When a finance team grows beyond a single entity, the question of access control becomes surprisingly complex. Who should be able to see the group’s consolidated balance sheet? Should an entity-level bookkeeper in one subsidiary have visibility into the results of another? Can an external auditor review the trial balance without risking accidental edits to live data? These are not abstract security questions. They are practical operational decisions that affect the accuracy of your consolidated financials, the speed of your close process, and your ability to meet audit and compliance requirements. Role-based access is the mechanism that answers all of them. In this guide, we will walk through how finance leaders at multi-entity groups can think about access control in group reporting, what common configurations look like in practice, and how BrizoConsol gives teams the tools they need to assign the right level of visibility and control to every person in the reporting workflow.
Why Access Control Matters More as Your Group Grows
In a single-entity business, access control is usually straightforward. The owner, the accountant, and perhaps one or two finance team members all have access to the same accounting software, and the risk of unauthorised changes or data leakage is relatively low. As soon as a business expands to include multiple subsidiaries, holding structures, or joint ventures, the picture changes entirely. You may have entity-level finance managers who are responsible for closing the books in their own subsidiary but who should not be allowed to adjust consolidation-level journals or intercompany elimination entries. You may have an external accounting firm that prepares the consolidated financials for your group but should not have the ability to modify the underlying entity data. You may have board members or investors who need to review the group’s financial position on a monthly basis without any editing rights whatsoever. Each of these people represents a different use case, and each requires a different level of access. Applying the wrong level, whether too broad or too narrow, creates problems. Too much access increases the risk of accidental or unauthorised changes to sensitive financial data. Too little access creates bottlenecks, forces unnecessary workarounds, and slows down the close process for everyone involved. Well-structured role-based access solves both problems by matching every user’s permissions precisely to the work they are actually responsible for.
The Core Roles in a Multi-Entity Finance Team
Most multi-entity groups have four or five distinct types of users in their financial reporting workflow, and understanding how each of them interacts with consolidated data is the starting point for designing a sensible access model. The first type is the group finance manager or group CFO. This person needs full visibility across all entities and all reporting periods. They need to be able to review consolidated profit and loss statements, balance sheets, and cash flow summaries at the group level. They are typically responsible for posting consolidation adjustments, approving intercompany eliminations, and signing off on the final consolidated pack. In BrizoConsol, this role is typically configured with administrator-level access, giving them the ability to manage entity settings, invite other users, and control which reports are published and to whom. The second type of user is the entity-level finance manager or bookkeeper. This person is responsible for the trial balance and financial close within their own subsidiary. They should be able to upload data, review entity-level reports, and flag any issues to the group team. However, they should not be able to see the financials of other entities or modify any group-level consolidation entries. Restricting their access to a single entity ensures data integrity across the group while still allowing them to do their work efficiently. The third type is the external auditor or accounting firm. Auditors need read-only access to a specific set of reports or trial balance data for a defined period. They should not be able to make changes of any kind, and in many cases their access should be time-limited to the duration of the audit engagement. Providing this level of access in a controlled way, without having to export data to spreadsheets or share login credentials, is one of the clearest practical benefits of purpose-built consolidation software. The fourth type is the board member or investor. This person typically only needs access to a finished, formatted report, such as a monthly board pack or a summary income statement. They do not need to see trial balance data, entity-level transactions, or consolidation workings. BrizoConsol’s Insight Package feature addresses this use case directly by allowing finance teams to publish polished report bundles to specific recipients on a scheduled basis, so board members receive the right information without ever needing to log into the consolidation platform itself.
How BrizoConsol Structures User Permissions
BrizoConsol is built around the reality that multi-entity finance teams include people with very different relationships to the group’s financial data. Rather than offering a single level of access for all users, the platform allows finance administrators to assign permissions at both the group level and the entity level, giving precise control over what each person can see, edit, or approve. At the group level, administrators can grant or restrict access to the consolidated reporting environment, including the group’s chart of accounts, intercompany elimination rules, consolidation journals, and published group reports. Users who are granted group-level access can see the full consolidated picture across all entities. At the entity level, access can be restricted so that a user can only view or edit data belonging to a specific subsidiary or set of subsidiaries. This is particularly useful for groups with entity-level bookkeepers or finance managers who are responsible for their own close but should not have cross-entity visibility. The result is a permission model that maps cleanly onto the actual organisational structure of the group, rather than forcing teams to work around a one-size-fits-all access control system. When a new entity is added to the group, whether through acquisition, incorporation, or restructure, the finance administrator can quickly assign the right access to the relevant team members without disrupting the permissions of anyone already working in the platform. This is especially important for groups that are growing quickly or that regularly onboard new subsidiaries and need a scalable, repeatable approach to access management.
