal control committee, and disclosure control department of Ricoh Co., Ltd. will promptly treat the incident as a "serious incident" from the outbreak area through the supervising area for each incident. , We have established a system to report to officers, corporate auditors, etc. related to the case, and take measures based on the president's policy and prevent recurrence.
The summary of significant incidents that occurred in the past six months, including their responses and measures for prevention of recurrence, as well as the trend of incident occurrence by incident category, are reported to the Board of Directors on a semi-annual basis. Please refer to the table below for the significant incidents reported to the Board of Directors and their corresponding status of handling for the fiscal year up to 2022.
Please note that the reported details of significant incidents, the trend and patterns of incident occurrence, are taken into consideration as a reference during the management risk review in the following fiscal year by the GMC.
incident category | FY2020 | FY2021 | FY2022 | |
---|---|---|---|---|
Labor law violation | Substantiated | 0 | 1 | 2 |
Under investigation | 0 | 0 | 0 | |
TTL | 0 | 1 | 2 | |
Professional misconduct | Substantiated | 12 | 16 | 8 |
Under investigation | 0 | 0 | 0 | |
TTL | 12 | 16 | 8 | |
Embezzlement or theft | Substantiated | 0 | 13 | 6 |
Under investigation | 0 | 0 | 3 | |
TTL | 0 | 13 | 9 | |
Corruption | Substantiated | 0 | 0 | 0 |
Under investigation | 0 | 0 | 0 | |
TTL | 0 | 0 | 0 | |
Fraudulent accounting | Substantiated | 3 | 3 | 2 |
Under investigation | 0 | 0 | 0 | |
TTL | 3 | 3 | 2 | |
Harassment | Substantiated | 1 | 0 | 1 |
Under investigation | 0 | 0 | 1 | |
TTL | 1 | 0 | 2 | |
Human rights violation | Substantiated | 0 | 0 | 0 |
Under investigation | 0 | 0 | 0 | |
TTL | 0 | 0 | 0 | |
Information Security (Customer Privacy Data) |
Substantiated | 0 | 1(0) | 2(0) |
Under investigation | 0 | 0 | 0 | |
TTL | 0 | 1(0) | 2(0) | |
Conflicts of Interest | Substantiated | 0 | 0 | 0 |
Under investigation | 0 | 0 | 0 | |
TTL | 0 | 0 | 0 | |
Money Laundering or Insider trading | Substantiated | 0 | 0 | 0 |
Under investigation | 0 | 0 | 0 | |
TTL | 0 | 0 | 0 | |
Others | Substantiated | 1 | 3 | 6 |
Under investigation | 0 | 0 | 0 | |
TTL | 1 | 3 | 6 | |
TTL | Substantiated | 17 | 37 | 27 |
Under investigation | 0 | 0 | 4 | |
TTL | 17 | 37 | 31 |
The following items had a high percentage of incidents in the fiscal year 2022:
Malpractice in business operations includes fraudulent activities related to documents such as receipts. Embezzlement and theft include incidents involving the theft of inventory and internal company property. Many of these incidents in both categories were brought to light as remote work became more prevalent, and internal rules and business processes adapted to remote work environments. Our company has been rigorously and appropriately addressing these incident cases. So far, we have taken disciplinary actions against 16 individuals in accordance with internal regulations. Additionally, we have implemented preventive measures to ensure similar incidents do not occur again. Examples of these measures include the installation of security cameras, strengthening the approval process for procurement and delivery tasks, sharing information about fraudulent activities within the organization, and providing ethics education in the workplace.
Furthermore, in the fiscal year 2022, there was one serious violations of law that required external disclosure.
[Serious Violations Requiring External Disclosure - 1 case]
This incident occurred in August 2022 and pertained to the biomedical business. A corrective order was issued, leading to external disclosure. We conducted an internal investigation involving external experts to develop preventive measures. By implementing these measures, we aim to enhance compliance.
Important Announcement: https://jp.ricoh.com/info/notice/2022/0812_1[Link to the announcement only in Japanese]
The Ricoh Group has created a Business Continuity Plan (BCP) to enable the business to quickly recover and continue and to minimize the degree of damage in the event of an unanticipated disaster or accident.
In addition to the business continuity plan we enforce BCM issues such as implementation, application, education, training, correction and reviews as the coverage of BCPs.
Each Group company establishes BCPs depending on its situation. Overall, the Ricoh Group has formulated a BCP to manage three possible scenarios: new influenza pandemic, a wide-area disaster in Japan including major earthquakes, and a long-term suspension of product supplies.
