Every organisation runs on thousands of decisions a week, and almost none of them reach the board. Someone approves the invoice, signs the lease, hires the analyst, settles the dispute. The question a delegation of authority answers is the unglamorous but load-bearing one: who is allowed to say yes to what, and up to how much? Get it right and the company moves quickly and safely at once. Get it wrong and you either choke on approvals or wake up to a commitment nobody senior knew had been made.

The quick version

  • A delegation of authority (DOA) is the written rulebook for who can approve what, up to which limits, flowing down from the board through the chief executive to managers and staff.
  • It starts from the schedule of matters reserved for the board: the decisions the board keeps for itself. Everything else is delegated, usually to the chief executive, with authority to delegate further.
  • The non-negotiable principle: a board can delegate authority, but it can never delegate its accountability. It stays on the hook for outcomes and must keep watching what it gave away.
  • The common form is an authority matrix, decision types down one axis, roles and money thresholds across the other. Set the thresholds too low and everything escalates; too high and you create risk nobody intended.

The idea in depth: delegate the decision, not the responsibility

Start with the cleanest principle in the whole topic, because everything else hangs off it. A board can give away the power to decide; it cannot give away the responsibility for the decision. As the South African firm Werksmans Attorneys puts it, summarising the position under the King IV governance code, "delegating authority does not mean that the board divests themselves of all responsibility, as they are required to continue to exercise proper supervision over the matters which they have delegated to others because they remain ultimately responsible for the outcome of such delegations." Delegation is a loan of power, not a transfer of blame.

This is why a delegation is a governance instrument, not just an admin convenience. The board sets the direction and the parameters, what it keeps, what it lets go, within what limits, and then it has to keep looking. So the move is to pair every delegation with a reporting line back up: if the chief executive can approve capital spend up to a ceiling, that spend gets reported to the board. Delegation without a feedback loop is not delegation; it is abdication with paperwork.

A board can delegate authority. It can never delegate accountability. The power goes down the line; the responsibility stays at the top.

Where does the delegation begin? With its mirror image, the list of things that are not delegated. The UK Corporate Governance Code (2024) expects a board to maintain a schedule of matters reserved for its own decision: things like major acquisitions, large capital expenditure, the budget, the dividend, and senior appointments. The standard formulation, used in countless published board terms of reference, is blunt: except for the reserved matters and the committees' terms of reference, the board delegates authority to the Chief Executive, with authority for further delegation. That single sentence is the hinge of the whole system. Above it: the board decides. Below it: a chain of delegated power, each link able to pass authority on within limits.

This is older than any modern code. The 1992 Cadbury Report, the founding text of modern governance, built its recommendations around a clearly accepted division of responsibilities at the head of a company, so that no one individual holds unfettered power. A delegation of authority is that division written down and pushed all the way through the organisation, not just at the very top.

An honest limitation. A delegation framework is only as good as the supervision behind it. The board can reserve the right matters, draft an elegant matrix, and still be blindsided, because the people it delegated to acted outside their limits, or because the reports that were supposed to flow back up were thin, late, or quietly ignored. The document creates the structure for accountability; it does not, by itself, create the attention. A delegation that nobody checks against actual behaviour is a comfort blanket, not a control.

The authority matrix: who approves what, up to how much

Once you descend below the boardroom, the delegation of authority usually takes a very practical shape: a matrix. Decision types run down one side, operating spend, capital expenditure, hiring, signing a contract, settling a claim, writing off a debt, and roles run across the top, each with a monetary or scope limit. A line manager might approve an invoice up to one figure; a department head up to a higher one; the chief financial officer higher still; and anything above that goes to the board. The matrix turns a vague culture of "ask someone senior" into an explicit map of who can say yes to what.

The discipline lives in the numbers. As one practitioner guide puts it, "without a number, you don't have a threshold, you have a suggestion." And the thresholds are a genuine trade-off, not a formality: set them too low and trivial decisions escalate until senior people are approving stationery and the organisation slows to a crawl; set them too high and you hand out risk exposure nobody intended. So the move when you design a matrix is to calibrate each threshold to the real cost of a bad decision at that level, low where errors are expensive or irreversible, generous where they are cheap and recoverable, and to revisit the numbers as the company grows, because a limit that fit a £5m business strangles a £50m one.

flowchart TD
  B(["Board
matters reserved: budget, M&A,
major capex, dividend"]) --> CEO(["Chief Executive
broad authority, with power
to delegate further"])
  CEO --> CFO(["CFO / function heads
approve within high limits"])
  CFO --> MGR(["Managers
approve within working limits"])
  MGR --> STAFF(["Staff
approve routine, low-value items"])
  CEO -. "reports back up" .-> B
  CFO -. "reports back up" .-> CEO
Authority flows down the chain in narrowing bands; accountability and reporting flow back up. Leaders Loop

How common is this? More than most managers assume. A January 2025 study by EY and the Society for Corporate Governance, based on a September 2024 survey of more than 200 governance professionals at public and private companies, found that nearly 90% of the companies represented had a formal delegation of authority policy. The same study was candid about where these policies fall down: the weak spots are training people on the policy, actually enforcing it, and keeping it up to date. That is the recurring lesson, the matrix is rarely the problem; the maintenance is.

There is also a hard-edged reason to get this right in larger companies. Approval authority is one of the first things auditors test, because it sits at the centre of internal control over financial reporting. Under the United States' Sarbanes-Oxley Act, section 404, listed companies must document and test those controls, and a delegation of authority that exists on paper but is routinely overridden is precisely the kind of control weakness an audit is designed to catch.

