Main content Main content

Governance

Risk Management

Policy and Basic Concept

As the environment surrounding the company becomes more complex and diversified, the Ricoh Group positions risk management as an essential initiative in appropriately controlling the various internal and external uncertainties that surround the Group's business and in implementing management strategies and achieving business objectives. And then all Group employees strive to improve risk management.

Risk Management Systems and the Risk Management Committee

The Ricoh Group’s risk management systems can be divided into two main levels, as shown in Figure 1 below.

  1. Managerial risks, which are selected and managed autonomously by the GMC for management items of particular importance, within the management of the Ricoh Group.
  2. Division risks and Business unit risks that each business organization is responsible for managing its own business.

These two levels exist for the purpose of clarifying bodies responsible for risk management so as to facilitate agile decision-making and swift action in response to each level of risk, and together form an integrated risk management system. The management of some risks may be transferred from one level to the other, due to changes in the level of impact caused by environmental changes.
The role of each risk management body is shown on the right-hand side of Figure 1.

image: Risk Management System

The Risk Management Committee was established as an advisory body to the GMC, for the purpose of strengthening risk management processes across the entire Ricoh Group. The committee is chaired by the corporate officer in charge of risk management and has experts from each organization as members to ensure comprehensive coverage of risks and substantial discussions, and to propose to GMC specific risks requiring response or focus in terms of the management of the Ricoh Group. Furthermore, the Company will review and restructure the risk management system in Figures 1 and 2 as necessary, in order to strengthen the effectiveness of risk management across the Ricoh Group.

In FY2020, the committee was held twice in November. We had an intensive discussion about new risks which various changes will bring about, such as changes in work styles due to the spread of COVID-19, changes in the internal environment (transition to a business unit structure, conversion to a digital services company), and the ever-changing international situation. In March 2021, we reconfirmed whether any important risks remain toward shifting to the new structure, but the possibility of unexpected events and management blind spots is not zero. Therefore, from FY2021, we will strengthen monitoring by increasing the frequency of meetings of the Risk Management Committee, identify and address risks at an early stage, and review managerial risks appropriately to flexibly deal with risks.

Management coordinates with each business execution division, selecting a person responsible for risk management from each division (as a rule the manager), as well as a person responsible for the promotion of risk management (in a position to communicate with the manager on a daily basis), in order to further enhance the effectiveness and comprehensiveness of risk management systems. In addition, we are fostering a corporate culture resilient to risks by holding meetings to strengthen coordination for persons in charge of promoting risk management, sharing good examples of risk management activities at each organization, disseminating managerial risks, and holding study sessions and workshops organized by outside professionals for strengthening risk management.

Process of determining managerial risks

The GMC and Risk Management Committee determine managerial risks based on a comprehensive recognition of risks that exert a significant impact on management, including impact on interested parties, in light of the Company’s management philosophy and business purpose, and are actively involved in countering these risks. (Figure 2: Process of determining managerial risks)

  • Managerial risks are classified and managed as “strategic risks” and “operational risks” based on their characteristics. Strategic risks cover a wide range of risks that affect management, from risks related to the accomplishment of short-term business plans to emerging risks in the medium- to long-term.
  • As an advisory body to the GMC, the Risk Management Committee utilizes the specialized knowledge and experience of each of its members, engaging in substantial discussions before recognizing and assessing each risk, in order to more accurately propose possible managerial risks.

image: Process of determining managerial risks

Major focus managerial risks for the fiscal year ending March 31, 2023

Strategic risks
  • Business portfolio
  • Geopolitical risk
  • Securing, developing and managing human resources
  • Responding to digitalization
  • Responding to technological changes
  • Responding to ESG and SDGs; Emerging Risks such as Human Rights Violation and Climate Change
Operational risks
  • Information security
  • Fraudulent accounting
  • HR related compliance
  • Long-term delay and suspension in supply of products
  • Large-scale disaster
  • Unexpected business impact of coronavirus and other factors

Responding to incidents and accidents

The Ricoh Group is taking various measures to prevent incidents from occurring. For example, it can be used by all officers and employees of the Ricoh Group in Japan (including part-timers, part-time workers, and dispatched laborers) as a contact point for reporting and consulting on regular business audits and compliance violations. Ricoh Group Hot Line Sysetem We have established and are strengthening monitoring. In addition, we have established the Ricoh Group standard "Standard for responding to incidents" for all affiliated companies in Japan and overseas.

