The best accounting software for small business in Australia - whether Xero or MYOB - does not enforce your approval authority rules by itself. Both record who approved a bill. Neither prevents someone from approving a bill they should not have. Building an audit-ready approval matrix means documenting who can authorise what, up to what value, and under what conditions - and then configuring your workflow so the matrix is enforced rather than assumed.
What an approval matrix covers versus what basic accounting software covers
Element | Xero or MYOB native | Approval matrix plus workflow enforcement |
|---|---|---|
Records who approved a bill | Yes | Yes, with supplier data captured |
Prevents approval above authority limit | No | Yes, via workflow routing rules |
Documents approval levels by role and value | No | Yes, in the matrix |
Enforces segregation of duties | No | Yes, with role-based routing |
Handles delegation when approver is absent | No | Yes, with documented substitution |
Provides audit evidence of authority | Basic (name and date) | Full (role, limit, reason, supplier data) |
Scalable as business grows | Only if manually updated | Scales with workflow rules |
What an audit-ready approval matrix actually is
An approval matrix (sometimes called a delegation of authority) is a documented set of rules that defines:
Which roles can approve invoices, and up to what value
What additional approval steps are required above each threshold
Who holds delegated authority when the nominated approver is unavailable
Which categories of invoice require mandatory second sign-off regardless of value
What documentation must accompany specific invoice types before approval
’Audit-ready’ means the matrix exists in a written, dated document that a finance team can produce on request, and the workflow enforces it consistently enough that the approval records in the accounting system reflect the matrix rather than ad hoc decisions.
A financial controller at a Cairns industrial services business spent three days during an external audit compiling approval evidence for the previous 12 months. Most invoices had been approved by whoever was available at the time rather than by the role specified in the company’s undocumented authority policy. The auditor accepted the approval records but noted the absence of a formal authority matrix as a finding. Twelve months later, the business still did not have one.
Step 1: list every invoice category your business processes
Start by identifying the categories of invoice your AP workflow handles. For most Australian SMBs, these fall into:
Routine supplier invoices (stationery, utilities, subscriptions)
Trade and services invoices (maintenance, cleaning, labour hire)
Materials and inventory invoices
Subcontractor progress claims (construction and trades)
Capital expenditure invoices (equipment, fit-out, vehicles)
One-off or unusual invoices (consultants, legal, specialist services)
Travel and expense reimbursements
Each category may warrant a different approval path based on value risk and the expertise needed to assess legitimacy.
Step 2: define threshold values for each approval tier
The threshold values in your approval matrix should reflect your actual risk profile, not round numbers chosen for convenience. For an SMB processing invoices up to $100,000:
Threshold | Approval required |
|---|---|
Under $500 | Nominated AP officer - no additional sign-off |
$500 to $5,000 | Operations manager or department head |
$5,001 to $20,000 | Financial controller |
$20,001 to $100,000 | CFO or director |
Above $100,000 | Board sign-off or two-director approval |
Control checkpoint: Adjust thresholds based on your industry. A wholesale business with $80,000 materials invoices needs a different set of thresholds than a professional services firm where the largest regular invoice is $5,000.
Also define which categories bypass value thresholds and require additional approval regardless of amount:
Any invoice from a new supplier (first time in the system)
Any invoice from a supplier where bank details differ from the last payment
Any capital expenditure item not in the approved budget
Any variation to an existing contract
These category-based triggers are more important than value thresholds for fraud prevention.
Step 3: define roles, not names
The most common mistake in building an approval matrix is listing people’s names rather than roles. When Sarah the financial controller leaves and is replaced by Marcus, the approval matrix needs to be updated along with every workflow that referenced Sarah specifically.
Structure your matrix around roles:
Role | Maximum approval authority | Cannot approve |
|---|---|---|
AP officer | Up to $500 (routine suppliers only) | Any new supplier, any capital item |
Operations manager | Up to $5,000 | Capital expenditure, subcontractor claims above $10,000 |
Financial controller | Up to $20,000 | Board-level capital expenditure |
Director | Up to $100,000 | Transactions above board-approved thresholds |
Map your current team members to these roles separately. The matrix should survive a staffing change without requiring a complete rebuild.
Step 4: define delegation rules for when approvers are unavailable
An approval matrix with no delegation clause creates a bottleneck every time an approver is on leave. For each role in the matrix, document:
Who holds delegated authority in the approver’s absence
What value limit applies to delegated authority (often reduced from the primary limit)
How the delegation is communicated (formal notification vs. automatic substitution)
Whether the delegation covers all invoice types or only specific categories
Control checkpoint: In Xero, approvals can be reassigned manually to a different user. There is no automated substitution rule. If your approval matrix requires substitution to be enforced automatically, a third-party workflow tool is required - Xero native approvals will not enforce it.
