Risk
management

First line of defence – Risk Owners

Risk owners are appointed for material and emerging risks. Risk owners are at the frontline of our risk defence, and they are part of business operation teams. They assess, manage, evaluate, and monitor the risks and propose the risk mitigation plan. The implementation of the risk mitigation action plan is agreed upon by the ERMC and Board Committees, and any deviations are discussed with the Head of Function and Managing Director & CEO.

The risk owners may change over time, depending upon their changing roles and responsibilities within the organisation.

On a half-yearly basis, the risk owner formally reports about risk management within their area of operation at the ERMC meetings. This reporting is aimed at assessing how well material risks are being managed and if any additional risk has emerged that can adversely affect business operations. The risk report includes:

•  Performance of the function in managing its material risks in light of the mitigation strategies
•  Identification of any additional emerging risks
•  Definitions of the mitigation strategy for the new material risks

Second line of defence - Executive Risk Management Committee (ERMC)

The ERMC ensures that we follow a structured risk management process. This committee is entrusted with the crucial task of risk identification, assessment, and mitigation for our company across various domains, including strategic, material, operational, transitional, technological, and environmental domains.

The ERMC shoulders the comprehensive responsibility of monitoring the company’s risk landscape and managing it effectively to ensure a robust and thriving business. This committee remains steadfast in its commitment to uphold transparency and safeguard the interests of the company and its stakeholders.

Based on the recommendations of the Managing Director & CEO or the Chief Financial Officer, the ERMC may nominate or invite additional members/directors, as required, to participate in specific meetings.

The Secretary to the ERMC is the highest-ranking person with a dedicated risk management responsibility at operational and performance levels. The Secretary acts as a Chief Risk Officer and oversees the functioning of the risk management process. The Secretary has to ensure that the ERMC meetings are held half-yearly or more frequently, if required.

The Secretary submits a half-yearly report on risk management for review and appraisal of the ERMC. In addition, at every 6 months, based on a pre-specified calendar, risk owners would formally present the risk management initiatives and status of their area of operation to the ERMC.

The ERMC is responsible for:

•  Half-yearly reports to the Audit Committee and Risk Management Committee
•  Half-yearly review of the risk mitigation status for material and emerging risks
•  Annual assessment of risks in line with business/strategic planning

Third line of defence – Internal Audit

The internal audit team provides independent assurance on the risk management process. They assess based on risk significance and deep dives to examine controls, processes, and risk mitigation strategies that the business has adopted.

Risk governance structure

Mitigation action

In the realm of Information Security, GCPL has remained steadfast in its commitment to fortifying its digital defences, adapting to both Indian regulatory requirements and global best practices. Over the past year, GCPL has achieved significant milestones in its Information Security endeavours, reflecting a proactive approach to safeguarding its digital assets and maintaining the trust of its stakeholders.

Central to these achievements has been the enhancement of GCPL’s Information Security framework, aligning it with stringent Indian regulations and global standards. Additionally, GCPL has prioritized the cultivation of a cybersecurity-aware culture among its employees, fostering responsible security behaviour and bolstering overall resilience. The organization has also made notable strides in incident response capabilities, integrating various event and incident sources to streamline responses and mitigate security threats more effectively.

Building upon these accomplishments, GCPL has embarked on several strategic initiatives in the current year to further strengthen its Information Security posture. Notably, the attainment of ISO 27001 certification stands as a testament to GCPL’s adherence to international standards for Information Security Management Systems. Furthermore, the implementation of data leak prevention measures underscores GCPL’s proactive stance in safeguarding sensitive information and mitigating the risk of unauthorized data exposure. Work on ensuring compliance with the Digital Personal Data Protection Act 2023 has commenced, emphasizing

Building upon these accomplishments, GCPL has embarked on several strategic initiatives in the current year to further strengthen its Information Security posture. Notably, the attainment of ISO 27001 certification stands as a testament to GCPL’s adherence to international standards for Information Security Management Systems. Furthermore, the implementation of data leak prevention measures underscores GCPL’s proactive stance in safeguarding sensitive information and mitigating the risk of unauthorized data exposure. Work on ensuring compliance with the Digital Personal Data Protection Act 2023 has commenced, emphasizing In tandem with these initiatives, GCPL has focused on elevating its BitSight score to 800, indicative of the organization’s proactive approach to risk management and maintaining a high level of cybersecurity posture. Moreover, achieving a NIST maturity level of 3.5 reflects GCPL’s continuous improvement in Information Security processes and practices aligned with the NIST Cybersecurity Framework. Collectively, these efforts underscore GCPL’s unwavering dedication to Information Security excellence, positioning the organization to navigate the evolving cybersecurity landscape with resilience, agility, and a steadfast commitment to safeguarding its digital assets and maintaining stakeholder trust.

