01 05 09 02 06 10 03 07 11 04 08 12 13 14
01 05 09 02 06 10 03 07 11 04 08 12 13 14
01 05 09 02 06 10 03 07 11 04 08 12 13 14
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
P ◀ CONTENTS ▶<br />
3.8.1 The risk identification process<br />
is carried out in parallel<br />
at the central level for the Group,<br />
and locally:<br />
• the Group Executive Committee regularly updates<br />
its Group risk matrix and submits it to the Audit<br />
Committee and the Board of Directors;<br />
• the Chief Executive Officers of the main Group<br />
subsidiaries identify the ten to fifteen main risks<br />
and rank them by order of importance, describe<br />
the controls in place in order to manage them,<br />
and evaluate their effectiveness; and<br />
• these local evaluations are aggregated at Group<br />
level and submitted annually to the Audit<br />
Committee.<br />
The main risk factors to which the Group is exposed<br />
are described on pages 166 et seq. of this Registration<br />
Document.<br />
3.8.2 Assessment of internal control<br />
procedures<br />
The French “Financial Security Act” (Loi sur la<br />
Sécurité Financière) and the Sarbanes-Oxley Act<br />
in the United States have allowed Sodexo to make<br />
considerable progress in the area of internal control.<br />
Sodexo decided to seek a listing in the United States<br />
primarily in order to facilitate the participation of<br />
U.S. employees in employee share ownership plans.<br />
However, the increasingly international nature of<br />
the financial markets has removed the need for<br />
this U.S. listing. In addition, the high cost of this<br />
listing and low trading volumes justified Sodexo’s<br />
voluntary delisting of its shares from the New York<br />
Stock Exchange and related deregistration from U.S.<br />
stock market regulations in 20<strong>07</strong>. However, Sodexo is<br />
committed to upholding and improving these same<br />
internal control procedures insofar as possible.<br />
The internal control procedures are part of an ongoing<br />
process of identifying, evaluating and managing the<br />
Group’s risk exposures. This initiative covers the five<br />
components of the COSO (Committee of Sponsoring<br />
Organizations) (see glossary): control environment<br />
(integrity, ethics, competencies, etc.), evaluation of<br />
risks (identification, analysis and management of<br />
risks), control activities (methods and procedures),<br />
information and communication (collection and<br />
sharing of information), and monitoring (followup<br />
and eventual updating of processes). Strongly<br />
Corporate Governance <strong>10</strong><br />
Chairman’s Report on the Operating Procedures of the Board of Directors<br />
and on Internal Control and Risk Management Procedures<br />
endorsed by the Chief Executive Officer and Group<br />
Chief Financial Officer, the CLEAR initiative was<br />
approved by the Board of Directors and the Audit<br />
Committee, and also received the backing of the<br />
Group’s Executive Committee.<br />
The risk management and internal control approach<br />
applied within the Group consists in:<br />
• the identification and assessment of risks;<br />
• the description of the control environment, both<br />
at Group and subsidiary levels;<br />
• documentation and self-assessment of these<br />
control points both in subsidiaries and at Group<br />
level; and<br />
• independent testing of the effectiveness of these<br />
control points, by independent persons.<br />
A very large number of Group subsidiaries<br />
representing more than 95% of Sodexo’s revenues<br />
prepare a detailed report (Company Level Control<br />
Report) on their control environment, described in<br />
accordance with the five COSO components, and<br />
including an evaluation of the subsidiary’s principal<br />
risks, a description of risk management measures,<br />
and assessment of their effectiveness.<br />
The most significant Group subsidiaries together<br />
representing more than 90% of Group revenues, go<br />
beyond this initial phase, documenting and then also<br />
self-assessing their transactional controls.<br />
Sodexo has developed a guide to risks and control.<br />
Under the program, Group activities have been<br />
segmented into twelve significant processes,<br />
namely: Revenues and Receivables, Purchases and<br />
Payables, Human Resources, Treasury, Inventories,<br />
Property, Plant and Equipment and Intangible<br />
Assets, Legal and Regulatory, Information Systems<br />
and Technologies, Finance, Motivation Solutions<br />
Operations, Headquarters Entities, and Health and<br />
Safety. For each of these processes, the guide lists<br />
several control proposals for each of the major risks.<br />
Each subsidiary is then responsible for implementing<br />
and evaluating the effectiveness of those controls<br />
that it considers best able to reduce its risks, in<br />
coordination with its Business Unit and the Group.<br />
An executive summary of the status of internal<br />
controls and the progress achieved is submitted to<br />
the Audit Committee at the end of the fiscal year.<br />
In Fiscal 2<strong>01</strong>1, Sodexo continued to implement<br />
the progress initiative launched in prior years.<br />
Specific areas for improvement were selected<br />
Sodexo Registration Document Fiscal 2<strong>01</strong>1<br />
243<br />
<strong>01</strong><br />
<strong>02</strong><br />
<strong>03</strong><br />
<strong>04</strong><br />
<strong>05</strong><br />
<strong>06</strong><br />
<strong>07</strong><br />
<strong>08</strong><br />
<strong>09</strong><br />
<strong>10</strong><br />
<strong>11</strong><br />
<strong>12</strong><br />
<strong>13</strong><br />
<strong>14</strong>