Risk Management / Governance / Sustainability | Global | Ricoh

Risk Management

Risk Management Policy and Basic Concept

As the environment surrounding the company becomes more complex and diversified, the Ricoh Group positions "Risk Management" as an essential initiative to appropriately control various internal and external uncertainties that surround the Group‘s business to implement management strategies and achieve business objectives.

All Officers and Employees of the Ricoh Group (including contract employees, part-timers and temporary employees) are committed to this approach.

The Ricoh Group have established the "Ricoh Group Management Basic Regulations" and the "Ricoh Group Risk Management Basic Regulation", which include risk management principles, and are working to ensure that everyone is aware of the contents.

Based on the risk management principles, the Group Management Committee, Risk Management Committee and managers and staff of each organization are in charge to control risks from both opportunity and threats perspective that may affect the Ricoh Group's business.

Furthermore, the Board of Directors are responsible for overseeing whether management's risk management is being carried out effectively and efficiently. The Governance Review Meeting is held by Board of Directors and Audit and Supervisory Board to comprehensively discuss on direction and issues of governance for the Ricoh Group to further strengthen the risk management system for the entire Group.

Risk Management Systems and the Risk Management Committee

The Ricoh Group’s risk management systems can be divided into two main levels, as shown in Figure 1 below.
1. Managerial risks, which are selected and managed autonomously by the GMC for management items of particular importance, within the management of the Ricoh Group. 2. Division risks and Business unit risks that each business organization is responsible for managing its own business. These two levels exist for the purpose of clarifying bodies responsible for risk management so as to facilitate agile decision-making and swift action in response to each level of risk, and together form an integrated risk management system. The management of some risks may be transferred from one level to the other, due to changes in the level of impact caused by environmental changes.The reevaluation and replacement of risks addressed at each level, based on changes in the level of impact due to environmental changes, are carried out at a frequency of at least twice a year.
The role of each risk management body is shown on the right-hand side of Figure 1.

Image showing the aforementioned contents

The Risk Management Committee was established as an advisory body to the Group Management Committee (GMC) with the aim of enhancing the overall risk management process within the Ricoh Group. The committee include an executive officer who has been appointed as risk management director by the Board of Directors, and its administrative office is the risk management support division, which is independent from the business divisions. By having experts from each organization as committee members, we aim to ensure comprehensive risk coverage and facilitate in-depth discussions, enabling the committee to propose to the GMC the risks that should be addressed and prioritized in the management of the Ricoh Group. The head of the Internal Audit Members and the head of the Audit and Supervisory Board Members also participate as observers to verify, from an independent and objective standpoint, that appropriate risk management processes are in place.

To ensure that the risk management process is appropriately operated, we also have system of regular checks by third parties.

- Internal Audit and Supervisory Members to audit risk management department (once a year)

-Independent Auditor to conduct top interview to audit head of the risk management department (once a year)

Additionally, as part of strengthening the practicality of risk management within the Ricoh Group, the risk management system, as shown in Figures 1 and 2, is periodically reviewed and reconstructed as needed.
Furthermore, to establish a more effective and cohesive risk management system that aligns with the management and various business execution units, risk management responsible officers and promoters are appointed from each organizational unit. This enables the development of autonomous risk management structures within each organization.
Moreover, the Risk Management Support Department organizes a "Risk Management Collaboration Enhancement Meeting" targeting risk management promoters. In this meeting, study sessions and information sharing related to risk management are conducted to foster a risk-resilient organization. Continuous efforts are being made to become an organization that is robust in managing risks.

Process of determining managerial risks

The GMC and Risk Management Committee determine managerial risks based on a comprehensive recognition of risks, through activities such as stress tests, that exert a significant impact on management, in light of the Company’s management philosophy and business purpose, and are actively involved in countering these risks. (Figure 2: Process of determining managerial risks)

  • Managerial risks are classified and managed as “strategic risks” and “operational risks” based on their characteristics. Strategic risks cover a wide range of risks that affect management, from risks related to the accomplishment of short-term business plans to emerging risks in the medium- to long-term.
  • As an advisory body to the GMC, the Risk Management Committee utilizes the specialized knowledge and experience of each of its members, engaging in substantial discussions before recognizing and assessing each risk, in order to more accurately propose possible managerial risks.
Image showing the aforementioned contents

Major focus managerial risks for FY2024

Strategic risks

  • Transition of profit structure as a digital services company
  • Acceleration of digital strategy
  • Establishment of R&D processes as a digital services company
  • Information security
  • Securing, developing, and managing human resources
  • Responding to ESG and SDGs
  • Geopolitical risks

Operational risks

  • Long-term delay and suspension in supply of products
  • Large-scale disasters /incidents or accidents
  • Human resource-related compliance
  • Risks related to Group governance

Ricoh Group Risk Management Training

The Risk Management Support Division plans the "Group Risk Management Collaboration Reinforcement Conference" approximately three times a year. It is mainly aimed for risk management promoters to hold study sessions and information sharing related to risk management. We are making continuous efforts to become an organization that can be more responsive to risks.