In tandem with these initiatives, GCPL has focused on elevating its BitSight score to 800, indicative of the organization’s proactive approach to risk management and maintaining a high level of cybersecurity posture. Moreover, achieving a NIST maturity level of 3.5 reflects GCPL’s continuous improvement in Information Security processes and practices aligned with the NIST Cybersecurity Framework. Collectively, these efforts underscore GCPL’s unwavering dedication to Information Security excellence, positioning the organization to navigate the evolving cybersecurity landscape with resilience, agility, and a steadfast commitment to safeguarding its digital assets and maintaining stakeholder trust.

Read our Information
Security Policy

We have taken key actions such as

1. Over 92% of all employees have completed the Acceptable Use Policy Signoff and Annual Security eLearning, contributing to ongoing improvement in our security culture maturity model.

2. We obtained ISO 27001:2022 certification, underwent annual surveillance audits, and secured INR 100 crore cyber & crime insurance coverage across all Godrej Industries Group companies.

3. We implemented a Zero Trust policy for network traffic segmentation and automated incident resolution playbooks.

4. Our Bitsight security rating is over 750 and we aim to elevate our score to maximum, i.e., 800 reconfirming our cybersecurity measures are advanced.

These measures ensure we are well-prepared to manage cyber risks effectively while maintaining operational efficiency and productivity.

Climate change presents risks and opportunities for the global economy, affecting businesses in various sectors. Clear information about these climate-related factors is crucial for informed decision-making by investors, markets, and consumers. For consumer goods companies like ours, climate risks and opportunities are influenced by factors such as changing climate patterns, policy shifts toward a low-carbon economy, and evolving consumer perceptions.

The TCFD framework guides organizations in disclosing climate-related financial information, helping them communicate threats and mitigation strategies effectively. These disclosures position companies as market leaders, enhancing stakeholder communication and strengthening business strategies. The framework includes four pillars: Governance, Strategy, Risk Management, and Metrics and Targets, with 11 recommended disclosures that help stakeholders understand how companies address climate-related issues.

We consistently report our climate change strategies through Integrated Annual Reports, CDP, and DJSI disclosures. However, we are aligning our disclosures more closely with the TCFD framework in the current reporting cycle. This includes information on climate governance, risk assessment, mitigation strategies, scenario analysis, metrics, and targets. We are also preparing our first standalone TCFD report.

The TCFD framework recommendations

Core elements of recommended climate-related financial disclosures

Board’s oversight of climate
risks and opportunities

The Board takes an active role in overseeing climate-related matters within the organization to ensure strategic alignment with sustainability goals. The Managing Director and CEO play a pivotal role in approving climate strategies and regularly reviewing sustainability performance using key indicators on a quarterly basis. To enhance accountability and performance, an annual mid-year review of Operating Plans is conducted across all organizational levels. Additionally, a dedicated Board-level Sustainability Committee, led by the Chair of the Board, is tasked with overseeing sustainability performance and providing strategic guidance on climate-related issues, demonstrating a top-down commitment to environmental responsibility.

Management’s integration of
climate oversight

Climate risks and opportunities are seamlessly integrated into day-to-day operations at the plant level, ensuring that sustainability considerations are embedded into every aspect of our activities. Each facility’s Operations team is actively engaged in meeting annual sustainability targets, thereby contributing to the achievement of long-term climate goals set by the organization. In India, our operations are primarily centralized in Mumbai, with production facilities strategically located in four regional clusters to optimize efficiency and minimize environmental impact. To drive local implementation of climate initiatives, each cluster appoints a dedicated Green Champion who collaborates closely with factory teams to implement measures such as energy efficiency improvements and renewable energy projects. For example, in India, production facilities based in four regional manufacturing clusters: North, South, Central, and North Eastern clusters. Each cluster has a Green Champion to coordinate with the respective plant teams that involve members from production, maintenance, and electrical departments. These teams lead implementation of climate-related measures, such as implementation of energy efficiency in operations

