Risk Management

Risk Management Policy and Basic Concept

As the environment surrounding the company becomes more complex and diversified, the Ricoh Group positions risk management as an essential initiative in appropriately controlling the various internal and external uncertainties that surround the Group's business and in implementing management strategies and achieving business objectives. And then all Group employees strive to improve risk management.The Board of Directors assumes the role and responsibility of overseeing and monitoring whether the execution of risk management by executives is effective and efficient.

Risk Management Systems and the Risk Management Committee

The Ricoh Group’s risk management systems can be divided into two main levels, as shown in Figure 1 below.
1. Managerial risks, which are selected and managed autonomously by the GMC for management items of particular importance, within the management of the Ricoh Group. 2. Division risks and Business unit risks that each business organization is responsible for managing its own business. These two levels exist for the purpose of clarifying bodies responsible for risk management so as to facilitate agile decision-making and swift action in response to each level of risk, and together form an integrated risk management system. The management of some risks may be transferred from one level to the other, due to changes in the level of impact caused by environmental changes.The reevaluation and replacement of risks addressed at each level, based on changes in the level of impact due to environmental changes, are carried out at a frequency of at least twice a year.
The role of each risk management body is shown on the right-hand side of Figure 1.

Image showing the aforementioned contents

The Risk Management Committee was established as an advisory body to the Group Management Committee (GMC) with the aim of enhancing the overall risk management process within the Ricoh Group. The committee is supported by a separate risk management support department, independent of the business divisions, which serves as the secretariat. The committee is chaired by the Risk Management Officer and includes experts from various organizational units. This composition ensures comprehensive risk coverage and facilitates in-depth discussions, enabling the committee to propose to the GMC the risks that should be addressed and prioritized in the management of the Ricoh Group. Additionally, as part of strengthening the practicality of risk management within the Ricoh Group, the risk management system, as shown in Figures 1 and 2, is periodically reviewed and reconstructed as needed.

Furthermore, to establish a more effective and cohesive risk management system that aligns with the management and various business execution units, risk management responsible officers and promoters are appointed from each organizational unit. This enables the development of autonomous risk management structures within each organization.

Moreover, the Risk Management Support Department organizes a "Risk Management Collaboration Enhancement Meeting" targeting risk management promoters. In this meeting, study sessions and information sharing related to risk management are conducted to foster a risk-resilient organization. Continuous efforts are being made to become an organization that is robust in managing risks.

Process of determining managerial risks

The GMC and Risk Management Committee determine managerial risks based on a comprehensive recognition of risks, through activities such as stress tests, that exert a significant impact on management, in light of the Company’s management philosophy and business purpose, and are actively involved in countering these risks. (Figure 2: Process of determining managerial risks)

  • Managerial risks are classified and managed as “strategic risks” and “operational risks” based on their characteristics. Strategic risks cover a wide range of risks that affect management, from risks related to the accomplishment of short-term business plans to emerging risks in the medium- to long-term.
  • As an advisory body to the GMC, the Risk Management Committee utilizes the specialized knowledge and experience of each of its members, engaging in substantial discussions before recognizing and assessing each risk, in order to more accurately propose possible managerial risks.
Image showing the aforementioned contents

Major focus managerial risks for FY2023

Strategic risks

  • Transition of profit structure as a digital services company
  • Acceleration of digital strategy
  • Reinforcement of advanced technologies
  • Information security
  • Securing developing and managing human resources
  • Responding to ESG and SDGs; Emerging Risks such as Human Rights Violation, and Climate Change and transition to Circular Economy
  • Geopolitical risks

Operational risks

  • Long-term delay and suspension in supply of products
  • Large-scale disasters /incidents or accidents
  • Unexpected impact of changes in the global environment
  • Human resource-related compliance
  • Risks related to Group governance

Incident and Accident Management

The Ricoh Group is taking various measures to prevent incidents from occurring. For example, it can be used by all officers and employees of the Ricoh Group in Japan (including part-timers, part-time workers, and dispatched laborers) as a contact point for reporting and consulting on regular business audits and compliance violations. Ricoh Group Hot Line System We have established and are strengthening monitoring. In addition, we have established the Ricoh Group standard "Standard for responding to incidents" for all affiliated companies in Japan and overseas.

In the event of an incident that adversely affects the corporate activities of the Ricoh Group, the president, internal control committee, and disclosure control department of Ricoh Co., Ltd. will promptly treat the incident as a "serious incident" from the outbreak area through the supervising area for each incident. , We have established a system to report to officers, corporate auditors, etc. related to the case, and take measures based on the president's policy and prevent recurrence.

The summary of significant incidents that occurred in the past six months, including their responses and measures for prevention of recurrence, as well as the trend of incident occurrence by incident category, are reported to the Board of Directors on a semi-annual basis. Please refer to the table below for the significant incidents reported to the Board of Directors and their corresponding status of handling for the fiscal year up to 2022.

Please note that the reported details of significant incidents, the trend and patterns of incident occurrence, are taken into consideration as a reference during the management risk review in the following fiscal year by the GMC.

