Wearing Too Many Hats: When Combined Roles Become a Governance Risk
Combining the company secretary role with legal, finance, risk, compliance, internal audit or other executive responsibilities can be practical. It may reduce cost, improve continuity and avoid information being lost between functions. In a smaller organisation, it may also be the only realistic way to obtain senior governance capability.
But the question is not simply how many hats one person wears. It is whether one role compromises the purpose, objectivity, authority, capacity or effectiveness of another.
Combined roles are common enough to be treated as distinct executive configurations. The 2024 Australian Executive Remuneration Survey separately benchmarked 203 company secretaries, 84 general counsel and company secretaries, and 134 CFO and company secretaries. That survey was not a prevalence study, but it illustrates that multiple-role structures are a recognised feature of the Australian market.
The legal and governance starting point
A company secretary is an officer under the Corporations Act 2001 (Cth). The general duties applying to officers include care and diligence, good faith and proper purpose, and prohibitions on improper use of position or information. Section 188 also attaches specific responsibility to company secretaries for certain corporate administrative contraventions. Public companies must have at least one secretary who ordinarily resides in Australia; proprietary companies are not required to appoint one.
The law looks beyond labels. In Shafron v ASIC [2012] HCA 18, the High Court considered a person who was both general counsel and company secretary. It rejected an attempt to divide his responsibilities into watertight compartments. The practical lesson is not that combined roles are prohibited. It is that an officer may be assessed by reference to the responsibilities actually carried, not merely the title being invoked at a particular moment.
For ASX-listed entities, Recommendation 1.4 of the ASX Corporate Governance Principles and Recommendations states that the company secretary should be accountable directly to the board, through the chair, on matters concerning the proper functioning of the board. Each director should also be able to communicate directly with the company secretary, and vice versa. Although framed for listed entities, the underlying principle is useful more broadly: the secretary’s access to the board should not be filtered by the management role that the same person also performs.
Why combined roles can work
Well-designed combinations can offer real advantages:
a single, informed view across governance, legal, regulatory and commercial issues;
faster escalation and less duplication;
stronger continuity between board decisions and management implementation;
lower cost and a broader role capable of attracting experienced professionals; and
clearer ownership of governance processes in a small or developing organisation.
The benefits are generally strongest where the roles are adjacent and mutually reinforcing. Company secretariat and governance responsibilities, for example, usually fit naturally together. Legal and company secretarial roles are also commonly combined. The risk rises when one role must independently challenge, investigate, assure or report on work performed under another hat.
Where the risks concentrate
1. Board access and divided loyalties
A secretary may report to the CEO for employment and operational purposes while being accountable to the board, through the chair, for board processes. That duality is manageable only if the boundaries are explicit.
A difficult issue arises when the chair needs candid advice about the CEO, or the CEO expects to control information going to the board. Similar tension can arise where the secretary’s remuneration, performance assessment or career prospects depend heavily on an executive whose conduct the secretary may need to challenge or report.
The relevant safeguard is not abstract “independence” in the same sense as director independence. Most in-house company secretaries are employees. What matters is functional objectivity, direct access, freedom to escalate and protection from inappropriate interference.
2. Self-review and assurance risk
The most serious combinations are often those in which a person is expected to review or assure activities for which they are also responsible.
A company secretary who owns a compliance process may later be required to report a failure in that process. A head of internal audit who also manages an operational function may be auditing their own decisions. A risk executive may be expected to challenge business activity while carrying revenue or finance responsibilities.
Regulated entities may face express constraints. APRA’s current CPS 220 requires the chief risk officer of an APRA-regulated institution to be independent from business lines, revenue-generating responsibilities and the finance function, and not to be the CEO, CFO, appointed actuary or head of internal audit. It also requires an independent reporting line for the compliance function. The Institute of Internal Auditors’ Global Internal Audit Standards require non-audit roles held by a chief audit executive, together with safeguards, to be documented. Where internal audit would review those areas, alternative independent assurance must be established.
These requirements do not apply identically to every organisation. They do, however, express a sound general principle: assurance loses value when the assurer is also the owner or operator of the activity being assured.
3. Concentration of authority and weak segregation of duties
Combining roles may concentrate access to sensitive information, control over decisions and the ability to initiate, approve, record and review transactions. That does not mean misconduct will occur. It means that an error, override or abuse may be harder to prevent or detect.
The answer is not necessarily to split every role. It is to preserve critical control separations. No one person should, without effective counter-signature or independent review, control all material stages of a transaction, regulatory submission, conflict decision, investigation, board record or payment process.
Technology permissions also matter. A carefully drafted delegations policy may be undermined if the same person has unrestricted administrator access across the systems that initiate, approve and evidence a transaction.
4. Conflicts, confidentiality and use of information
Multiple roles can expose a person to information obtained for different purposes and audiences: board deliberations, legal advice, employee matters, whistleblower reports, audit findings and management plans. The person must understand when information can be shared, with whom and in what capacity.