Climate risks and opportunities are seamlessly integrated into day-to-day operations at the plant level, ensuring that sustainability considerations are embedded into every aspect of our activities. Each facility’s Operations team is actively engaged in meeting annual sustainability targets, thereby contributing to the achievement of long-term climate goals set by the organization. In India, our operations are primarily centralized in Mumbai, with production facilities strategically located in four regional clusters to optimize efficiency and minimize environmental impact. To drive local implementation of climate initiatives, each cluster appoints a dedicated Green Champion who collaborates closely with factory teams to implement measures such as energy efficiency improvements and renewable energy projects. For example, in India, production facilities based in four regional manufacturing clusters: North, South, Central, and North Eastern clusters. Each cluster has a Green Champion to coordinate with the respective plant teams that involve members from production, maintenance, and electrical departments. These teams lead implementation of climate-related measures, such as implementation of energy efficiency in operations and renewable energy projects. We are leveraging modern technology and use a cloud-based monitoring platform to track and report on sustainability performance on a monthly basis, enabling real-time visibility and informed decision-making to drive continuous improvement in our environmental performance.

and renewable energy projects. We are leveraging modern technology and use a cloud-based monitoring platform to track and report on sustainability performance on a monthly basis, enabling real-time visibility and informed decision-making to drive continuous improvement in our environmental performance.

Our Sustainability and CSR head, the highest c-suite level management executive, are responsible climate targets of achieving scope 1 & 2 net-zero emissions by 2035. Along with this 15% of our senior management’s goal sheets are now dedicated to people & planet goals. Their KPIs include doubling energy efficiency by 2030 in with our EP100 commitment (w.r.t baseline of 2012), increasing renewable energy share and energy and emission intensity year-on-year in line with net-zero by 2035 targets. Each of our manufacturing clusters have plant cluster heads and green champions (sustainability officers) to look after performance of the plants on climate change front along with plant operations.

Governance structure

In addition to incentives, GCPL provides quarterly awards at the company level and annual awards at the group level to recognize the best performing individuals and teams in sustainability efforts. These awards serve to motivate and reward outstanding contributions towards environmental responsibility. The following members are entitled to these incentives:

We sored each risk/opportunity using a 4-factor analysis by taking product of ‘Likelihood’, ‘Impact’, ‘Vulnerability’ and ‘Speed of Onset’. 4-factor risk which involves vulnerability and speed of onset, in addition to likelihood and impact, is more practical for climate change, owing to the nature of adaptability and time dependence of the realized effects. All the risks were then ranked to evaluate prioritised or material climate risks. We examined key parameters such as temperature, water scarcity, and precipitation, all of which will have a crucial role in shaping the impact of climate change on our business.

Our businesses are particularly vulnerable to climate-related risks, such as supply chain disruptions, increased cost of upstream and downstream operations, and regulatory penalties. Our largest pool of consumers are in tropical countries such as India, Indonesia, and Africa, and all of these countries are witnessing significant impacts of climate change—unpredictable weather and scanty or excessive rainfall.

From our assessment, we have determined that the potential ramifications of climate change will be particularly pronounced in our operational location in India at Karaikal, Katha, and Guwahati manufacturing sites and have a plan in the next 3 years to address these risks.

We have already started taking necessary steps to address the potential risks. For example, for water availability, we have incorporated rainwater harvesting system at all our manufacturing facilities to improve groundwater table. In these water stress areas, we have developed required infrastructure so that the communities don’t suffer due to lack of water. Besides, we are working with farming communities in four villages covering an area of 3300 Ha in implementing integrated watershed management programme.

To begin with climate strategy on mitigation and adaptation, we have considered Katha, Karaikal, Guwahati, and Puducherry for further detailed assessments. The focus will be on identifying cluster/facility-specific hotspots. This will help the company to improve supplier engagement, reduce greenhouse gas (GHG) emissions across the value chain, and consequently, lower operational and reputational risks.

The transition risk scenario analysis involved a thorough sectoral review to evaluate potential risks and opportunities. We utilized the EnROADS Simulator, developed by MIT Sloan and Climate Interactive, to model low-carbon economies aligned with the Well Below 2 Degrees (WB2DS) and 1.5°C futuristic scenarios. Through this analysis, the following risks and opportunities were identified:

of prioritized risks. Specific risks with significant financial impacts are summarized on the next page.

Our TCFD assessment covered all our operations including new manufacturing sites that are coming up. As defined by the framework, we consolidated a repository of risks through site-level surveys, peer review and stakeholder consultation. Moreover we identified opportunities in transitioning to a low-carbon economy.

