Approvals & Authorizations (Preventive)
- Written policies and procedures
- Limits to authority
- Supporting documentation
- Question unusual items
- No "rubber stamps"
- No signing of blank forms
Authorization is the delegation of authority that may be general or specific. Giving a department permission to expend funds from an approved budget is an example of general authorization. Specific authorization applies to individual transactions: it requires the signature or electronic approval of a transaction by a person with approval authority.
Approval of a transaction means that the approver has reviewed the supporting documentation and is satisfied that the transaction is appropriate, accurate and complies with applicable laws, regulations, policies and procedures.
- Approvers should review supporting documentation, question unusual items and make sure that necessary information is present to justify the transaction. Most are reviewed on a post-audit basis.
- Signing blank forms should never be allowed.
Levels of Approval
Approval authority may be linked to specific dollar levels. Transactions that exceed the specified dollar level would require approval from a higher authority. A department's approval levels should be specified in a departmental policies and procedures manual or an accountability matrix.
- Under no circumstance should an approver tell someone to sign the approver's name on the approver's behalf.
- Similarly, under no circumstance should an approver with electronic approval authority share the password with another person.
- To ensure proper segregation of duties, the person initiating a transaction should not be the person who approves the transaction.