What is a Delegation of Authority Matrix?

A delegation of authority matrix (DOA matrix) is a written rule set that defines who can approve which financial commitments, up to what dollar amount, and under what conditions. In accounts payable, it answers a single question for every invoice: who is allowed to say "pay this"?

Most AP teams have a DOA matrix in name only — a Word doc the controller wrote in 2019, last updated when the previous CFO left. That gap between policy and practice is where unauthorized spend, audit findings, and fraud live. A working DOA matrix is not a governance artifact. It is the source code for your approval workflow.

Why a DOA Matrix Exists

The matrix exists for three reasons, in this order:

Fraud prevention. When approval authority is implicit ("ask your manager"), a single bad actor can approve their own invoice or pressure a junior approver. Explicit limits remove the ambiguity.
Audit and compliance. Sarbanes-Oxley Section 404 requires public companies to document and test internal controls over financial reporting. Approval authority is the highest-level control auditors test. PCAOB inspections in 2024 cited inadequate approval evidence in 31% of deficiency findings. Private companies preparing for SOC 2 or an acquisition face the same scrutiny.
Operational speed. A matrix that everyone trusts removes the "let me check with the CFO" delay. Approvers act with confidence because the rule is explicit.

If your matrix only exists for reason two, it is a paper exercise. The matrix earns its place when reasons one and three are visible in daily AP operations.

What Belongs in an AP DOA Matrix

A complete AP delegation of authority matrix specifies six fields for every spend category:

Spend category — operating expense, capital expenditure, professional services, software subscriptions, travel, etc.
Dollar threshold — the upper limit at each approval tier
Required approver role — by title, not by name (names change, titles persist)
Secondary approver trigger — the threshold above which a second approver is mandatory
Documentation required — quote, contract, three-way match, board minutes
Out-of-policy escalation path — who approves the exception when something falls outside the matrix

Skip any of these and the matrix has gaps. Auditors find gaps by asking "what happens when…" — your answer needs to come from the document, not from memory.

Sample DOA Matrices by Company Size

The right matrix shape depends on revenue, headcount, and the degree of board oversight. These templates are starting points — adjust thresholds based on your industry and risk tolerance.

Template 1: $5M Revenue (10–50 employees)

Small companies need fewer tiers and tighter dollar limits. The owner or CFO sees nearly everything above routine spend.

Tier	Role	OpEx Limit	CapEx Limit	New Vendor
1	Department lead	$2,500	$0	No
2	Controller / Finance Manager	$10,000	$5,000	Yes (with W-9)
3	CFO / Owner	$50,000	$25,000	Yes
4	Board / Co-founders	Above $50,000	Above $25,000	M&A only

Dual approval kicks in at $10,000. Anything above $50,000 needs written board awareness, even if formal approval is not required.

Template 2: $50M Revenue (100–300 employees)

Mid-market companies add a manager tier and split CapEx from OpEx more aggressively because capital plans run through finance separately.

Tier	Role	OpEx Limit	CapEx Limit	New Vendor
1	Manager	$5,000	$0	No
2	Director	$25,000	$10,000	Yes
3	VP / Department Head	$100,000	$50,000	Yes
4	CFO	$500,000	$250,000	Yes
5	CEO	$1,000,000	$500,000	Yes
6	Board	Above $1M	Above $500K	M&A only

Dual approval at $25,000. Three signers required above $250,000 (originator, finance, executive).

Template 3: $500M Revenue (500–2,000 employees)

Enterprise matrices add legal, treasury, and procurement as peer approvers, not just sequential signers. The matrix becomes two-dimensional: spend category × dollar tier.

Tier	Role	OpEx Limit	CapEx Limit	Software / SaaS	Professional Services
1	Manager	$10,000	$0	$5,000	$5,000
2	Director	$50,000	$25,000	$25,000	$25,000
3	VP	$250,000	$100,000	$100,000	$100,000
4	SVP / GM	$1,000,000	$500,000	$500,000	$500,000
5	CFO	$5,000,000	$2,500,000	$2,500,000	$1,000,000
6	CEO	$10,000,000	$5,000,000	$5,000,000	$2,500,000
7	Board	Above $10M	Above $5M	Above $5M	Above $2.5M

At this scale, software contracts often need security and legal review regardless of dollar amount. The matrix names them as required peer approvers, not just dollar gates.

DOA Matrix vs Approval Workflow vs Segregation of Duties

These three are related but distinct, and treating them as the same is the most common reason matrices fail in practice.

Concept	What It Defines	Where It Lives
DOA Matrix	Who has authority to approve which spend, up to what limit	Policy document, configured into workflow tool
Approval Workflow	The sequence of routing steps an invoice follows	AP automation software, ERP module
Segregation of Duties	Different people for entry, approval, and payment execution	System role permissions, organizational design

The matrix sets the rules. The workflow enforces them. Segregation of duties ensures one person cannot bypass them. You need all three. See our guide to invoice approval workflows for how the workflow operationalizes the matrix, and the segregation of duties glossary for the role separation that backstops it.

How to Operationalize the Matrix

A matrix in a Word doc is theater. To make it real:

Encode it as routing rules in your AP automation or ERP. Most modern platforms (Bill.com, Tipalti, Stampli, Ramp, Coupa) accept dollar thresholds and role-based approver chains as configuration, not custom code.
Tie roles to identity provider groups (Okta, Azure AD), not individual user IDs. When someone is promoted, the matrix updates automatically.
Log every override. When the system routes an invoice that bypasses the matrix — emergency payment, founder override, vendor escalation — capture the reason, approver, and timestamp.
Review quarterly. Compare actual approval patterns to the matrix. If 40% of invoices are getting "exception" approval, the thresholds are wrong.
Re-approve annually. Have the audit committee or board sign off on the current matrix every fiscal year.

Common Mistakes

Names instead of roles. "John must approve" breaks when John leaves. Use "Director of Engineering."
One global limit instead of category-specific. A $25,000 software contract carries different risk than a $25,000 marketing event.
No new-vendor rule. Approving a $500 invoice from a brand-new vendor is higher risk than $5,000 from a known one.
Missing the override path. Real life has emergencies. Specify who approves out-of-policy spend and how it gets documented.
Letting it drift. A matrix that is not enforced in the system, reviewed quarterly, and signed off annually is decorative.

Key Takeaways

Definition: A delegation of authority matrix specifies who can approve which spend, up to what dollar limit, with what supporting documentation.
Purpose: Fraud prevention, audit compliance (SOX 404, SOC 2), and operational speed — in that order.
Required fields: Spend category, dollar threshold, approver role, secondary trigger, documentation, override path.
By company size: $5M companies need 3–4 tiers; $50M needs 5–6; $500M needs a two-dimensional category matrix.
Operationalize: Encode as workflow rules tied to IdP groups, log overrides, review quarterly, re-approve annually.

Related Terms

Invoice Approval Workflow — how the matrix gets enforced as routing rules
Multi-Level Invoice Approval — designing approval chains that scale
Segregation of Duties in AP — the role separation that backstops the matrix
SOX Compliance for AP — the regulatory driver behind the matrix
AP Internal Controls Checklist — broader control framework the matrix sits inside

What is a Delegation of Authority Matrix? AP Edition with Templates