Your company manages multiple GCP projects, each overseen by its respective team. Recently, the combined expenditure across all projects has surpassed the operational budget. A decision was made to allow the finance team to set budgets and monitor charges for all projects without accessing project resources, while developers should only see billing charges and resources for their own projects. Following Google's recommended practices for IAM roles and permissions, what is the best course of action?