Risk management

Geberit has a Group-wide risk management and control system that is approved by the Board of Directors. This system comprises a structured process for recording and managing various business risks, including ESG-related risks.

The risk management process involves the following steps:

• Risk identification and classification: Correct identification and assessment of the significant risks. These are discussed in depth every other year by the Board of Directors and the Group Executive Board.

• Risk analysis: Assessment of specific business risks and analysis of the changes since the last risk assessment (two-year cycle): the Probability of Occurrence is assessed on a scale of improbable (1) to frequent (5).

  To scale the effects of a risk that has been identified, the scale of the Impact of Risk Event is used. The scale ranges from insignificant (1) to very critical (5).

  The risks are classified on the basis of the combined scores.

• Risk control: Instruments, measures and responsibilities are defined for each risk. These are checked at regular intervals.

• Risk reporting: The regular reporting to the Group Executive Board and the Board of Directors is part of the risk assessment that takes place every two years.

The results of this risk assessment are incorporated in strategic planning and corporate management.

ESG risks and control systems are reviewed as part of the Group-wide risk management process at the highest management level and approved by the Board of Directors. Additionally, the Group Executive Board receives comprehensive analyses of ESG risks at least once a year – including climate-related risks (according to TCFD), due diligence obligations in the supply chain and regulatory developments.

A consolidated risk report is created by the Internal Audit Department and presented to the Board of Directors every other year, most recently in the reporting year. As part of this report, the material ESG-related risks were analysed and assessed in terms of their probability of occurrence and impact. The following risks were classified as “medium” in the reporting year:

• Non-adherence to own environmental and occupational health and safety standards

• Excessive energy consumption and greenhouse gas emissions

• Non-adherence to standards for green building, customer and consumer expectations, plus (EU) regulations

• Impact on sustainability reputation and brand image

• Endangerment of ISO Group certifications (ISO 9001, 14001, 45001) and risk of their withdrawal due to insufficient implementation of the Geberit Management System (GMS)

The analysis confirmed that neither the characteristics of the ESG-related risks nor their assessment have significantly changed since the last reporting period. All identified risks are constantly monitored. Thanks to established management systems, clearly defined responsibilities and regular monitoring and control processes, Geberit is well prepared for these risks. Furthermore, the relevant physical and transitional climate-related risks were identified, quantified and documented in detail. Strategies and measures for reducing risks are introduced in the corresponding chapters.

ESG reporting: risk analysis and control

ESG-relevant key figures – particularly on CO₂ emissions, energy consumption, occupational safety and due diligence obligations in the supply chain – undergo defined validation, plausibility and approval processes. Data collection and validation are the responsibility of the departments. Key figures on energy consumption and CO₂ emissions are presented monthly and key figures on occupational safety quarterly to the Group Executive Board. The content of the sustainability reporting as a whole is validated on an annual basis and approved by the Board of Directors.

The quality of the sustainability reporting is ensured by a number of additional measures. These include:

• Clearly defined responsibilities between those responsible for data, those responsible for individual topics (Corporate Human Resources, Corporate Purchasing, Corporate Sustainability, Corporate Legal Services, Corporate Internal Audit) and those responsible for ESG reporting (Corporate Communications)

• Standardised dual-control principle when releasing data

• Validation by the departments

• Checks by the Group Executive Board

Risks specifically concerning ESG reporting include:

• Incompleteness or inconsistency of ESG data

• Interface problems in reporting systems

To minimise these risks, a software-based database is being developed for recording, consolidating and validating ESG data. This is planned for launch in 2026.

External assurance and continuous improvement

Geberit has its greenhouse gas balance (Scope 1 and 2) verified annually by an independent third party according to ISO 14064-3 Audit Report Greenhouse Gas Balance. Additionally, the most important sustainability key figures are assessed regularly through external ratings, such as the Carbon Disclosure Project (CDP), EcoVadis and others. A Communication on Progress UNGC is also published each year. The insights gained from internal and external inspections are incorporated in the further development of processes, systems and responsibility structures.

Through the systematic integration of ESG aspects in the governance and control system, it is ensured that sustainability risks are recognised in good time, controlled based on data and disclosed in line with regulations. As a result, the sustainability reporting forms a reliable basis for sound management decisions made in the interests of long-term investors.