Hi Cheryl,
I've seen something like this before but my memory is hazy. It was a time of un-bundling utility companies. My understanding is that you would like to re-use as much as possible. You could try to keep using one client and try to use standard authorization objects to separate users. The success of this approach depends on how much separate data should be. Unfortunately, the enabler roles are not going to improve your situation. For example we can agree that it won't be a big task to separate GL between two companies. This is easily supported by authorization model of FI module. But how are you going to protect against users with more powerful authorizations such as SE16? I think the biggest issue will be power users. You will realize that there are many spots where you will have leaks of data between two companies (e.g. search helps). Sometimes these leaks can be resolved with standard authorizations, sometimes you will have to add additional checks.So it depends on level of separation between those 2 companies. But it's possible that cost of properly separating these 2 companies will be higher than loss by not sharing data.
Other approach of having a separate client for each company will give you much better separation but you will lose on sharing side. You will just share code and some basic stuff.
Cheers