Risk Management Collaboration Reinforcement Conference (RMCR)

  • Attendee:Person in charge of Risk Management in each organization, Business Strategy/Corporate Strategy member etc
  • Objective:To train members who will initiate risk management in each organization by participating in risk education and information sharing sessions

Awareness of Risk Management

The Ricoh Group strives to ensure that all officers and employees (including contract employees, part-time workers, and temporary employees) are fully aware of the contents of the "Ricoh Group Management Basic Regulations" and "Ricoh Group Risk Management Basic Regulation", which include the risk management principles. Regulations are regularly reviewed and revised.
Additionally, in training for newly appointed managers, we arrange time to review the content again, striving to raise awareness and ensure depth understanding.

Activities (2020 onwards)

Date Category Contents
2020 June Inform
  • Update on "Ricoh Group Management Regulation"
Aug RMCR Mtg
  • Review on Ricoh Group Risk Management and case study
  • Geopolitical Risk(Mainly on National Security)
Oct RMCR Mtg
  • Explanation on Ricoh Group Compliance Activity
  • Discussion on risk to transform into digital services company
2021 June RMCR Mtg
  • Global Risk Trend Analysis
Inform
  • Update on "Ricoh Group Management Regulation"
Oct RMCR Mtg
  • Compliance management and discussion on remote work effect
  • Due diligence on human rights
Jan RMCR Mtg
  • Explanation on risk management practice
2022 Sep RMCR Mtg Global Risk Trend Analysis・Crisis management from geopolitical risk perspective
  • Geopolitical Risk update
Oct Inform
  • Update on "Ricoh Group Management Regulation"
2023 Oct RMCR Mtg
  • Revision of the Ricoh Group Code of Conduct and ethical behavior
  • Global Insurance and environment changes
Inform
  • Update on "Ricoh Group Risk Management Regulation "
Feb RMCR Mtg
  • Global Risk Trend Analysis
Inform
  • Update on "Ricoh Group Management Regulation"

Incident and Accident Management

The Ricoh Group is taking various measures to prevent incidents from occurring. For example, it can be used by all officers and employees of the Ricoh Group in Japan (including part-timers, part-time workers, and dispatched laborers) as a contact point for reporting and consulting on regular business audits and compliance violations. Ricoh Group Hot Line System We have established and are strengthening monitoring. In addition, we have established the Ricoh Group standard "Standard for responding to incidents" for all affiliated companies in Japan and overseas.

In the event of an incident that adversely affects the corporate activities of the Ricoh Group, the president, internal control committee, and disclosure control department of Ricoh Co., Ltd. will promptly treat the incident as a "serious incident" from the outbreak area through the supervising area for each incident. , We have established a system to report to officers, corporate auditors, etc. related to the case, and take measures based on the president's policy and prevent recurrence.

The summary of significant incidents that occurred in the past six months, including their responses and measures for prevention of recurrence, as well as the trend of incident occurrence by incident category, are reported to the Board of Directors on a semi-annual basis. Please note that the reported details of significant incidents, the trend and patterns of incident occurrence, are taken into consideration as a reference during the management risk review in the following fiscal year by the GMC.

Please refer to the table below for the significant incidents reported to the Board of Directors and their corresponding status of handling for the fiscal year up to 2023.

Number of cases reported in 2021-2023 and status/progress of the breaches

As of 2024/06/06
incident category FY2021 FY2022 FY2023
Labor law violation Substantiated 1 2 1
Under investigation 0 0 0
TTL 1 2 1
Professional misconduct Substantiated 16 8 0
Under investigation 0 0 0
TTL 16 8 0
Embezzlement or theft Substantiated 13 8 8
Under investigation 0 1 0
TTL 13 9 8
Corruption Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Fraudulent accounting Substantiated 3 2 3
Under investigation 0 0 0
TTL 3 2 3
Harassment Substantiated 0 2 0
Under investigation 0 0 1
TTL 0 2 1
Human rights violation Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Information Security
(Customer Privacy Data)
Substantiated 1 2(0) 0
Under investigation 0 0 0
TTL 1 2(0) 0
Conflicts of Interest Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Money Laundering or Insider trading Substantiated 0 0 0
Under investigation 0 0 0
TTL 0 0 0
Others Substantiated 3 6 3
Under investigation 0 0 0
TTL 3 6 3
TTL Substantiated 37 30 15
Under investigation 0 1 1
TTL 37 31 16

Details of actions taken against the substantiated cases

The following items had a high percentage of incidents in the fiscal year 2023:

  • Malpractice in business operations
  • Embezzlement and theft

Malpractice in business operations includes fraudulent activities related to documents such as receipts. Embezzlement and theft include incidents involving the theft of inventory and internal company property. Our company has been rigorously and appropriately addressing these incident cases. So far, we have taken disciplinary actions against 8 individuals in accordance with internal regulations. Additionally, we have implemented preventive measures to ensure similar incidents do not occur again. Examples of these measures include the installation of security cameras, strengthening the approval process for procurement and delivery tasks, sharing information about fraudulent activities within the organization, and providing ethics education in the workplace.