Two failure modes, and the line between them

Most delegation goes wrong in one of two opposite directions, and naming them is half the cure. The first is over-centralisation: limits so tight, or so rarely refreshed, that real decisions pile up on a handful of desks. People stop owning outcomes because they cannot actually decide anything; the organisation is slow, and senior leaders spend their days as a human approval queue. The second is under-controlled drift: limits so loose, or so poorly monitored, that commitments get made far below the level where anyone with real perspective would have paused, the manager who signs a three-year contract, the regional head who settles a dispute on terms the board would never have accepted.

The reason both happen is the same: the delegation was treated as a one-off document rather than a living control. The fix is to make it a standing item, not a relic, reviewed when the company changes shape, when a near-miss reveals a gap, and at a fixed cadence regardless. (This is closely tied to where decision rights sit structurally; see centralisation vs decentralisation for the wider design choice.)

So the practical test for any delegation, at any level, is a single question: if the person we delegated to makes the worst defensible decision their limit allows, can we live with it, and would we find out in time? If the answer to either half is no, the limit is wrong or the reporting is missing. Fix whichever it is, and you have a delegation that protects the company instead of merely describing it.

A worked example

Take a fast-growing mid-sized company, call it Northwind Logistics, that has just appointed its first proper board. (Illustrative figures and details throughout; this is a teaching example, not a real company.) Until now, the founder-CEO has personally approved every commitment over a few thousand pounds, by habit. The new board's first governance act is to commission a delegation of authority.

They begin at the top, with the schedule of matters reserved: the annual budget, any acquisition, capital spend above £500,000, taking on debt, and senior-executive appointments all stay with the board. Everything below flows to the chief executive, with authority to delegate further. The CEO then builds the matrix: function heads can approve operating spend up to £100,000 and capital up to £250,000; managers up to £25,000; team leads up to £5,000 for routine items. Contracts longer than three years, or any litigation settlement, escalate a level regardless of value, because the risk is in the commitment, not just the pounds.

flowchart TD
  R(["A £180,000 capital request
lands in the system"]) --> Q{"Within the approver's
delegated limit?"}
  Q -->|"Yes, function head limit is
£250,000 capex"| A(["Approved at function level
→ reported up in the monthly pack"])
  Q -->|"No, would exceed £500,000
board-reserved threshold"| E(["Escalated to the board
→ decided where accountability sits"])
Every request runs the same test: inside the limit, decide and report; outside it, escalate. Leaders Loop

Six months in, the framework earns its keep twice over. A regional manager wants to sign a £180,000 fit-out for a new depot; under the old regime it would have sat on the CEO's desk for a week, but it is comfortably inside a function head's capital limit, so it is approved in a day and simply reported in the monthly board pack, speed without loss of oversight. Then a sales director, chasing a quarter, tries to commit the company to a five-year exclusive supply deal. The contract-term rule catches it and escalates the decision; the board reviews the terms, spots a liability clause the director had not weighed, and renegotiates. Same company, two decisions, one accelerated, one caught, and in both cases the authority sat exactly where the accountability could bear it. That is what a delegation of authority is for.

Frequently asked questions

What is the difference between a delegation of authority and a schedule of matters reserved?

They are two halves of the same map. The schedule of matters reserved lists the decisions the board keeps for itself and will not delegate, the budget, major deals, big capital spend, senior appointments. The delegation of authority describes what the board passes down: which decisions go to the chief executive and onward to managers, to which roles, and with what limits. The Chartered Governance Institute treats them as complementary documents, the reserved matters set the boundary, the delegation populates everything inside it.

Can a board delegate a decision and walk away from it?

No. This is the principle the whole topic turns on: authority can be delegated, but accountability cannot. The board remains ultimately responsible for outcomes and must keep supervising what it delegated, which in practice means requiring the delegated activity to be reported back up. A board that delegates and then stops looking has really abdicated, and it will still carry the consequences when the delegated decision goes wrong.

How do you set the right approval thresholds?

Calibrate each limit to the cost of a bad decision at that level, not to seniority for its own sake. Where an error is expensive or hard to reverse, keep the threshold low; where it is cheap and recoverable, be generous so the organisation isn't strangled. Add non-financial triggers, long contract terms, legal settlements, anything reputationally sensitive, that escalate regardless of value, because the risk often lives in the commitment rather than the pound figure. Then revisit the numbers as the company grows.

Is a delegation of authority a legal requirement?

It depends on the company and jurisdiction. For UK-listed companies, the Corporate Governance Code (on a "comply or explain" basis) expects a documented split between board and management decisions. For US-listed companies, approval authority is part of the internal-control regime that Sarbanes-Oxley requires be documented and tested. Many private companies adopt one as good practice rather than obligation. Check the rules that apply to your company, and treat a qualified adviser's view as authoritative over a general explainer.

How often should it be reviewed?

At a fixed cadence, annually is common, and additionally whenever the company changes shape (a fundraise, an acquisition, a big jump in scale) or whenever a near-miss exposes a gap. The EY and Society for Corporate Governance study found that updating the policy is one of the most-neglected parts of the practice. A delegation matrix that fit the company two years and two funding rounds ago is quietly out of date, and stale limits are how both over-centralisation and under-controlled drift creep in.

Related in the Toolkit

A delegation only makes sense against the backdrop of what the board keeps for itself (board roles, committees & responsibilities) and the legal weight each director carries for what they delegate (director duties & fiduciary liability).

Where to go next