In the event of an incident that adversely affects the corporate activities of the Ricoh Group, the president, internal control committee, and disclosure control department of Ricoh Co., Ltd. will promptly treat the incident as a "serious incident" from the outbreak area through the supervising area for each incident. , We have established a system to report to officers, corporate auditors, etc. related to the case, and take measures based on the president's policy and prevent recurrence.

Regarding these serious incidents, we report to the Board of Directors every six months on the outline of the incidents that have occurred in the last six months, their response, measures to prevent recurrence, and changes in the number of incidents by incident category.

In addition, the content of reports of serious incidents and changes and trends in the number of occurrences are used as a reference when reviewing management risks at GMC in the following fiscal year.

The incidents that were reported by 2021 and their countermeasures are shown in the following table. Serious Incidents Affecting Management (GRI Standard 419.1 Violation of Socio-Economic Laws and Regulations) is “0”.

We are continuously disclosing progress reports on " Financial irregularities at Ricoh India," which is a serious incident that has affected management in FY2015.

Number of cases reported in 2019-2021 and status/progress of the breaches
incident category FY2019 FY2020 FY2021
Labor law violation Substantiated 2 0 1
Under investigation 0 0 0
TTL 2 0 1
Professional misconduct Substantiated 4 12 16
Under investigation 0 0 0
TTL 4 12 15
Embezzlement or theft Substantiated 12 0 13
Under investigation 0 0 0
TTL 12 0 13
Corruption Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Fraudulent accounting Substantiated 2 3 3
Under investigation 0 0 0
TTL 2 3 3
Harassment Substantiated 1 1 0
Under investigation 0 0 0
TTL 1 1 0
Human rights violation Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Others Substantiated 4 1 4
Under investigation 0 0 0
TTL 4 1 4
TTL Substantiated 25 17 37
Under investigation 0 0 0
TTL 25 17 37

Details of actions taken against the substantiated cases

Incident items that accounted for a high percentage of the total number of incidents in fiscal 2021 are as follows;

  • Business fraud
  • Embezzlement or theft

“Business Fraud" includes fraud related to documents such as commercial invoices. “Embezzlement or theft" includes theft from inventories and of company equipment. Many of the incidents in these two categories came to the surface as work from home became the norm and internal rules and business processes were adapted to the remote work environment. We have taken strict and appropriate measures to deal with these incidents, and 32 employees have been disciplined in accordance with company regulations. We have also implemented measures to prevent the recurrence of similar incidents, such as installing additional security cameras, enhancing approval processes for order placement and receiving, sharing misconduct cases within the organization, and developing the Code of Ethics education at the workplace.

Financial irregularities at Ricoh India

An independent auditor that Ricoh India appointed in 2015 raised concerns regarding reporting, and delayed the publication of the results until the matter could be concluded. Ricoh India's audit committee, together with its accountants and lawyers in India, undertook an internal investigation which revealed that some employees had falsified accounts. Ricoh India announced its fiscal 2016 results on November 18, 2016.

Timeline
  • Ricoh India bolstered corporate governance by changing its independent auditor after filing its results for the first quarter ended June 30, 2015.
  • In the second quarter of that year, the new independent auditor raised concerns toward Ricoh India's management and audit committee regarding financial irregularities on the part of some employees.
  • Ricoh India's audit committee appointed external experts and under¬took an internal investigation, which heightened concerns that accounting violations had occurred, with the company filing a report with the Bombay Stock Exchange on April 20, 2016.
  • On July 19, Ricoh India continued its probe into financial irregularities by some employees, announcing that it projected losses for the year ended March 31, 2016, to reflect corrected results.
  • On November 18, Ricoh India announced its results for the year ended March 31, 2016.
  • On September 11, 2017, FDS (one of Ricoh India's vendors) filed a petition to initiate insolvency resolution process against Ricoh India under the Insolvency and Bankruptcy Code of India.
  • On September 29, the National Company Law Tribunal dismissed the petition and FDS withdrew the petition based on this settlement.
  • On October 26, FDS filed a petition to initiate corporate reorganization proceedings as one of Ricoh India's creditors under the Insolvency and Bankruptcy Code of India.
  • On January 1, 2018, Ricoh India filed a petition with the National Company Law Tribunal to initiate insolvency resolution process under Section 10 of the Insolvency and Bankruptcy Code of India.
  • On February 15, 2019, the COC of Ricoh India approved one of the plans, amongst the several resolution plans submitted. The Resolution Professional filed this Resolution Plan with the NCLT for its approval. The submitted resolution plan is presently pending consideration of the NCLT.
  • On May 9, 2019, the Company allocated expenses which relate to Ricoh India of ¥14.9 billion in consolidated operating results for the fiscal years ended March 31, 2019.
  • On November 28, 2019, the NCLT approved the corporate reorganization plan filed by a third party, completing reorganization procedures.
  • On June 9, 2021, the Ricoh Group concluded the transfer of all its shares in Ricoh India Ltd. to third parties and dissolved its capital relationship with Ricoh India.

