Organizational Structures That Work: Small-Company Edition

In contrast to our “large company” edition Monday morning, this session will explore how smaller public companies structure their compliance functions. The CCOs at PETCO, Schnitzer Steel, and VeriSign—each with under $5 billion in revenue—will outline, compare and contrast the structure of their compliance organization, focusing on their functions, reporting structure, organization, responsibilities, infrastructure and more.


  • PETCO Animal Supplies, Inc. Chief Compliance Officer, James B. Brigham
  • Schnitzer Steel Industries VP and Chief Compliance Officer, Callie Pappas
  • VeriSign VP Internal Audit, Mark Gosling
  • PricewaterhouseCoopers LLP Principal, Advisory Practice, U.S. Leader, Governance Risk & Compliance Services, Joseph C. Atkinson (moderator)

These are my notes, live from the session:

The advantages of compliance at a smaller company is that there are fewer silos and less redundancy. Fewer people have to do more things. Functions get combined that would be separated at a bigger company.

One new measurement was how long it took to complete and open compliance issue/complaint.

With smaller companies, the bigger question is whether to have a compliance program, not how to structure a compliance program. Once you go public you need a compliance program. The smaller the company, the less likely it is to be public.

The smaller the company, the more the compliance program is about the individual. You need to make yourself a necessity, not just the compliance program. You need to show that you bring value and profitability to the company.

One key is process improvement. You can get more involved in the business processes. Find ways to help improve them.

In a smaller company it is very important to have strong leadership supporting the compliance and ethics program. A smaller company is going to have fewer middle managers. You also have much more interaction between senior leaders and a larger group of all employees.

Being entrepreneurial is not in conflict with being compliant.