GRI 102-30 Effectiveness of the risk management process
The Geberit Group has a risk management system that is approved by the Board of Directors. The risk policy defines a structured process according to which the business risks, including sustainability and climate risks, are systematically addressed. In this process, the risks are identified, analysed and assessed in terms of their probability of occurrence and extent, and measures are then defined to control the risks. Operationally, the Group Executive Board is responsible for controlling risk management. In addition, responsible persons are designated in the company for significant individual risks; in the case of sustainability and climate risks, this is the Head Corporate Sustainability and Process Management. These responsible parties decide on specific actions for risk mitigation and monitor their implementation. Every other year, the Internal Audit Department issues a risk report for the attention of the Board of Directors. Significant risks are also constantly discussed in the meetings of the Group Executive Board and Board of Directors, which take place on a regular basis.
The risk management process involves the following steps:
- Risk identification and classification: Systematic identification and assessment of the significant risks. These are discussed in depth every year by the Group Executive Board and the Board of Directors.
- Risk analysis: Assessment of specific business risks and analysis of the changes since the last survey. The former is assessed with the probability of the risk occurring (PO), on a scale of improbable (1) to frequent (5). To scale the effects of a risk that has been identified, the scale of the impact of the risk event (IRE) when it occurs is used. The scale ranges from insignificant (1) to very critical (5). The risks are classified on the basis of the combined scores.
- Risk management/checks: Instruments, measures and responsibilities are defined for each risk. These are checked at regular intervals.
- Risk monitoring: Risk monitoring is part of regular reporting to the Group Executive Board and the Board of Directors, and is also part of the six-monthly risk assessment.
Risks associated with climate change are an integral part of the overall risks of the company and are therefore also taken into account in risk assessment.
For further information on risk management by Geberit, see Business Report > Business and financial review > Strategy and goals > Risk management.
For an overview of the Geberit compliance topics, see Business Report > Business and financial review > Financial Year 2021 > Compliance.