We sored each risk/opportunity using a 4-factor analysis by taking product of ‘Likelihood’, ‘Impact’, ‘Vulnerability’ and ‘Speed of Onset’. 4-factor risk which involves vulnerability and speed of onset, in addition to likelihood and impact, is more practical for climate change, owing to the nature of adaptability and time dependence of the realized effects. All the risks were then ranked to evaluate prioritised or material climate risks. We examined key parameters such as temperature, water scarcity, and precipitation, all of which will have a crucial role in shaping the impact of climate change on our business.

Our businesses are particularly vulnerable to climate-related risks, such as supply chain disruptions, increased cost of upstream and downstream operations, and regulatory penalties. Our largest pool of consumers are in tropical countries such as India, Indonesia, and Africa, and all of these countries are witnessing significant impacts of climate change—unpredictable weather and scanty or excessive rainfall.

From our assessment, we have determined that the potential ramifications of climate change will be particularly pronounced in our operational location in India at Karaikal, Katha, and Guwahati manufacturing sites and have a plan in the next 3 years to address these risks.

We have already started taking necessary steps to address the potential risks. For example, for water availability, we have incorporated rainwater harvesting system at all our manufacturing facilities to improve groundwater table. In these water stress areas, we have developed required infrastructure so that the communities don’t suffer due to lack of water. Besides, we are working with farming communities in four villages covering an area of 3300 Ha in implementing integrated watershed management programme.

Our risk management process begins with a materiality assessment, where material issues are identified through stakeholder engagement and secondary research. We utilize a methodology that involves identifying issues across six capitals, engaging with over 450+ stakeholders, and developing a materiality matrix using specialized tools for issue prioritization. All stakeholder groups play a significant role in influencing our overall performance and operations.

Climate change is one of the material issues identified through this assessment, and it is integrated into our ERM. The Board-level Risk Management Committee and our Risk Management team oversee the risks and mitigation measures related to climate change, along with other key material topics identified. Our risk identification and management processes are aligned with our business strategy. We use analytical techniques such as scenario analysis to identify risks, assess their probability and impact qualitatively and quantitatively, and develop action plans for risk management.

These risk mitigation plans are presented to the Board-level Committee for input and are periodically updated. Climate change-related risks are evaluated alongside other business risks and classified into short-term (1-3 years), medium-term (3-5 years), and long-term (5-7 years) categories.

The risk mitigation strategy translates into action plans at two levels:

•  Business level: We develop our sustainability strategy at the business level to manage major risks such as climate change and water-related risks. Progress on risk mitigation is monitored daily, monthly, quarterly, semi-annually, and annually.
•  Site/plant level: The business strategy is cascaded down to the plant level, where action plans are created for each plant. Daily and monthly meetings are conducted to review progress.

We have established a comprehensive and structured approach to risk management, involving Board-level oversight, a dedicated Risk Management Committee, and a cross-functional team within the business to routinely assess risks across the company.

We actively seek feedback from employees through informal forums, discussions, and annual planning conferences to improve risk management practices. Regular open forums and monthly review meetings are also held to understand climate-related risks and develop mitigation measures.

Integrating climate-related risks in GCPL’s ERM system

We identify, record, and monitor key performance metrics authentically, which helps to analyze our organisation’s operational performance and establish goals and targets for continuous enhancement. A robust data management system is maintained to accurately record our performance and inform strategic decision-making.

Aligned with our Group’s vision and goals, we have established five objectives known as the ‘Greener India Targets,’ aimed for achievement by the year 2025-26. Below is a breakdown of these goals, our approach toward achieving them, and our progress during the reporting period:

At GCPL, we understand the vital role businesses play in shaping public policy, particularly concerning climate change. In alignment with our commitment to sustainability and corporate responsibility, GCPL actively engages in public policy discussions and advocates for initiatives that address climate change and its impacts on our operations.

Trade association memberships and policy advocacy:

GCPL believes in the power of strong industry associations and memberships for collective growth and resilience. These partnerships provide us with a platform to share knowledge, foster innovation, and address key industry challenges effectively. Our trade association memberships and public policy advocacy are aligned with limiting average global warming to well below 2 degrees Celsius.

To ensure that our policy advocacy is conducted with integrity and credibility, we have established robust management structures and processes:

1. Database of Memberships: We maintain a centralized database of all trade association memberships, detailing the purpose of each association, our representatives, membership fees, and the value derived from each membership. This allows us to track the effectiveness of our engagements and ensure alignment with our business strategic goals.