There may also be a personal conflict. An investigation or review could concern a function the person leads, a decision they advised on, or a colleague who assesses their performance. In such cases, disclosure alone may be insufficient. Recusal, an alternative decision-maker, an external investigator or independent board oversight may be required.
5. Legal professional privilege
Combining general counsel and company secretary roles does not automatically destroy client legal privilege. The difficulty is evidentiary: was the communication made in the person’s professional legal capacity, confidentially and for the dominant purpose of giving or obtaining legal advice, rather than for a broader commercial, managerial or governance purpose?
Current Law Council guidance highlights the challenge where in-house counsel also occupies other roles. Labels such as “privileged and confidential” are useful indicators but are not determinative. Clear instructions, separate legal and commercial workstreams, controlled circulation, appropriate practising arrangements and disciplined recordkeeping can help demonstrate the capacity and purpose in which advice was given.
6. Capacity, role clarity and wellbeing
The company secretary role can be episodic but intense. Board and committee cycles, disclosure obligations, annual reporting, transactions and regulatory events can collide with the deadlines of another executive function. The result may be delayed escalation, superficial review, weak minutes, inadequate preparation, reduced staff supervision or unsafe reliance on shortcuts.
This is not solely a performance issue. Safe Work Australia identifies high job demands and lack of role clarity as psychosocial hazards under the model work health and safety framework. Overlapping responsibilities, conflicting priorities and unclear reporting lines should therefore be treated as organisational design risks, not simply as evidence that an individual needs to “manage time better”. The precise legal requirements vary between jurisdictions.
7. Investigations and speak-up arrangements
A multiple-role holder should not be asked to investigate, adjudicate or control the escalation of allegations concerning their own conduct, advice, team or function. Whistleblower, grievance, compliance breach and regulatory-response protocols should nominate alternative recipients and investigators before a conflict arises. External support may be appropriate for a small organisation where no genuinely independent internal pathway exists.
8. Key-person and succession risk
An arrangement may work because a particular individual has an unusual combination of qualifications, relationships and institutional knowledge. That can conceal structural fragility. Extended leave or departure may create simultaneous gaps across board support, statutory compliance, legal advice, risk management and corporate memory. Recruiting a like-for-like replacement may be unrealistic.
The board should therefore assess the role as a system, not merely the incumbent as a person.
A practical governance framework
Before approving or continuing a combined role, the board should ask:
Which responsibilities reinforce one another, and which require independent challenge or assurance?
Can the person raise sensitive matters directly with the chair or relevant committee without management permission?
Are authority, information access, system permissions and control activities appropriately segregated?
What happens when the person has advised on, approved, implemented or is personally affected by the matter under review?
Is there enough time, capability and support to perform every role to the required standard?
Can the organisation operate during absence and replace the role without seeking an improbable “unicorn” candidate?
The resulting safeguards should be documented rather than assumed. Depending on the organisation, they may include:
board-approved role descriptions, delegations and a responsibility matrix;
explicit dual reporting lines, including direct and private access to the chair and relevant committee chairs;
conflict disclosure, recusal and alternative decision-maker protocols;
independent approval, reconciliation, investigation and assurance arrangements;
clear legal privilege and information-handling protocols;
separate performance measures where one role must challenge another;
adequate deputies, specialist support, leave cover and succession plans; and
an annual and event-driven board review of whether the structure remains fit for purpose.
Triggers for an earlier review should include rapid growth, a listing or major capital raising, entry into a more heavily regulated sector, a material transaction, repeated control failures, sustained excessive hours, a serious complaint or investigation, or the departure of key support staff.
The right conclusion is rarely “one person, one role”
Multiple hats are not inherently poor governance. In many organisations they are sensible and effective. Nor is there a general statutory limit on the number of functions a company secretary may hold.
The governance task is to distinguish efficient integration from dangerous incompatibility. As responsibilities accumulate, the surrounding architecture must become stronger: clearer boundaries, more direct board access, better segregation of duties, independent assurance, realistic resourcing and credible succession.
A useful rule of thumb is this: no person should be expected to mark their own work, investigate themselves, suppress information needed by the board, or carry a workload that makes careful performance of each role unrealistic.
Governance in Action Pty Ltd can assist clients with defining the boundaries and safeguards that should be in place for those individuals with dual and multiple roles, including the role of the company secretary (including how to sensibly structure and manage them to help support good corporate governance and avoid potential problems).
David Cantrick-Brooks FGIA FCG, Principal & Director of Governance in Action Pty Ltd, would be pleased to assist with enquiries. Please feel free to reach out via LinkedIn or via gia.net.au and please visit governancepathways.com for details of our bespoke coaching and mentoring services, etc.
AI-assisted tools and techniques were used here to support the research, drafting and editing of this publication. Responsibility for the final content rests with David Cantrick-Brooks.
Whilst accounting and legal terms and references may be contained in this publication, it does not constitute or purport to be or represent accounting or legal advice of any kind – whatsoever. Readers should seek their own professional advice.