Risk Management
Basic Concept
As the environment surrounding the company becomes more complex and diversified, the º£½ÇÉçÇøGroup positions "Risk Management" as an essential initiative to appropriately control various internal and external uncertainties that surround Group¡®s business to implement management strategies and achieve business objectives.
All Officers and Employees of the º£½ÇÉçÇøGroup (including contract employees, part-timers and temporary employees) are committed to this approach.
The º£½ÇÉçÇøGroup have established the " º£½ÇÉçÇøGroup Management Basic Regulations" and the " º£½ÇÉçÇøGroup Risk Management Basic Regulation", which include risk management principles, and are working to ensure that everyone is aware of the contents.
Based on the risk management principles, the Group Management Committee, Risk Management Committee and responsible manager and promoter of each organization are in charge to control risks based on concept of Enterprise Risk Management from both opportunity and threats perspective that may affect the º£½ÇÉçÇøGroup's business.
Figure1£ºBasic concept of Risk Management
Risk Management System
º£½ÇÉçÇøGroup's risk management system is broadly divided into "Focused Managerial Risks" that are selected and managed independently by management, and "Functional Organization Risks/Business Unit Risks" that are managed responsibly by each business execution organization. £¨Figure2£©
These two levels exist for the purpose of clarifying bodies responsible for risk management in order to facilitate agile decision-making and swift action in response to each level of risk, and together form an integrated risk management system. Futhermore, the risks handled by each layer are reviews at least twice a year to correspond to changes in the level of impact in response to environmental changes.
Figure 2£ºRicoh¡¯s Risk Management System for Implementation
£¼¸é´Ç±ô±ð£¾
- Board of Directors are responsible for defining the risk management principles for the º£½ÇÉçÇøGroup and supervising whether risk management is being carried out effectively and efficiently in the execution of top management duties. In addition, Board of Directors and etc. will periodically receive reporting regarding Focused Managerial Risks and incident management status and will provide comments/advice as necessary.
- Audit & Supervisory Board Members will audit the directors' duties related to risk management to monitor and verify the establishment and operation of risk management systems in the executive divisions, including top management.
- Internal audit Office provides independent and objective assurance and advice on the adequacy and effectiveness of governance and risk management.
- Top Management decides º£½ÇÉçÇøGroup risk management policy and evaluates status of maintenance & operation and framework of risk management regularly including necessary corrections and finalizes selection of focused managerial risks.
- Risk Management Committee is an advisory body to the Group Management Committee (GMC), established to strengthen the overall risk management process within the entire º£½ÇÉçÇøGroup.The committee includes an executive officer who has been appointed as risk management director by the Board of Directors, and its administrative office is the risk management support division, which is independent from the business divisions. By having experts from each organization as committee members, the committee ensures comprehensive risks coverage and facilitate in-depth discussions, enabling the committee to propose to the GMC the risks that that should be addressed and prioritized in the management of the º£½ÇÉçÇøGroup. The head of the Internal Audit Office and the head of the Audit & Supervisory Board Members also participate as observers to verify, from an independent and objective standpoint, that appropriate risk management processes are in place.
- Functional Organization?BU/Related Group Companies will appoint risk management officer (Organization Head) and promoter (person who can communicate with the organization head on a daily basis) and will develop an autonomous risk management system in each organization to execute risk management, grasp information on the activities of related group companies and share necessary information.
To ensure that the risk management process is appropriately operated, º£½ÇÉçÇøalso have system of regular checks by third parties.
- Internal Audit and Supervisory Members to audit risk management department (once a year)
- Independent Auditor to conduct top interview to audit head of the risk management department (once a year)
As part of strengthening the practicality of risk management within the º£½ÇÉçÇøGroup, the risk management system, as shown in Figure 2, is periodically reviewed and reconstructed as needed.
To establish a more effective and cohesive risk management system that aligns with the management and various business execution units, risk management responsible managers and promoters are appointed from each organizational unit. This enables the development of autonomous risk management structures within each organization.
The Risk Management Support Department organizes a "Risk Management Collaboration Enhancement Meeting" targeting risk management promoters. In this meeting, study sessions and information sharing related to risk management are conducted to foster a risk-resilient organization. Continuous efforts are being made to become an organization that is robust in managing risks.
Process of determining Focused Managerial Risk
The Group Management Committee and Risk Management Committee determine managerial risks based on a comprehensive recognition of risks, through activities such as stress tests, that exert a significant impact on management, in light of the Company¡¯s management philosophy and business purpose and are actively involved in countering these risks.
Figure 3£ºProcess of determining Focused Managerial Risks
Figure 4£ºRisk Assessment Process of Focused Managerial Risks
Focused Managerial Risks
Focused Managerial risks are classified and managed as "Strategic Risks" and "Operational Risks" based on their characteristics. Strategic Risks cover a wide range of risks that affect management, from risks related to the accomplishment of short-term business plans to emerging risks in the medium- to long-term.
