Home > Sustainability > Corporate Governance
Corporate Governance
Integrated Management Systems for Compliance and Risk Management

Corporate governance broadly refers to “the mechanisms, processes and relations by which corporations are controlled and directed”*. Fuji Xerox (Hong Kong) has adopted robust management systems, processes and mechanisms to govern our business operations and give our stakeholders a greater voice.

* Source: Wikipedia

Material Issues Addressed by Fuji Xerox (Hong Kong)
  • Business Continuity
  • Governance and Risk Management
  • Information Security
  • Carbon Management
  • Climate Action
  • Responsible Consumption and Production
  • Sustainable Procurement
  • Supply Chain Management
  • Peace, Justice and Strong Institutions
Governance and Organization

In 2017, inappropriate accounting practices were discovered at Fuji Xerox New Zealand and Fuji Xerox Australia. Although being a separate operating company, Fuji Xerox (Hong Kong) learnt from these incidents. Our Managing Director hosted compliance training for all employees in Hong Kong to reaffirm the importance for every member to be open, fair and clear in both attitude and behavior, so as to build an environment that encourages people to speak up when something is wrong. The training demonstrated the effectiveness of our decades-long PDCA-oriented management approach.

Strategically, the company is well structured with strong corporate governance, transparency and agility. In accordance with our operational guidelines, the Managing Director Office – chaired by the Managing Director and supported by our Senior Management Committee (SMC) – develop three-year strategic plans that cover planning, execution, feedback and improvements to ensure our sustainable business success. These plans and their objectives are then shared via annual meetings to ensure that all employees understand the latest direction and are able to meet new challenges. Besides, the SMC hold monthly meetings to discuss customer opinions, policy deployment, business performance, key marketing campaigns, social responsibility, staff engagement and other issues. Comprehensive guidelines and procedures have been formulated by the SMC, which serves as the Management Review Committee, to support the corporate governance framework, such as the ISO 14001 Environmental Management System, ISO 50001 Energy Management System, ISO 27001 Information Security Management System and ISO 22301 Business Continuity Management System. Periodical reviews are also carried out to ensure the overall effectiveness of our systems and facilitate necessary improvements. At the department level, managers and staff hold regular meetings to review business performance, operational quality, environmental health and safety, and human- and community-related matters.

Risk Management and Legal Compliance

Sustainability and risk management are the top priorities of Fuji Xerox (Hong Kong)’s business development plan. Striving to incorporate these concepts into every aspect of our operations, the senior management team holds regular meetings to identify, discuss and determine key risk management items.

As part of the continual process enhancements under the PDCA cycle, we have embedded the Japan Quality Program in our management framework. The program consists of eight criteria, each of which is given a different weighted score (total score 1,000 points) as shown in diagram below.


This not only helps us better assess our current situation from an organizational perspective, but also highlights the effectiveness of our management objectives and identifies key areas for sustainable development. Currently, the program works in synergy with the Japanese Sarbanes Oxley (J-SOX) model, which introduces strict rules for the internal control of financial reporting to protect investors by improving the accuracy and reliability of corporate disclosures, as well as other standards and guidelines that help Fuji Xerox (Hong Kong) to manage risks properly.

Our general legal and financial policies lay the foundation of our compliance and internal controls. We conduct self-assessments and external management system audits, and rigorously benchmark legal compliance to maintain the integrity of our general business processes. We also conduct annual self- evaluation of our code of conduct for all employees to ensure that we meet a higher ethics standard in line with our parent company Fuji Xerox. Under this code, we respect basic human rights, and maintain an open, fair and transparent operation. Other specific areas it covers include, but are not limited to, prevention of discrimination and harassment, privacy, labor rights, forced and child labor, workplace health and safety, communications, information disclosure, fair competition, sales activities and procurement, prevention of corruption and the rejection of antisocial forces. In terms of financial control, we have followed stringent financial policies and guidelines to monitor the implementation status with regular review by SMC. On top of internal audit, we have undergone independent financial audit performed by third-party verifiers annually.

In the past few years, we reassessed the required elements and additional significant subjects that went beyond the scope of Fuji Xerox (Hong Kong)’s certified ISO systems and localized policies and procedures, so as to ensure a comprehensive coverage and maintain a high level of ESG compliance thought we are not required to do so, as a non-listed company in Hong Kong.


Managing Business Risks

In 2013, Fuji Xerox (Hong Kong) attained the ISO 22301 Business Continuity Management System certification, which specifies the requirements for us to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents whenever they arise. The system helps us to minimize the risk to personnel, protect property and company reputation, as well as swiftly implement all necessary recovery plans.

Managing Environmental Risks

In 2015, we became the first company in Hong Kong to upgrade our ISO 14001 Environmental Management System to the latest version. In addition to the original framework which helps organizations set up an effective environmental management system in compliance with environmental regulations, the new edition adopts a combination of different approaches. Interrelated processes function as a coherent system and deliver more consistent and predictable results in a more effective and efficient manner. The new standard also emphasizes stronger management, including risk-based decision-making that places prevention at the heart of the management system and the PDCA cycle at all organizational levels.

Managing Information Security Risks

Fuji Xerox (Hong Kong) manages information security risks through the ISO 27001 Information Security Management System that focuses on protecting sensitive company information, such as financial information, intellectual property, employee data and information entrusted to us by third parties. With our commitment to protect the intellectual property and personal data of our customers, our head office and Document Technology Center have been certified ISO 27001:2013 standard in 2016.

Managing Supply Chain Risks

To manage the supply chain risks, Fuji Xerox (Hong Kong) joined the Hong Kong Authorized Economic Operator (AEO) pilot scheme in 2010 and became the seventh certified company in Hong Kong. Aiming to secure and facilitate global trade, the system meets the requirements of the World Customs Organization SAFE Framework of Standards to Secure and Facilitate Global Trade and was developed with reference to the ISO 9001 Quality Management System, ISO 27001 Information Security Management System and ISO 28001 Security Management System for Supply Chains. We attained the tier-two compliance level, which covers 12 general criteria and security and safety criteria.
General Criteria
  • Customs Compliance
  • Maintenance of Commercial Records
  • Financial Soundness
Security and Safety Criteria
  • Premises Security and Access Control
  • Personnel Security
  • Cargo Security
  • Conveyance Security
  • Business Partner Security
  • Security Education and Training
  • Information Exchange, Access and Confidentiality
  • Crisis Management and Incident Recovery
  • Measurement, Analysis and Improvement
While fulfilling the requirements of AEO, we further manage our supply chain by adopting sustainable procurement. In 2017, the International Organization for Standardization launched the ISO 20400 Sustainable Procurement – Guidelines for organizations planning to integrate sustainability into procurement as detailed in the ISO 26000 Guidance on Social Responsibility. Fuji Xerox (Hong Kong) took the initiative in verifying our performance against this guidance and streamlined the process of identifying areas for improvement through a third-party assurance organization.
Through the integrated systems of rules, practices and processes, we have achieved a high and consistent level of governance for compliance and risk management, which in turn helps create value for our stakeholders and a sustainable future for all of us.