The corporate governance systems of public companies listed on the London Stock Exchange (LSE) are governed by the Combined Code on Corporate Governance. The principles, rules and requirements set out in the Combined Code are aimed at increasing the effectiveness of information disclosure, thus increasing the transparency of public companies.

Unlike the United State's very strict Sarbanes-Oxley Act of 2002 (SOX), the Combined Code’s requirements are not mandatory. However, if the management of a public company refuses to implement the rules or principles of the Code, it must provide a clear argument to investors defending its position.

At the same time, the Combined Code does have quite a bit in common with SOX, in particular, SOX's well-known Clause 404. This clause requires that a company put an internal control system into place. Some guiding principles for this were set out in the Turnbull Report of 1999.

According to this report, public companies in the UK should create an internal control system aimed at counteracting fraud and protecting corporate assets against theft, appropriation and other abuses. In practice this means that a corporation must introduce control procedures for reports and assets. These days, financial reports are compiled in electronic format, and a company’s most important assets include intellectual property, confidential information and client databases.

This document describes the requirements of the Combined Code. These requirements influence the information infrastructure of an organization and the means of security that are used within that infrastructure. This document also introduces DeviceLock which can be used by organizations to considerably improve compliance with the Combined Code on Corporate Governance.

Download: DeviceLock for Compliance with the Combined Code on Corporate Governance (UK) (PDF)