Ricoh takes the above matter seriously, and will fully cooperate with any continuing oversight by India regulators and courts. Concerning its global systems, it will reflect external expert assessments of the effectiveness of governance and internal controls at overseas subsidiaries in formulating and deploying measures to reinforce internal audits at those subsidiaries and prevent similar incidents from recurring.

BCP (Business Continuity Plan) of the Ricoh Group

The Ricoh Group has created a Business Continuity Plan (BCP) to enable the business to quickly recover and continue and to minimize the degree of damage in the event of an unanticipated disaster or accident.

In addition to the business continuity plan we enforce BCM issues such as implementation, application, education, training, correction and reviews as the coverage of BCPs.

BCP Conceptual diagram

image: BCP Conceptual diagram

Each Group company establishes BCPs depending on its situation. Overall, the Ricoh Group has formulated a BCP to manage three possible scenarios: new influenza pandemic, a wide-area disaster in Japan including major earthquakes, and a long-term suspension of product supplies.

Main steps of formulation
  1. Policy
  2. Plan
    (1)
    Identification of phenomenon to be examined
    (2)
    Evaluation of impact
    (3)
    Assumption of “important operations” damage
    (4)
    Extraction of “important elements”
    (5)
    Development of BCPs
  3. Implementation and application
  4. Education and training
  5. Inspection, correction and review by the management

Currently, the Ricoh Group has two BCPs, one being formulated on the assumption of “New Influenza epidemic” and the other being the “Widespread disaster in Japan, such as major earthquakes.”

New Influenza BCP

The Ricoh Group establishes response systems and execute necessary actions against the risk of a new influenza epidemic, based on the following basic policy.

<Basic policy>
1)
Ensure lives and health of Employees and their family members.
2)
Prevent infection from spreading.
3)
Provide services and products that are strongly requested by our customers and societies.
4)
Maintain business foundation.

Alert Level

In order to facilitate Ricoh Group companies around the world to recognize the conditions of outbreak of new influenza, and to respond based on a prescribed action plan, in the event of an outbreak of new influenza the Ricoh Group has established and has been applying the original alert level and criteria of issue. Having experienced the new influenza (A/H1N1) epidemic around the world from 2009 to 2010, the Ricoh Group conducted a review of the alert level in order to enable appropriate responses according to the individual conditions, and has been adopting the current level since FY2011.

<Original “Alert Level” of the Ricoh Group>

The 5-step decision levels are formulated, and each Ricoh Group company implements countermeasures according to each level.

By referring to the phases released by the WHO, the Headquarters of Ricoh conducts a comprehensive study of : (1) the spread of infection, (2) the severity level, and (3) the damage to the Ricoh Group in each region, etc., and make a specific assessment of the alert level in each region.

The following is the overview of the alert levels.

Original  Alert Level of the Ricoh Group

Action Guideline

The Ricoh Group has established and is implementing the “Ricoh Group New Influenza Action Guideline.”

The Action Guideline provides operations and activities to be conducted by each department and employee, approved/prohibited actions under each alert level. It also provides necessary preparations and execution items for operations to be continued under the alert level 5.

Important business operations

Ricoh Group companies / Divisions decide the business operations with priority that should be continued even during the pandemic of alert level 5, ensuring that safety of Employees is secured.

As a rule, the Ricoh Group suspends its businesses under the pandemic of alert level 5 and its Employees shall stay at home. Nevertheless, there are business operations whose continuation is considered indispensable in order to meet the strong needs of the society or due to inevitable reasons from the management point of view.

