When this article is for you
You're a client deciding whether to invite your tax advisor — or an advisor who wants the canonical answer to "what exactly is inside my scope?". This is the boundary reference for both sides.
For the invite flow, see invite your tax advisor. For the GDPR framing of the relationship, see GDPR considerations for tax advisors.
What an advisor can do
Advisors are external reviewers with real — but bounded — write access to the books. Verified scope:
- Review invoices — approve, flag with a reason, or ignore. A hard receipt gate blocks approving VAT invoices without a document.
- Edit invoice details — correct the supplier invoice number, vendor, date, and net/VAT/gross amounts in a split-view editor with the original document alongside.
- Correct the VAT rate — the gross amount stays fixed; net and VAT recompute.
- Categorize and clear bank transactions — set categories, confirm or reject matches, clear transactions as booked, in bulk up to 50 at a time.
- Create categories — add a new custom category inline when the client's list doesn't fit.
- Reclassify direction — flip an invoice between incoming and outgoing, with all side effects handled (category re-validation, review reset).
- Add income and expense entries — for cash income or expenses the books are missing. These carry a "by tax advisor" badge in the client's list.
- Request receipts — one click asks the client for a missing document; the client's owners and admins get a notification (which deliberately contains no counterparty and no amount).
- Upload and attach documents — advisors can add a supporting document and attach or detach it on a bank transaction. Day to day, clients upload their own receipts; the advisor path is for filling gaps.
- Switch the client's tax regime — behind a two-step confirm, going forward only, audited.
- Export and generate reports — CSVs, an accounting workbook, receipts ZIP, period exports.
What an advisor cannot do
- No billing. No subscription access, no plan changes, no payment methods.
- No team management. They cannot invite or remove members, and cannot invite other advisors.
- No email or bank accounts. Connecting or disconnecting integrations — like every company setting except the tax regime — stays with your team.
- No deleting. They cannot delete the company, documents, or invoices, and cannot transfer ownership. Nothing an advisor does is destructive; every status they set can be changed again later.
- No other clients' data. An advisor for company A gets a hard denial on company B — even search returns a refusal, never a quiet empty list.
Everything is logged
Every advisor write lands in an append-only audit log with the actor's identity and role. On top of that:
- Every advisor action shows up in the client's activity feed with the advisor's name and role.
- Advisor comments are append-only — they cannot be edited or deleted afterwards, by anyone.
- Invoices and entries an advisor creates are visibly marked "by tax advisor".
The result: when a tax authority or the client asks "who changed this number?", the answer is always on record.
Access is the client's to grant — and to revoke
Advisor access only exists because the client invited that advisor by email. The client can revoke it at any time from their settings. Revocation is immediate and technical: the advisor's per-document decryption keys are deleted on revoke, not just a UI switch flipped. If an advisor is revoked mid-session, the portal detects it and returns them to their dashboard. Advisors can also leave a client on their own.
External advisor vs internal bookkeeper
The advisor role is designed for an external professional. If someone works inside your company and needs full write access — uploads as a daily habit, settings, integrations — add them as a team member with the Bookkeeper role via your team settings instead. The distinction keeps the audit story clean: external advisors review and correct under a bounded scope; internal staff work with team permissions.
Related
- The advisor dashboard and client workspace — where the scope shows up in the UI
- GDPR considerations for tax advisors — the legal framing of the boundary
- Invite your tax advisor — the client-side flow that creates the access
- Booking transactions for your clients — the advisor's transaction write-scope in action