The Group Information Systems and Technologies Department has defined three core objectives:
To meet these three core objectives, the Information Systems and Technologies Department has put in place numerous procedures, notably in the following areas:
Sodexo’s Global Data Protection Policy describes how Sodexo entities collect, use, store, share, delete or otherwise process personal data and how data subjects can exercise their rights. This policy applies to the global organization of Sodexo entities when the European data protection law, namely, the General Data Protection Regulation (or “GDPR”) is applicable. This policy applies to the processing of personal data collected by Sodexo, directly or indirectly, from all individuals including, but not limited to Sodexo’s job applicants, our employees, clients, consumers, suppliers or subcontractors, our shareholders or any third parties (for further details of the compliance program relating to GDPR and other data protection laws, please refer to section 6.3.5).
Internal audit activities include reviewing and assessing the adequacy and effectiveness of governance, risk management and internal control systems and processes. This includes assessing:
The Internal Audit team is also responsible for alerting the Chairwoman of the Board of Directors and Chief Executive Officer, the Audit Committee and the Executive Committee to any material risks and informing them of the causes of identified weaknesses.
The Internal Audit team has defined several procedures, primarily covering the identification of internal audit priorities for the coming fiscal year, the planning and execution of internal audits, the drafting of internal audit reports and the follow up of action plans to implement the team’s recommendations.
A series of internal audit performance indicators has been developed. These include such issues as the percentage of internal audit recommendations that have been implemented, the average time required to issue internal audit reports, the annual audit plan completion rate, internal auditor rotation rates, the satisfaction rate among audited units.
Principles and policies in this area are supplemented by job descriptions, annual targets and, for senior executives, clearly defined delegations, which are reviewed annually and formally communicated to each executive by his or her superior.
The Chairwoman and CEO delegates certain authority to the members of the Group Executive Committee, who themselves delegate to members of their executive teams in regions and countries.
Delegations of authority cover business areas throughout the Group, and notably client contracts, procurement, investments and finance, strategy, people and organization, communications and brand.
Delegations of authority must comply with the Group’s policies.
Sodexo uses a range of financial and non-financial indicators to measure progress in such areas as client retention and business development, profitability of contracts and business, human resources and corporate responsibility.
Group Finance coordinates the process and monitors operational improvement metrics for activities and entities using a Group dashboard.
Making progress in these areas is critical for future growth in underlying operating profit, operating cash flow and revenue.
The improvement metrics are presented each year to the Board of Directors and the Group Executive Committee in order to track progress in the areas concerned.
For further details of corporate responsibility metrics in particular, please refer to section 2.7. An independent firm was selected by Sodexo to audit a representative selection of these social, environmental and societal indicators. The conclusions of this audit are presented in section 2.7.3 of this document.