User lists drift. People join, leave and change roles, and access that was right six months ago can quietly become access that shouldn’t exist. A short, regular access review keeps the list honest and is exactly the kind of control an auditor likes to see.
The five-minute review
- Open Account > Users & roles and read the list top to bottom.
- For each person, ask: do they still work with us, and is their role still right?
- Remove anyone who has left, and downgrade anyone whose job no longer needs approval rights.
- Confirm you still have at least one main administrator and one authorised signatory.
How often
Quarterly suits most small companies; monthly if your team changes a lot. Set a recurring reminder so it actually happens. Pair it with a glance at the activity log and you have a tidy, defensible control with almost no effort.
Whenever a change touches money, access or your company’s data, we verify the request is genuinely from an authorised person before we act. We will never ask you to confirm full security details by email or phone to release information or push through a change — if a message pressures you to do that, treat it as suspicious and contact us to check.
See also: Understanding user roles and permissions, How to remove access when someone leaves, How to see who changed what on your account.