The Senior Vice President Group Internal Audit reports to the General Secretary, and functionally to the Audit Committee. The Senior Vice President Group Internal Audit is invited to all Audit Committee meetings, is a permanent member of the Group Ethics and Compliance Committee and meets the Chairwoman and CEO periodically.
The team, with an average of 25 staff, is organized in five different hubs for global coverage – Paris, London, Washington, Porto and Singapore. The team members come from diverse professional backgrounds and speak multiple languages.
Sodexo’s Group internal audit activities are certified by the French Internal Audit and Internal Control Institute (IFACI). This internationally recognized certification attests to Sodexo’s compliance with and application of the requirements of the Professional Internal Audit Framework (référentiel professionnel de l'audit Interne. RPAI).
IFACI certification is a high-level confirmation of quality and performance that:
The Internal Audit Department performs internal audits of Group entities based on an internal audit plan established annually.
The audit plan is based on the Group Risk Profile (which is established using the approach described under 6.2.3 "Approach to Risk Assessment") and input from the Chairwoman and CEO, the Chief Financial Officer and other key Sodexo stakeholders. The Audit Committee reviews and approves this annual audit plan.
The responsibilities of the Internal Audit Department include:
The Internal Audit Department may also conduct special assignments at the request of the Chairwoman and CEO, the Audit Committee, or the Sodexo Leadership Team.
During Fiscal 2025, the Group Internal Audit Department conducted 34 audits in 18 countries. In addition, the network of close to 50 internal control managers provides support for internal audit engagements and the remediation of weaknesses identified by the Internal Audit team.
The Internal Audit Department regularly tracks implementation of post-audit action plans by Group entities. An overall progress report is updated regularly and submitted on a quarterly basis to the Chairwoman and CEO, the Group Chief Financial Officer, and the Audit Committee. All action plans are followed up regularly.
Finally, the Internal Audit Department reviews each request for non-audit services performed by the external auditors, prior to their approval by the Audit Committee, and carries out monitoring of the fees related to these services.
Risk management and the reinforcement of internal control are a permanent strategic priority for the Group.
Internal controls cannot provide an absolute guarantee that all risks have been eliminated. Sodexo nevertheless endeavors to ensure that the most effective internal control procedures feasible are in place in each of its entities.
This report is prepared on the basis, notably, of the “Reference Framework for risk management and internal control systems” published by the French securities regulator (Autorité des marchés financiers – AMF) in July 2010.
