Epson has long had a comprehensive risk management framework in place, including at the Group level, business unit level, and subsidiary level, in accordance with the company’s Basic Internal Control System Policy and the Principles of Corporate Behavior. The entire Epson Group manages serious risks to prevent those that could have a material impact on management from materializing and to minimize the impact if they should materialize.

• Organization
• Selection of Serious Risks
• Control of Serious Risks
• Crisis Management

Ultimate accountability for Group-wide risk management in the Epson Group, including at subsidiaries, rests with the president of Seiko Epson. The Head Office supervisory departments work together with the business units and subsidiaries to manage shared risks on a global basis. The heads of business units are responsible for managing risks that are specific to their own business units and to their consolidated subsidiaries. The corporate risk management department monitors, coordinates, and, where necessary, implements corrective actions across all aspects of Group-wide risk management, thereby ensuring effectiveness. These risk management framework and organization are set forth in the Epson Group Risk Management Basic Regulation.

​

Epson identifies a wide range of ethical risks as important business challenges based on the Code of Conduct of the Responsible Business Alliance (RBA), such as information transparency, IP protection, fair competition, whistleblower protection, responsible mineral procurement, and privacy protection, in addition to misconduct such as bribery, corruption, and cartels. These risks are prioritized based on risk assessment in reference to the internal control framework “COSO¹” and the international standard for risk management “ISO 31000.” Risks that could have serious adverse effects on Epson Group operations are considered “serious Group-wide risks.” Risks that could have serious adverse effects on business operations are considered “serious business risks.” And risks that could have serious adverse effects on subsidiaries’ operations are considered “serious subsidiary risks.”
¹ Committee of Sponsoring Organizations of the Treadway Commission: An organizational committee intended to help businesses to enhance ethics, implement internal control and ensure governance and others

Epson drafts and executes plans to control those serious risks identified and periodically monitors their progress. The company also strives to ensure control activities effectiveness by evaluating “serious Group-wide risks” every quarter and evaluating “serious business risks” and “serious subsidiary risks” every six months, as well as by striving to monitor the risk environment at all times and, if any change that may become serious is found, by analyzing and assessing the relevant risk and revising the control plans so that the risk is handled as a serious risk as necessary. The president of Seiko Epson reports important risk management affairs to the Board of Directors quarterly. Furthermore, the company fulfills its accountability to a wide range of stakeholders in and outside the Group, such as shareholders, customers, employees, business partners, communities, and the environment, while continuously working to improve the transparency and effectiveness of risk management.

Management Cycle for Controlling Serious Risks

At Epson, we maintain a standing crisis management program to enable us to quickly address emergent risks that could have a significant impact on Group management. This program provides for a Crisis Management Committee chaired by the president and vice-chaired by the general manager in charge of risk management, and initial response procedures are in place to handle crises.

In the event of a crisis, the general manager of the relevant Head Office department in charge of the type of crisis will act as the person responsible for crisis management and will set up a system that enables a rapid response based on a quick decision made by the chairperson of the Crisis Management Committee through direct confirmation. The crisis management program includes response programs for each type of crisis, which specify initial procedures to be taken in response to anticipated risks. The relevant organizations promptly work together to grasp and analyze the situation and draft and implement measures to prevent further damage. If necessary, we also seek the cooperation of external organizations such as lawyers, consulting firms, and government authorities to ensure a thorough response.
The crisis management system will be lifted when the situation stabilizes. However, the situation will continue to be monitored within the risk management cycle, and measures will be taken to ensure recovery, prevent recurrence, and share information within the Group. These will be regularly reported to executive management, including outside directors, through meetings of the Board of Directors and other bodies. The crisis management program will be reviewed, and measures in risk control activities will be reflected to improve the ability to respond to new crises.