Common Permission Mistakes and How to Avoid Them
Even with a well-designed permission model, finance teams can fall into a few common traps when managing access in a multi-entity consolidation environment. One of the most frequent mistakes is giving too many users administrator-level access on the basis that it is quicker to set up than more granular permissions. This approach creates significant governance risk. If a user with administrator access makes an accidental change to a consolidation journal or an elimination rule, the error may not be discovered until after the group’s monthly close has been completed and reports have been distributed. Correcting the error at that point requires not just fixing the journal but also re-running the consolidation, re-checking eliminations, and republishing affected reports. A better approach is to start with the principle of least privilege: assign the minimum level of access that allows each user to complete their work, and expand permissions only when there is a clear, documented reason to do so. A second common mistake is failing to remove or downgrade access when a team member leaves the organisation, changes roles, or when an external engagement ends. Stale accounts with broad permissions are a security risk in any system, but in a consolidation platform they also create confusion. If an inactive user account still has the ability to publish reports or modify group-level journals, a future administrator reviewing the audit trail may struggle to distinguish legitimate activity from accidental or unauthorised changes. BrizoConsol allows administrators to deactivate user accounts without deleting their history, which means you can remove access immediately when someone leaves while still maintaining a complete record of any work they contributed. A third mistake is assuming that access control is only relevant for large organisations. In reality, even a group with three or four entities and a small finance team benefits from structured permissions. The moment a second person is involved in the close process, whether that is an external accountant, a part-time bookkeeper, or a business partner reviewing results, access control becomes a necessary part of maintaining the integrity of your consolidated financials.
Access Control as a Governance and Audit Tool
Beyond the practical benefits of preventing unauthorised changes, role-based access plays an important role in audit readiness and financial governance. When each action in your consolidation platform can be attributed to a specific user, with a timestamp and a clear record of what was changed, your team is in a much stronger position during an external audit. Auditors need to understand not just what the final consolidated numbers are but also how they were derived. Who posted the consolidation adjustment that moved a transaction from one entity to another? Who approved the intercompany elimination that removed an intragroup loan from the balance sheet? Who published the final group report that was presented to the board? In a system without proper access control, these questions are often impossible to answer with confidence. In BrizoConsol, because every user action is tied to an authenticated account with a defined role, your finance team can provide clear, traceable answers to these questions at any point. This is not just useful for auditors. It is also valuable for internal governance, particularly in regulated industries, in groups with external investors, or in businesses that are preparing for a fundraising round or a sale process where detailed financial documentation is expected. The ability to demonstrate that your consolidated financials were produced through a controlled, documented process, with appropriate separation of duties and a complete audit trail, is increasingly seen as a marker of financial maturity in growing organisations.
Getting Started with Role-Based Access in BrizoConsol
Setting up access control in BrizoConsol does not require a complex implementation project. For most groups, the initial configuration can be completed in a single session by the finance administrator. The recommended starting point is to map out the people involved in your consolidation workflow before inviting anyone into the platform. For each person, identify their role in the process, which entities they are responsible for, and what level of visibility they need at the group level. This mapping exercise often takes no more than an hour, but it provides the clarity needed to assign permissions correctly from the outset rather than adjusting them reactively after issues arise. Once the permissions have been assigned, it is worth running a brief review each quarter to confirm that the access model still reflects the current structure of the team. People change roles, entities are added or removed from the group, and external engagements come to an end. A quarterly review ensures that your access configuration stays aligned with your actual operational reality. If your group is growing quickly and you anticipate frequent changes to team structure, BrizoConsol’s user management tools make it straightforward to update permissions, deactivate accounts, and onboard new users as your needs evolve. Role-based access is not a one-time configuration. It is an ongoing part of how well-run finance teams maintain control and accountability over their consolidated reporting environment. With the right setup in place, your team can close faster, collaborate more confidently, and provide your stakeholders with consolidated financials they can trust.