Number of cases reported in 2020-2022 and status/progress of the breaches

incident category FY2020 FY2021 FY2022
Labor law violation Substantiated 0 1 2
Under investigation 0 0 0
TTL 0 1 2
Professional misconduct Substantiated 12 16 8
Under investigation 0 0 0
TTL 12 16 8
Embezzlement or theft Substantiated 0 13 6
Under investigation 0 0 3
TTL 0 13 9
Corruption Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Fraudulent accounting Substantiated 3 3 2
Under investigation 0 0 0
TTL 3 3 2
Harassment Substantiated 1 0 1
Under investigation 0 0 1
TTL 1 0 2
Human rights violation Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Information Security
(Customer Privacy Data)
Substantiated 0 1(0) 2(0)
Under investigation 0 0 0
TTL 0 1(0) 2(0)
Conflicts of Interest Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Money Laundering or Insider trading Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Others Substantiated 1 3 6
Under investigation 0 0 0
TTL 1 3 6
TTL Substantiated 17 37 27
Under investigation 0 0 4
TTL 17 37 31

Details of actions taken against the substantiated cases

The following items had a high percentage of incidents in the fiscal year 2022:

  • Malpractice in business operations
  • Embezzlement and theft

Malpractice in business operations includes fraudulent activities related to documents such as receipts. Embezzlement and theft include incidents involving the theft of inventory and internal company property. Many of these incidents in both categories were brought to light as remote work became more prevalent, and internal rules and business processes adapted to remote work environments. Our company has been rigorously and appropriately addressing these incident cases. So far, we have taken disciplinary actions against 16 individuals in accordance with internal regulations. Additionally, we have implemented preventive measures to ensure similar incidents do not occur again. Examples of these measures include the installation of security cameras, strengthening the approval process for procurement and delivery tasks, sharing information about fraudulent activities within the organization, and providing ethics education in the workplace.

Furthermore, in the fiscal year 2022, there was one serious violations of law that required external disclosure.

Serious Violations Requiring External Disclosure - 1 case

This incident occurred in August 2022 and pertained to the biomedical business. A corrective order was issued, leading to external disclosure. We conducted an internal investigation involving external experts to develop preventive measures. By implementing these measures, we aim to enhance compliance.

Crisis Management

Basic Policy

Ricoh Group established 4 basic policies to ensure all Ricoh Group Company to take necessary actions promptly in event of serious crisis.

(1)Ricoh Group places the highest priority on life, safety and health of its employees, executives, their families, customers, and business partners.
(2)We will strive to provide the services and products required by society and customers, prioritizing who are in essential business.
(3)We will strive to fulfill our corporate roles and responsibilities with the local community, government, and society.
(4)Ricoh Group shall make sufficient preparations and responses in advance to the possible damage to our business to minimize the impact and responding promptly and appropriately in the event of such damage.


In the event of a crisis, task force will be set up based on level of the crisis (if multiple businesses or regions are affected, Group Task Force will be in charge; otherwise within each organization) and will carry out emergency response in accordance with crisis management response standards.
Once safety and necessary work environment is ensured, each organization will make decision to activate their own BCP (Business Continuity Plan) and correspond to ensure business continuity of important business.

Image showing the aforementioned contents Image showing the aforementioned contents

Emergency Response

Serious crisis which has impact to affect whole Ricoh Group performance, require different knowledge and responses depending on the type of crisis. Therefore, Ricoh appoints main organization to take in charge of each serious crisis and creates Emergency Response Plan (ERP) based on business effect simulation. We also conduct training and exercises in accordance with the created ERP.
Currently, we have selected below as serious crisis that could affect whole Ricoh Group performance and they are described in Ricoh internal standards. Risk Management Department will review and make necessary revisions as necessary.

(1)Large Scale Natural Disaster (a)Large Scale Earthquakes/ Tsunami/ Storm Surge (b)Volcanic Eruptions (c)Heavy Storm / Heavy Snow/ Floods (2)Severe Accident/ Fires at Ricoh Group’s facility
(3)Spread of serious infectious diseases (Pandemic)
(4)Severe system failure
(5)Severe Information security related incidents/accidents

Business Continuity Plan(BCP)

Each organization in Ricoh Group identifies important businesses/operations that cannot be stopped or that require immediate recovery in the event of crisis and develops Business Continuity Plan (BCP).

In the first stage of developing BCP, we created BCP based on assumption of “Spread of New influenza” and “Large scale disaster such as a serious earthquake in Japan”. However, risks have become more diverse, and it has become difficult to quickly respond to unexpected events by responding to each risk. Therefore, as a second stage, we have adopted the concept of "all-hazards response" which will not limit our responses to each crisis. We will continue to develop BCP that follow this concept and strengthen our resilience.

Image showing the aforementioned contents Image showing the aforementioned contents

Strengthening Crisis Response Overseas

Ricoh has “Crisis Response Standard for Natural Disaster, Accident and Instance (Outside Japan)” for our overseas group companies, and it clarifies roles and responsibilities of each organization/company.

Ricoh Group Headquarter are working together with overseas group companies by giving additional instructions when there is gap between the natural disaster risks provided by each group company and third-party information, confirming reporting route in event of serious crisis and supporting to create BCP to strengthen crisis response as a whole Ricoh Group.

Training and Exercises

To minimize impact of natural disaster such as large scale earthquake etc, Ricoh conduct joint disaster response drills within group companies in Japan. We also conduct disaster prevention drills in each office which includes night evacuation drills. Group Task Force who takes in charge of the whole group conducted training in a remote environment, taking into consideration of new work style. In recent years, we have strengthened our efforts to address flood risks and volcanic eruptions. Also, conducting tabletop and hands on training based on created plans.
In various training exercises, we verify whether our systems and operations are working and continue to make improvements. By doing so, we are preparing to ensure the safety of our employees and to quickly restore the office and business.

Regarding overseas, Ricoh Group Headquarters have distributed “Crisis Response Standard for Natural Disaster, Accident, and Instance (Outside Japan)”and at the same time shared “BCP creation manual” to deepen understanding of BCP and to promote review of plans to strengthen responses in all region and businesses.
Training and exercises of serious crisis are conducted on regional basis, depending on the local risk situation.