Hi Alex,
The role COMPCODE1 or 2 would provide only org level access. You can further create 2 roles: Display and Edit for each company codes.
I agree these roles would contains much more objects then required for one activity. But if you carefully create roles CLERK and MANAGER, users will have limited access only.
We have used this enabler role approach for 2 clients and both clients were 100% SOX compliant from roles perspective. Even I have seen feedback from some forums that business prefers enabler roles concept.
Regards,
Nitesh