1)
Continuing businesses with the utmost priority

Operations to continuously provide customers who are engaged in public works* with products and services in the following

  • maintenance services and supplies of MFP / Printer / FAX.
  • thermal media products (products related to medical services, food and physical distribution industries.)
*
“Customers who are engaged in public works” refer to sectors directly engaged in social functions and infrastructure businesses and the like designated by the government (for instance, public organizations, medical services, public law enforcement and communication bodies, public transportation, food, gas, water, finance and physical distribution industries, etc.).
2)
Continuing jobs with priority

Basic jobs that must be performed by the Ricoh Group so that it can be sustained as a corporation (Payments of salaries, Payments to its creditors, etc.).

Jobs whose continuation under alert level 5 is regarded to be indispensable by each division, which is registered as such by the approval of the division manager in advance, and for which Response Plan that stipulated has been prepared.

Response Plan

The Ricoh Group has prepared a Response Plan, to continue business under the alert level 5.

Each company and each department has conducted analysis of impacts on the Continuing businesses with the utmost priority and Continuing jobs with priority, and prepared response plans based on the “Ricoh Group New Influenza Action Guideline.”

Large Scale Disaster BCP in Japan

In order to respond quickly and effectively to widespread natural disasters and accidental disasters in Japan, the Ricoh Group has established the Large Scale Disaster BCP in Japan based on the following basic policy.

<Basic policy>
  1. Utmost priority must be placed on securing the safety of employees, their families, customers and business partners.
  2. The priority must be placed on the responses to the customers who are engaged in the continuity of public works (e.g., public organizations with important roles for disaster response, medical institutions and government-designated infrastructure businesses).
  3. The impact on the business must be minimized by conducting advance study of countermeasures and making sufficient preparations and responses against possible damages on the business of the Ricoh Group.
  4. The viewpoint of BCP must be always be included in the review of business and operational process, instead of making a stand-alone framework of BCP a separate exercise of business activities.

Assumption

For the purpose of facilitating quick, appropriate and wide-ranging response to various disasters likely to occur in widespread regions in Japan (e.g., earthquakes, large-scale flood disasters, volcanic eruptions, nuclear power plant accidents, etc), BCP assumes representative disasters, such as “Tokyo-Epicentered Major Earthquake” and “Nankai Trough Huge Quake” as a basis of its formulation.

Steps for BCP establishment

After selecting the important functions which the Ricoh Group should address (e.g., disaster prevention, establishment of information infrastructure, sales, production & procurement, etc.) each of these functions establishes BCP according to the following steps.

«Diagram for BCP establishment steps»

image: Diagram for BCP establishment steps

Unified BCP Establishment in the Ricoh Group with the “Small BCP Establishment Manual”

What and how much is sufficient for BCPs established independently by Ricoh Group companies? Is there any part that is missing or that is unnecessary? Those are the questions we have asked. After participating in a model business project of the Ministry of Economy, Trade and Industry and taking advantage of know-how gained from ISO 22301, the Ricoh Group's unique “Small BCP Establishment Manual” was created in 2014. Each Group company subsequently created the BCPs in accordance with that.

This includes a simple checklist for establishment status, making it possible to grasp the response of each company at a glance.

Education and training

Promoting awareness and providing education

“Large Scale Disaster Response Manual” for employees was distributed, while at the same time, an e-learning material titled “Major disaster : Preparation in advance and responses to the outbreak – BCP of the Ricoh Group –,” was prepared to educate the outline of BCP that the Ricoh Group has developed and how to respond to disasters.

Providing training

In addition to the evacuation trainings conducted by each company and business site every year, various types of simulation trainings are provided for specific groups, including “the Group Disaster Task Force”, “the Group Companies Local Disaster Task Force”, “each company and business site of the Ricoh Group”, etc.
In the simulation trainings, Message Board (*) browsing training is also included, which was newly developed as a means of being contacted by the company.

* What is Message Board?
Message Board was developed as a means of transmitting all necessary information from the company to their respective employees even when it becomes difficult due to congested communication lines after an outbreak of a disaster.
In addition to the use of conventional safety confirmation systems and emergency contact networks, “Message Board” is applied as a way by which employees can read messages from their companies using their PCs and smartphones.