Figure 5£ºRisk Category
Focused Managerial Risks for FY2024
Strategic Risks
- Transition of profit structure as a digital services company
- Acceleration of digital strategy
- Establishment of R&D processes as a digital services company
- Information security
- Securing, developing, and managing human resources
- Responding to ESG and SDGs
- Geopolitical Risks
Operational Risks
- Long-term delay and suspension in supply of products
- Large-scale disasters /incidents or accidents
- Human resource-related compliance
- Risks related to Group governance
º£½ÇÉçÇøGroup Risk Management Training
The Risk Management Support Division plans the "Group Risk Management Collaboration Reinforcement Conference" approximately three times a year. It is mainly aimed for risk management promoters to hold study sessions and information sharing related to risk management. We are making continuous efforts to become an organization that can be more responsive to risks.
Risk Management Collaboration Reinforcement Conference (RMCR)
- Attendee£ºPerson in charge of Risk Management in each organization, Business Strategy/Corporate Strategy member etc
- Objective£ºTo train members who will initiate risk management in each organization by participating in risk education and information sharing sessions
Awareness of Risk Management
The º£½ÇÉçÇøGroup strives to ensure that all officers and employees (including contract employees, part-time workers, and temporary employees) are fully aware of the contents of the " º£½ÇÉçÇøGroup Management Basic Regulations" and " º£½ÇÉçÇøGroup Risk Management Basic Regulation", which include the risk management principles. Regulations are regularly reviewed and revised.
Additionally, in training for newly appointed managers, we arrange time to review the content again, striving to raise awareness and ensure depth understanding.
Activities (2020 onwards)
| Date | Category | Contents | |
|---|---|---|---|
| 2020 | June | Inform |
|
| Aug | RMCR Mtg |
|
|
| Oct | RMCR Mtg |
|
|
| 2021 | June | RMCR Mtg |
|
| Inform |
|
||
| Oct | RMCR Mtg |
|
|
| Jan | RMCR Mtg |
|
|
| 2022 | Sep | RMCR Mtg |
|
| Oct | Inform |
|
|
| 2023 | Oct | RMCR Mtg |
|
| Inform |
|
||
| Feb | RMCR Mtg |
|
|
| Inform |
|
||
| 2024 | Oct | RMCR Mtg |
|
| Mar | Inform |
|
|
Incident and Accident Management
The º£½ÇÉçÇøGroup is taking various measures to prevent incidents from occurring. For example, it can be used by all officers and employees of the º£½ÇÉçÇøGroup in Japan (including part-timers, part-time workers, and dispatched laborers) as a contact point for reporting and consulting on regular business audits and compliance violations. º£½ÇÉçÇøGroup Hot Line System We have established and are strengthening monitoring. In addition, we have established the º£½ÇÉçÇøGroup standard "Standard for responding to incidents" for all affiliated companies in Japan and overseas.
In the event of an incident that adversely affects the corporate activities of the º£½ÇÉçÇøGroup, the president, internal control committee, and disclosure control department of º£½ÇÉçÇøCo., Ltd. will promptly treat the incident as a "serious incident" from the outbreak area through the supervising area for each incident. , We have established a system to report to officers, corporate auditors, etc. related to the case, and take measures based on the president's policy and prevent recurrence.
The summary of significant incidents that occurred in the past six months, including their responses and measures for prevention of recurrence, as well as the trend of incident occurrence by incident category, are reported to the Board of Directors on a semi-annual basis. Please note that the reported details of significant incidents, the trend and patterns of incident occurrence, are taken into consideration as a reference during the management risk review in the following fiscal year by the GMC.
Please refer to the table below for the significant incidents reported to the Board of Directors and their corresponding status of handling for the fiscal year up to 2023.
Number of cases reported in 2021-2023 and status/progress of the breaches
| incident category | FY2021 | FY2022 | FY2023 | |
|---|---|---|---|---|
| Labor law violation | Substantiated | 1 | 2 | 1 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 1 | 2 | 1 | |
| Professional misconduct | Substantiated | 16 | 8 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 16 | 8 | 0 | |
| Embezzlement or theft | Substantiated | 13 | 8 | 8 |
| Under investigation | 0 | 1 | 0 | |
| TTL | 13 | 9 | 8 | |
| Corruption | Substantiated | 0 | 0 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 0 | 0 | 0 | |
| Fraudulent accounting | Substantiated | 3 | 2 | 3 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 3 | 2 | 3 | |
| Harassment | Substantiated | 0 | 2 | 0 |
| Under investigation | 0 | 0 | 1 | |
| TTL | 0 | 2 | 1 | |
| Human rights violation | Substantiated | 0 | 0 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 0 | 0 | 0 | |
| Information Security (Customer Privacy Data) |
Substantiated | 1 | 2£¨0£© | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 1 | 2£¨0£© | 0 | |
| Conflicts of Interest | Substantiated | 0 | 0 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 0 | 0 | 0 | |
| Money Laundering or Insider trading | Substantiated | 0 | 0 | 0 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 0 | 0 | 0 | |
| Others | Substantiated | 3 | 6 | 3 |
| Under investigation | 0 | 0 | 0 | |
| TTL | 3 | 6 | 3 | |
| TTL | Substantiated | 37 | 30 | 15 |
| Under investigation | 0 | 1 | 1 | |
| TTL | 37 | 31 | 16 |
Details of actions taken against the substantiated cases
The following items had a high percentage of incidents in the fiscal year 2023:
- Malpractice in business operations
- Embezzlement and theft
Malpractice in business operations includes fraudulent activities related to documents such as receipts. Embezzlement and theft include incidents involving the theft of inventory and internal company property. Our company has been rigorously and appropriately addressing these incident cases. So far, we have taken disciplinary actions against 8 individuals in accordance with internal regulations. Additionally, we have implemented preventive measures to ensure similar incidents do not occur again. Examples of these measures include the installation of security cameras, strengthening the approval process for procurement and delivery tasks, sharing information about fraudulent activities within the organization, and providing ethics education in the workplace.
