Fiscal 2022 Universal Registration Document

Operational management

The first line of defense mainly consists of operational directors and managers who identify and manage risks within their activities. They put controls and action plans in place for the risks identified.

Support and transversal functions

The second line of defense consists of global support functions who are there to support operators with their risk management. They define the procedures and standards and provide standardized tools and processes to enable operational staff to put in place the appropriate controls.

Internal audit

The third line of defense is internal audit, which gives an independent evaluation of the risk management and internal control system to the Executive Committee and Board of Directors. It makes recommendations to the first and second lines of defense for the improvement of risk management and internal control and monitors action plans (see 6.4.4).

6.4.2.2 Risk Management Governing Bodies

Executive Committee

Sodexo’s Executive Committee has overall responsibility for establishing procedures to manage risk. Its role includes designing and leading on the internal control system, with support from senior leaders and the second line of defense functions in their own area of expertise.

Board of Directors and Audit Committee

Sodexo’s Board of Directors role is to provide oversight of the risk management and internal control system, and ensure that it is functioning effectively. As a specialized Board Committee, the Audit Committee follows up in detail on Sodexo’s principal risks and the efficacy of the controls used to mitigate them (see 6.2.1.5) and reports back to the main Board.