Currently, the Ricoh Group has two BCPs, one being formulated on the assumption of “New Influenza epidemic” and the other being the “Widespread disaster in Japan, such as major earthquakes.”
The Ricoh Group establishes response systems and execute necessary actions against the risk of a new influenza epidemic, based on the following basic policy.
In order to facilitate Ricoh Group companies around the world to recognize the conditions of outbreak of new influenza, and to respond based on a prescribed action plan, in the event of an outbreak of new influenza the Ricoh Group has established and has been applying the original alert level and criteria of issue. Having experienced the new influenza (A/H1N1) epidemic around the world from 2009 to 2010, the Ricoh Group conducted a review of the alert level in order to enable appropriate responses according to the individual conditions, and has been adopting the current level since FY2011.
The 5-step decision levels are formulated, and each Ricoh Group company implements countermeasures according to each level.
By referring to the phases released by the WHO, the Headquarters of Ricoh conducts a comprehensive study of : (1) the spread of infection, (2) the severity level, and (3) the damage to the Ricoh Group in each region, etc., and make a specific assessment of the alert level in each region.
The following is the overview of the alert levels.
The Ricoh Group has established and is implementing the “Ricoh Group New Influenza Action Guideline.”
The Action Guideline provides operations and activities to be conducted by each department and employee, approved/prohibited actions under each alert level. It also provides necessary preparations and execution items for operations to be continued under the alert level 5.
Ricoh Group companies / Divisions decide the business operations with priority that should be continued even during the pandemic of alert level 5, ensuring that safety of Employees is secured.
As a rule, the Ricoh Group suspends its businesses under the pandemic of alert level 5 and its Employees shall stay at home. Nevertheless, there are business operations whose continuation is considered indispensable in order to meet the strong needs of the society or due to inevitable reasons from the management point of view.
Operations to continuously provide customers who are engaged in public works* with products and services in the following
Basic jobs that must be performed by the Ricoh Group so that it can be sustained as a corporation (Payments of salaries, Payments to its creditors, etc.).
Jobs whose continuation under alert level 5 is regarded to be indispensable by each division, which is registered as such by the approval of the division manager in advance, and for which Response Plan that stipulated has been prepared.
The Ricoh Group has prepared a Response Plan, to continue business under the alert level 5.
Each company and each department has conducted analysis of impacts on the Continuing businesses with the utmost priority and Continuing jobs with priority, and prepared response plans based on the “Ricoh Group New Influenza Action Guideline.”
In order to respond quickly and effectively to widespread natural disasters and accidental disasters in Japan, the Ricoh Group has established the Large Scale Disaster BCP in Japan based on the following basic policy.
For the purpose of facilitating quick, appropriate and wide-ranging response to various disasters likely to occur in widespread regions in Japan (e.g., earthquakes, large-scale flood disasters, volcanic eruptions, nuclear power plant accidents, etc), BCP assumes representative disasters, such as “Tokyo-Epicentered Major Earthquake” and “Nankai Trough Huge Quake” as a basis of its formulation.
After selecting the important functions which the Ricoh Group should address (e.g., disaster prevention, establishment of information infrastructure, sales, production & procurement, etc.) each of these functions establishes BCP according to the following steps.
What and how much is sufficient for BCPs established independently by Ricoh Group companies? Is there any part that is missing or that is unnecessary? Those are the questions we have asked. After participating in a model business project of the Ministry of Economy, Trade and Industry and taking advantage of know-how gained from ISO 22301, the Ricoh Group's unique “Small BCP Establishment Manual” was created in 2014. Each Group company subsequently created the BCPs in accordance with that.
This includes a simple checklist for establishment status, making it possible to grasp the response of each company at a glance.
“Large Scale Disaster Response Manual” for employees was distributed, while at the same time, an e-learning material titled “Major disaster : Preparation in advance and responses to the outbreak – BCP of the Ricoh Group –,” was prepared to educate the outline of BCP that the Ricoh Group has developed and how to respond to disasters.
In addition to the evacuation trainings conducted by each company and business site every year, various types of simulation trainings are provided for specific groups, including “the Group Disaster Task Force”, “the Group Companies Local Disaster Task Force”, “each company and business site of the Ricoh Group”, etc.
In the simulation trainings, Message Board (*) browsing training is also included, which was newly developed as a means of being contacted by the company.