Furthermore, in the fiscal year 2023, there was no serious violations of law that required external disclosure.
Crisis Management
Basic Policy
º£½ÇÉçÇøGroup established 4 basic policies to ensure all º£½ÇÉçÇøGroup Company to take necessary actions promptly in event of serious crisis.
£¨1£© º£½ÇÉçÇøGroup places the highest priority on life, safety and health of its employees, executives, their families, customers, and business partners.
£¨2£©We will strive to provide the services and products required by society and customers, prioritizing who are in essential business.
£¨3£©We will strive to fulfill our corporate roles and responsibilities with the local community, government, and society.
£¨4£© º£½ÇÉçÇøGroup shall make sufficient preparations and responses in advance to the possible damage to our business to minimize the impact and responding promptly and appropriately in the event of such damage.
Overview
In the event of a crisis, task force will be set up based on level of the crisis (if multiple businesses or regions are affected, Group Task Force will be in charge; otherwise within each organization) and will carry out emergency response in accordance with crisis management response standards.
Once safety and necessary work environment is ensured, each organization will make decision to activate their own BCP (Business Continuity Plan) and correspond to ensure business continuity of important business.
Emergency Response
Serious crisis which has impact to affect whole º£½ÇÉçÇøGroup performance, require different knowledge and responses depending on the type of crisis. Therefore, º£½ÇÉçÇøappoints main organization to take in charge of each serious crisis and creates Emergency Response Plan (ERP) based on business effect simulation. We also conduct training and exercises in accordance with the created ERP.
Currently, we have selected below as serious crisis that could affect whole º£½ÇÉçÇøGroup performance and they are described in º£½ÇÉçÇøinternal standards. Risk Management Department will review and make necessary revisions as necessary.
£¨1£©Large Scale Natural Disaster
£¨a£©Large Scale Earthquakes / Tsunami
£¨b£©Volcanic Eruptions
£¨c£©Heavy Storm / Heavy Snow / Floods / Storm Surge
£¨2£©Severe Accident/ Fires at º£½ÇÉçÇøGroup¡¯s facility
£¨3£©Spread of serious infectious diseases (Pandemic)
£¨4£©Severe system failure
£¨5£©Severe Information security related incidents/accidents
Business Continuity Plan£¨BCP£©
Each organization in º£½ÇÉçÇøGroup identifies important businesses/operations that cannot be stopped or that require immediate recovery in the event of crisis and develops Business Continuity Plan (BCP).
In the first stage of developing BCP, we created BCP based on assumption of ¡°Spread of New influenza¡± and ¡°Large scale disaster such as a serious earthquake in Japan¡±. However, risks have become more diverse, and it has become difficult to quickly respond to unexpected events by responding to each risk. Therefore, as a second stage, we have adopted the concept of "all-hazards response" which will not limit our responses to each crisis. We will continue to develop BCP that follow this concept and strengthen our resilience.
Strengthening Crisis Response Overseas
º£½ÇÉçÇøhas ¡°Crisis Response Standard for Natural Disaster, Accident and Instance (Outside Japan)¡± for our overseas group companies, and it clarifies roles and responsibilities of each organization/company.
º£½ÇÉçÇøGroup Headquarter are working together with overseas group companies by giving additional instructions when there is gap between the natural disaster risks provided by each group company and third-party information, confirming reporting route in event of serious crisis and supporting to create BCP to strengthen crisis response as a whole º£½ÇÉçÇøGroup.
Training and Exercises
To minimize impact of natural disaster such as large scale earthquake etc, º£½ÇÉçÇøconduct joint disaster response drills within group companies in Japan. We also conduct disaster prevention drills in each office which includes night evacuation drills. Group Task Force who takes in charge of the whole group conducted training in a remote environment, taking into consideration of new work style. In recent years, we have strengthened our efforts to address flood risks and volcanic eruptions. Also, conducting tabletop and hands on training based on created plans.
In various training exercises, we verify whether our systems and operations are working and continue to make improvements. By doing so, we are preparing to ensure the safety of our employees and to quickly restore the office and business.
Regarding overseas, º£½ÇÉçÇøGroup Headquarters have distributed ¡°Crisis Response Standard for Natural Disaster, Accident, and Instance (Outside Japan)¡±and at the same time shared ¡°BCP creation manual¡± to deepen understanding of BCP and to promote review of plans to strengthen responses in all region and businesses.
Training and exercises of serious crisis are conducted on regional basis, depending on the local risk situation.
