CFO Insights · Financial Reporting

Who Sees What: A Guide to Role-Based Access and Team Collaboration in Group Financial Reporting

April 24, 2026 — BrizoSystem

As finance teams grow, so does the complexity of managing access to financial data. What starts as a spreadsheet shared among a few people quickly becomes a governance problem when multiple entities, subsidiaries, external advisors, and stakeholders are involved — each with different information needs and different permissions to act on what they see.

Not everyone should see everything. More importantly, not everyone should be able to change everything. In group financial reporting, getting access control right is a governance decision, not a technical afterthought.

Why Access Control Matters in Group Reporting

In group financial reporting, data sensitivity isn’t uniform. A CFO needs full visibility across all entities. A subsidiary controller should only see their own entity’s numbers. External auditors need read-only access. An entity accountant needs to upload and edit data — but only within the boundaries of their own entity.

Without clear access controls:

  • Sensitive financial data from one subsidiary is visible to controllers in another — creating confidentiality problems where subsidiaries compete in the same market
  • Adjustments can be made without clear accountability — no trail of who changed what, when, and why
  • Errors introduced at entity level can propagate to the group consolidation without a review gate
  • External users granted broad access can see (or accidentally modify) data they have no business seeing

Four Roles That Cover Most Finance Teams

A well-designed access model doesn’t need to be complex — but it must be intentional. Most group finance teams operate effectively with four structured roles:

Role 1 — Full Access

Group Finance Lead / CFO

Needs visibility across all entities and the full consolidated output. Can review, adjust, and finalise group numbers. Manages intercompany eliminations and consolidation adjustments. Approves reports before distribution.

  • All entities visible
  • Can post, edit, and approve consolidation journal entries
  • Can run and distribute reports
  • Can view audit trail and change history

Role 2 — Entity-Scoped Access

Subsidiary Controller / Entity Accountant

Responsible for their own entity’s data — uploading trial balances, reviewing account mappings, confirming intercompany schedules, and submitting data for the close. Should not be able to view other subsidiaries’ data or post group-level adjustments.

  • Own entity only — no cross-entity visibility
  • Can submit and update entity-level data
  • Can view own entity’s mapping and intercompany schedule
  • Cannot view group consolidation or other entities

Role 3 — Read-Only Access

Auditor / Investor / Board Member

Needs to view data and reports for oversight or assurance purposes. Should have no ability to modify data, post adjustments, or change configurations. Visibility scope can be configured — auditors may see all entities; a board member may only see the consolidated group view.

  • View access to reports and dashboards (scope configurable)
  • No edit, post, or configure permissions
  • Can export allowed reports to PDF
  • Access ideally time-bound for external parties

Role 4 — Admin Access

System Administrator

Manages users, roles, and system configuration. Should be limited to a small number of trusted users — typically the group finance lead and one backup. Responsible for maintaining the group entity structure, COA mapping configuration, and exchange rate tables.

  • Create, modify, and deactivate user accounts
  • Configure reporting structures and entity hierarchy
  • Manage integration connections to accounting systems
  • Audit system configuration changes

The Four-Step Collaboration Workflow

Access control structures the who. Workflow structure defines the when and in what order. A well-designed group reporting workflow assigns each step to users with the appropriate access level:

1

Data preparation — entity accountants Entity-scoped users sync or upload trial balance data from their accounting system, review account mappings, flag any new unmapped accounts, and confirm the intercompany schedule for their entity. This step is scoped entirely to the entity level — no group visibility required.

2

Review and submission — entity controllers The entity controller reviews the submitted data for completeness and accuracy — checking for unmapped accounts, unreconciled balances, or period-end adjustments not yet posted. Once satisfied, they submit the entity for the close. After submission, the data is locked for that entity unless the group finance lead reopens it.

3

Consolidation — group finance lead With all entities submitted, the group finance lead runs the intercompany matching, reviews exceptions, posts elimination entries, applies exchange rates, and runs the consolidation. Consolidation adjustments (PPA amortisation, policy alignment, goodwill) are posted at this level. No entity-level user has access to these steps.

4

Review and reporting — CFO / board The CFO reviews the consolidated output, adds management commentary, and approves the reports for distribution. Read-only stakeholders (board, auditors, investors) receive access to the final approved reports in their permitted scope.

Working With External Advisors

External parties — auditors, tax advisors, consultants — often need access to the consolidation system during audit or advisory engagements. This is where informal access management creates the most risk.

Best practices for external access:

  • Grant read-only access by default — there is almost never a reason for an external advisor to be able to post or modify data
  • Time-bound access — configure access to expire automatically at the end of the audit engagement or advisory period; don’t rely on remembering to remove it manually
  • Scope to relevant entities or reports — an auditor reviewing one subsidiary doesn’t need access to all subsidiaries; a tax advisor doesn’t need access to the consolidation adjustments
  • Document every external access grant — who was given access, to what scope, from when to when, and by whose authorisation

🚩 The most common external access mistake: Granting a departing auditor’s login to a new auditor from the same firm as a convenience measure. The original account may have broader access than appropriate; the new auditor inherits permissions they didn’t request; and the system shows activity attributed to the wrong person. Always create new accounts with appropriate permissions rather than repurposing existing ones.

BrizoConsol supports role-based access across all levels — entity-scoped data preparation, group-level consolidation permissions, read-only access for auditors and board members, and admin-level configuration control. Access is configurable per user and per entity. Learn more or see it in action →

Stay Ahead with Smart Consolidation!

Subscribe to our monthly newsletter and get expert tips on financial consolidation delivered straight to your inbox.

We don’t spam! Read our privacy policy for more info.