The draft Russian Corporate Governance Code states that the aim of corporate-governance standards is to protect the interests of shareholders, including minority shareholders. Because the focus is primarily on the protection of corporate shareholders, however, it is not entirely in keeping with the emerging worldview that companies may have accountability responsibilities to a wider circle of stakeholders.

The draft code is presented in two main parts. The first chapter sets out the general principles of corporate governance. The remaining chapters contain more detailed information on the application of these principles. At the principles level, the code places considerable emphasis on trust, ethics, equity and good faith. These words appear frequently. This may be a practical response by the authors to Russia's economic and social conditions.

Like many corporate-governance codes, the Russian draft code is intended to be voluntary. The Federal Commission for the Securities Market, however, will strongly encourage companies to follow it, disclose how they are following it and require them to give their reasons for not following any specific recommendations. It intends that all companies with more than 1,000 shareholders should follow the code.

As Russian company law is still evolving, the code covers subjects such as the conduct of shareholders' meetings and the role and responsibilities of the company secretary in far more detail than is the case, for example, in the U.K., where these subjects are already covered in detail in company law.

Ensuring effective internal control is a crucial aspect of all corporate-governance codes. The draft code defines internal control as "a set of procedures governing the financial and business operations of a company." This is a somewhat narrow definition and does not correspond easily with current views, which see internal control as a combination of policies, processes, tasks, behaviors and structures that, taken together, are designed to manage risk and enable the entity to achieve its objectives.

The narrowness of the Russian code's definition may limit the scope for developing an independent review mechanism – such as internal audit – to assess the effectiveness of internal-control and risk-management procedures.

With respect to control responsibilities, the code recommends that a department responsible for internal-control procedures should be established in each company. Most risk-management experts and governance codes agree that the board as a whole should be responsible for internal control. There is a danger that, by creating internal-control departments, companies will miss the opportunity and benefits of embedding internal control and risk management into the overall management culture.

A better approach would be for the code to emphasise the collective responsibility of the board for internal control and for it to provide guidance on how to embed this into the management process. Having said this, the existing culture in Russian companies may demand that the more compliance-oriented approach to internal control contained in the code be adopted first.

Despite these potential shortcomings, however, the new code represents the establishment of a sound base camp from which to climb the corporate-governance mountain. The mountain itself remains to be climbed.

(The author is head of corporate governance and risk management at the Association of Chartered Certified Accountants [ACCA] in London.)