Fiscal 2021 Universal Registration Document

IFACI certification is a high-level confirmation of quality and performance that:

• powerfully conveys Sodexo’s rigorous approach to evaluating its risk management and internal control processes;
• benchmarks Sodexo’s processes against best market practices;
• enables the Group to sustainably strengthen its internal audit practices.

The Internal Audit Department performs internal audits of Group entities based on an internal audit plan established annually.

The audit plan is based on the Group Risk Profile (which is established using the approach described under 6.4.2.3 Approach to Risk Assessment) and input from the Chairwoman of the Board of Directors, the Chief Executive Officer, the Chief Financial Officer and other key Sodexo stakeholders. The Audit Committee reviews and approves this annual audit plan.

The responsibilities of the Internal Audit Department include:

• ensuring, with the related functional teams, that employees throughout the organization are aware of and diligently apply Group policies;
• ensuring that delegations of authority and procedures have been established and communicated to the appropriate levels of management, and checking that they are properly implemented;
• helping to assess entities’ internal controls, issuing action plans designed to remedy identified control weaknesses, and monitoring implementation of these action plans.

The Internal Audit Department may also conduct special assignments at the request of the Chairwoman of the Board, the Audit Committee, the Chief Executive Officer or the Executive Committee.

During Fiscal 2021 , the Group Internal Audit Department, with an average of 23 staff , conducted 42 audits in 26 countries. The number of audits was still impacted by the Covid-19 crisis and travel restrictions. Most of the audit assignments were conducted remotely. In addition, the network of close to 85 internal control coordinators provides specific support to be given to internal audit engagements and to rectify weaknesses identified by the internal audit team.

The Internal Audit Department regularly tracks implementation of post-audit action plans by Group entities. An overall progress report is updated regularly and submitted on a quarterly basis to the Chief Executive Officer, the Group Chief Financial Officer, the Chairwoman of the Board and the Audit Committee. All audits are followed up within a maximum of 12 months.

In Fiscal 2021 , the Internal Audit Department carried out a post-audit quality survey with all audited entities. All (100%) of them considered that the quality of audits was satisfactory. The Group Internal Audit Department also conducts an independent evaluation of internal control.

Finally, the Internal Audit Department assesses the external auditors’ independence and reviews the annual budgets for external auditors’ fees (for both statutory audit work and other engagements) prior to their approval by the Audit Committee.

Risk management and the reinforcement of internal control are a permanent strategic priority for the Group.

Internal controls cannot provide an absolute guarantee that all risks have been eliminated. Sodexo nevertheless endeavors to ensure that the most effective internal control procedures feasible are in place in each of its entities.

In compliance with the July 2010 recommendation issued by the French securities regulator (Autorité des marchés financiers – AMF), this report is prepared on the basis notably of the “Reference Framework” produced by the French Market Advisory Group and published by the AMF.