You can use the below query directly if you are using the latest version as it Microsoft implemented STRING_SPLIT() built-in function which converts a string into rows as per the seperator. If this function is not available in your version, you can use the logic in the next to populate the table variable and use in the query as explained above.
exec sp_executesql N'select * from companies CROSS APPLY STRING_SPLIT(@comp_cod,'','') AS S where comp_cod = S.value',N'@comp_cod nvarchar(19)',@comp_cod=N'2,3'
--populate table variable using the below logic, and then use the same in the query as per Thom
declare @comp_cod varchar(10)='2,3'
select R.r.value('.','varchar(100)')as comp_code
select cast(('<R>'+replace(@comp_cod,',','</R><R>')+'</R>') as xml) as Code
) as C
cross apply Code.nodes('/R')as R(r)