The corporate governance systems of public companies listed on the London Stock Exchange (LSE) are governed by the Combined Code on Corporate Governance. The principles, rules and requirements set out in the Combined Code are aimed at increasing the effectiveness of information disclosure, thus increasing the transparency of public companies. They are also meant to put into place the means for internal control over financial reports and corporate assets in order to protect shareholder interests.
Unlike the United State's very strict Sarbanes-Oxley Act of 2002 (SOX), the Combined Code’s requirements are not mandatory. However, if the management of a public company refuses to implement the rules or principles of the Code, it must provide a clear argument to investors defending its position. More often than not, the easiest route for a company is to follow best practices as they are set out in the Code, rather than to ignore them.
At the same time, the Combined Code does have quite a bit in common with SOX, in particular, SOX's well-known Clause 404. This clause requires that a company put an internal control system into place. Some guiding principles for this were set out in the Turnbull Report of 1999. According to this report, public companies in the UK should create an internal control system aimed at counteracting fraud and protecting corporate assets against theft, appropriation and other abuses. In practice this means that a corporation must introduce control procedures for reports and assets. These days, financial reports are compiled in electronic format, and a company’s most important assets include intellectual property, confidential information and client databases. In other words, internal control must be built on information technologies in order to track operations with assets and reports.
This white paper describes the requirements of the Combined Code. These requirements influence the information infrastructure of an organization and the means of security that are used within that infrastructure. Also, this white paper introduces DeviceLock, a product from DeviceLock, Inc., which can be used by organizations to considerably improve compliance with the Combined Code on Corporate Governance.