A delegation of authority matrix is useful only if exceptions are reported. Otherwise, it becomes a framed document that everyone admires and nobody obeys. Exception reporting tells the board and senior management when approvals exceeded limits, were granted after the event, were split to avoid thresholds, or were justified as urgent without adequate evidence.
The exception report should be short but exact. It should identify the transaction, amount, department, approving person, required approval level, actual approval path, reason for deviation, financial impact, and proposed remediation. Where the same department or vendor appears repeatedly, the report should flag a pattern. A single exception may be a business necessity; a pattern may be a control design problem.
The official Supreme Court judgment titled Vishal Tiwari v Union of India and Others emphasised constructive regulatory strengthening in the securities-market setting. By analogy, a company should treat exception data as a source of improvement, not as an embarrassment to be buried. Controls mature when exceptions are studied honestly and corrected quickly.
Boards should distinguish between approval, ratification, and condonation. Approval happens before the act. Ratification accepts an act after review. Condonation forgives a breach but should not erase the record. Each has different governance consequences. If urgent procurement bypassed the ordinary route, the note should show the urgency, alternatives considered, benefit to the company, and steps taken to avoid repetition.
Internal audit and finance should test exception reports against transaction data. Split invoices, repeated emergency approvals, unusually frequent manual overrides, or approvals by conflicted officers deserve closer review. The company secretary can help ensure that material exceptions are placed before the appropriate committee and that minutes capture the decision without excessive drama. Paperwork should be calm even when the facts are not.
For implementation, management should keep a compact evidence bundle for this topic: the approved policy or contract clause, the responsible owner, the last review date, the decision note, and any unresolved exception.
The bundle should be short enough for a busy director to read and complete enough for a later reviewer to understand the decision.
Where the matter is recurring, add a dashboard line showing open items, ageing, monetary exposure where relevant, and the next escalation date.
This keeps the board record factual without turning every issue into a bulky legal file.
It also helps counsel or advisers step in quickly if the matter becomes contentious.
A single owner should confirm closure in writing, because unsigned comfort is rarely comfortable later.
Keep it dated and useful.
If the board or committee chooses not to escalate a known exception, the reason should be recorded in plain terms.
A restrained record of judgment is usually stronger than a silent record of optimism.
The same pack should show what changed since the previous review, so directors are not forced to rediscover the history each quarter.
Where external advisers are involved, the note should also distinguish business instructions from legal advice, and operational updates from privileged review.
That distinction protects candour while keeping routine governance visible.
Short records can still be rigorous.
They should also show the next review owner, because unattended controls tend to become folklore.
AGS Consulting supports delegation-matrix reviews, exception-report formats, and board-ready remediation trackers. For help strengthening an approval-control framework, contact AGS Consulting through the contact section.
FAQs
What is delegation of authority exception reporting?
It is reporting of transactions or decisions that did not follow the approved authority matrix, including retrospective approvals and threshold deviations.
Should every exception go to the board?
No. Materiality thresholds should apply, but repeated or high-risk exceptions should be escalated to the relevant committee or board.
Is ratification enough to fix an exception?
Ratification may regularise a decision internally, but the reasons, evidence, and remediation steps should still be recorded.
What patterns should management watch?
Split approvals, repeated emergencies, approvals by conflicted persons, manual overrides, and recurring vendor-specific deviations deserve attention.