Furthermore, in the fiscal year 2023, there was no serious violations of law that required external disclosure.

Crisis Management

Basic Policy

Ricoh Group established 4 basic policies to ensure all Ricoh Group Company to take necessary actions promptly in event of serious crisis.

(1)Ricoh Group places the highest priority on life, safety and health of its employees, executives, their families, customers, and business partners.
(2)We will strive to provide the services and products required by society and customers, prioritizing who are in essential business.
(3)We will strive to fulfill our corporate roles and responsibilities with the local community, government, and society.
(4)Ricoh Group shall make sufficient preparations and responses in advance to the possible damage to our business to minimize the impact and responding promptly and appropriately in the event of such damage.

Overview

In the event of a crisis, task force will be set up based on level of the crisis (if multiple businesses or regions are affected, Group Task Force will be in charge; otherwise within each organization) and will carry out emergency response in accordance with crisis management response standards.
Once safety and necessary work environment is ensured, each organization will make decision to activate their own BCP (Business Continuity Plan) and correspond to ensure business continuity of important business.

Image showing the aforementioned contents Image showing the aforementioned contents

Emergency Response

Serious crisis which has impact to affect whole Ricoh Group performance, require different knowledge and responses depending on the type of crisis. Therefore, Ricoh appoints main organization to take in charge of each serious crisis and creates Emergency Response Plan (ERP) based on business effect simulation. We also conduct training and exercises in accordance with the created ERP.
Currently, we have selected below as serious crisis that could affect whole Ricoh Group performance and they are described in Ricoh internal standards. Risk Management Department will review and make necessary revisions as necessary.

(1)Large Scale Natural Disaster (a)Large Scale Earthquakes/ Tsunami/ Storm Surge (b)Volcanic Eruptions (c)Heavy Storm / Heavy Snow/ Floods (2)Severe Accident/ Fires at Ricoh Group’s facility
(3)Spread of serious infectious diseases (Pandemic)
(4)Severe system failure
(5)Severe Information security related incidents/accidents

Business Continuity Plan(BCP)

Each organization in Ricoh Group identifies important businesses/operations that cannot be stopped or that require immediate recovery in the event of crisis and develops Business Continuity Plan (BCP).

In the first stage of developing BCP, we created BCP based on assumption of “Spread of New influenza” and “Large scale disaster such as a serious earthquake in Japan”. However, risks have become more diverse, and it has become difficult to quickly respond to unexpected events by responding to each risk. Therefore, as a second stage, we have adopted the concept of "all-hazards response" which will not limit our responses to each crisis. We will continue to develop BCP that follow this concept and strengthen our resilience.

Image showing the aforementioned contents Image showing the aforementioned contents

Strengthening Crisis Response Overseas

Ricoh has “Crisis Response Standard for Natural Disaster, Accident and Instance (Outside Japan)” for our overseas group companies, and it clarifies roles and responsibilities of each organization/company.

Ricoh Group Headquarter are working together with overseas group companies by giving additional instructions when there is gap between the natural disaster risks provided by each group company and third-party information, confirming reporting route in event of serious crisis and supporting to create BCP to strengthen crisis response as a whole Ricoh Group.

Training and Exercises

To minimize impact of natural disaster such as large scale earthquake etc, Ricoh conduct joint disaster response drills within group companies in Japan. We also conduct disaster prevention drills in each office which includes night evacuation drills. Group Task Force who takes in charge of the whole group conducted training in a remote environment, taking into consideration of new work style. In recent years, we have strengthened our efforts to address flood risks and volcanic eruptions. Also, conducting tabletop and hands on training based on created plans.
In various training exercises, we verify whether our systems and operations are working and continue to make improvements. By doing so, we are preparing to ensure the safety of our employees and to quickly restore the office and business.

Regarding overseas, Ricoh Group Headquarters have distributed “Crisis Response Standard for Natural Disaster, Accident, and Instance (Outside Japan)”and at the same time shared “BCP creation manual” to deepen understanding of BCP and to promote review of plans to strengthen responses in all region and businesses.
Training and exercises of serious crisis are conducted on regional basis, depending on the local risk situation.

PAGE TOP