Fiscal 2020 Universal Registration Document

5. Corporate governance

Health, safety and environment policy

Sodexo’s ambition is to be the safest place to work for our employees. This ambition is reflected in our commitment to zero harm and a culture of care, for the people who work for us, for our clients, and for the consumers we serve every day.

Sodexo’s global Health, Safety and Environment policy describes the Company’s commitments, Including working in partnership with our clients, consumers, suppliers and local communities, towards a zero harm culture where injuries and health issues are prevented and the environment at work is protected.

Information systems policies

The Group Information Systems and Technologies Department (Global IS&T) has defined three core objectives:

  • provide a first-class experience to our customers and consumers as well as to our own users by making the best use of available technologies;
  • continuously improve the performance of the Group through productivity gains, extensive data analysis, respecting compliance obligations and exacting relationships with our partners (solution and cloud providers, integrators);
  • protect the Group’s digital assets in a context where cyber risk is increasingly pervasive and complex.

To meet these three core objectives, the Information Systems and Technologies Department has put in place numerous procedures, notably in the following areas:

  • Group Information Systems Governance;
  • Information and Systems Security;
  • Mobile Terminal Allocation and Security;
  • IS&T Capital Expenditure Programs;
  • Third Party Security.
Data Protection policy

As Sodexo put individuals at the heart of the Quality of Life services, it was essential for Sodexo to establish a foundation for privacy and the protection of all personal data. The Sodexo’s Global Data Protection Policy is aimed to describe how Sodexo entities collect, use, store, share, delete or otherwise process personal data and how data subjects can exercise their rights. This policy applies to the global organization of Sodexo entities when the European data protection law, namely, the General Data Protection Regulation (or “GDPR”) is applicable. This policy applies to the processing of personal data collected by Sodexo, directly or indirectly, from all individuals including, but not limited to Sodexo’s job applicants, our employees, clients, consumers, suppliers or subcontractors, our shareholders or any third parties (for further details of the compliance program relating to GDPR and other data protection laws, please refer to section 5.3.5 ).

Internal audit policy

Internal audit activities include reviewing and assessing the adequacy and effectiveness of governance, risk management and internal control systems and processes. This includes assessing:

  • the reliability of financial and non-financial information;
  • compliance with existing policies, procedures, laws and regulations;
  • the methods used to safeguard assets;
  • the effectiveness of governance, operations and the resources used.

The internal audit team is also responsible for alerting the Chairwoman of the Board of Directors, the Audit Committee and the Executive Committee to any material risks and informing them of the causes of identified weaknesses.

The internal audit team has defined several procedures, primarily covering the identification of internal audit priorities for the coming fiscal year, the planning and execution of internal audits, the draft ing of Internal Audit Reports and the follow up of action plans to implement the team’s recommendations.

A series of internal audit performance indicators has been developed, covering such issues as the percentage of internal audit recommendations that have been implemented, the average time required to issue Internal Audit Reports, the annual audit plan completion rate, Internal Auditor rotation rates, the satisfaction rate among audited units.

Delegations of authority

Principles and policies in this area are supplemented by job descriptions, annual targets and, for senior executives, clearly defined delegations, which are reviewed annually and formally communicated to each executive by his or her superior.

The Chief Executive Officer delegates certain authority to the members of the Group Executive Committee, who themselves delegate to members of their executive teams.

Delegations of authority cover business development, human resources, procurement, investments and fi nance.

Delegations of authority must comply with the Group’s policies.

Improvement metrics

All progress can be measured. Accordingly, Sodexo has developed improvement metrics allowing for progress to be measured in five main areas: Business Development, Management, Procurement, Human Resources and Corporate Responsibility.The Group Finance Department coordinates the process and monitors operational improvement metrics for activities and entities using a Group scorecard.

Making progress in these areas is critical for future growth in underlying operating profit, operating cash fl ow and revenue.

The improvement metrics are presented each year to the Board of Directors and the Group Executive Committee in order to track progress in the areas concerned.

Development metrics:
  • client retention rate;
  • client and consumer satisfaction rates;
  • comparable unit growth;
  • new business development rate;
  • return on investments in development (particularly non-tangible investments).