Step 5: document the segregation of duties rules
Segregation of duties means the person who creates a purchase requisition or enters a draft bill should not also be the person who approves and publishes it for payment. For small teams where the same two or three people handle all AP functions, full segregation is sometimes impractical - but partial segregation is achievable and meaningful.
Document the minimum segregation requirements:
No one approves their own expense claims
No one who enters a bill also publishes it to the ledger without a second sign-off
No one with full accounting system admin access should be the sole approver for bills above a defined threshold
These rules should be reflected in how user permissions are configured in Xero or MYOB. If the configuration makes them possible to bypass, document the bypass risk and escalate to leadership.
Step 6: translate the matrix into your accounting workflow
Once the matrix is documented, translate it into the approval workflow:
In Xero: User roles can be set to control who can create drafts, who can approve, and who can publish bills to the ledger. Value-based routing is not native - document the threshold rules as a required process step that approvers follow manually, or use a third-party tool to enforce them automatically.
In MYOB: Similar to Xero - user permissions control access but do not enforce value thresholds. Manual process compliance is the only mechanism without additional tools.
With a dedicated workflow tool: Approval workflow platforms can be configured to enforce the full matrix - routing by value, enforcing segregation, managing substitution, and maintaining the audit trail. This is the recommended approach for teams where manual compliance is unreliable.
Step 7: test the matrix before treating it as operational
Before treating the approval matrix as your live control framework, test it against five invoice scenarios:
A routine invoice from a regular supplier within the lowest threshold
An invoice above the first threshold requiring escalated approval
An invoice from a new supplier
An invoice where the supplier’s bank account differs from the last payment
A capital expenditure invoice above the budget-approved limit
Document what the workflow does for each scenario. Items 3, 4, and 5 are where most approval matrices fail on first test.
What the best accounting software for small business in Australia needs alongside the matrix
An approval matrix is only as effective as the workflow that enforces it. Xero and MYOB provide the accounting foundation. The matrix requires either rigorous manual compliance or a workflow layer that enforces it automatically.
For small finance teams where manual compliance under volume pressure is not reliable, a structured approval workflow that applies the matrix rules programmatically is the practical answer. It removes the need for each approver to know the policy and applies the rules consistently regardless of who is processing that day.
Pulsify’s validation and exception review operates at the pre-approval stage, checking supplier details and flagging exceptions before they reach the approval matrix - so the matrix is working with verified invoice data, not just trusting that the invoice is legitimate.
Evaluation checklist: does your approval matrix meet audit standards?
Is the matrix written in a dated document that can be produced on request?
Does it reference roles rather than individuals’ names?
Does it specify approval thresholds for each role and invoice category?
Does it include category-based triggers (new suppliers, changed bank details, capital items)?
Does it include delegation rules for unavailable approvers?
Does it specify segregation of duties requirements?
Is it reflected in the user permission configuration in Xero or MYOB?
Has it been tested against at least the five scenarios above?
Is it reviewed and updated at least annually, or when key staff change?
Who this applies to
Business scenario | Priority action |
|---|---|
No formal approval matrix exists | Build one before adding any new tool - tools enforce the policy, not replace it |
Matrix exists but is not enforced in the workflow | Map it to user permissions in Xero or MYOB; add workflow tool for threshold enforcement |
Matrix exists and is enforced, but audit trail is thin | Evaluate workflow tool for audit trail depth |
Accountant advising small business clients | Use the matrix template above as a client deliverable at onboarding |
Questions to ask when evaluating accounting and workflow software for the matrix
Can the software enforce different approval thresholds for different invoice value ranges automatically?
How does substitution work when the primary approver is unavailable?
Does the audit trail show which approval role authorised each bill, not just which individual?
Can category-based triggers (new supplier, changed bank details) route invoices to a separate approval path?
What does the configuration process look like for translating a delegation of authority matrix into the workflow?
FAQ
What is an approval matrix in accounting?
An approval matrix (also called a delegation of authority) is a documented policy that defines who can authorise what type of expenditure, up to what value, and under what conditions. In AP specifically, it governs which roles can approve supplier invoices, at what threshold additional sign-off is required, and who holds delegated authority when the primary approver is unavailable. A well-structured approval matrix is the foundation of financial control in AP.
Does Xero enforce approval authority limits automatically?
No. Xero’s native approval functionality routes bills to nominated approvers but does not enforce value-based authority limits within the system. A user with approval access can approve any bill value regardless of their documented authority limit. Enforcing value-based thresholds in Xero requires either a third-party workflow tool or rigorous manual compliance with a documented policy.
How often should an approval matrix be reviewed?
At minimum, annually as part of financial year preparation. Additionally, whenever a key staff member joins or leaves, when the business structure changes (new entities, new departments), or when invoice volumes or categories change significantly. An approval matrix that reflects last year’s team composition or last year’s business structure is not a reliable control.
What is the minimum approval matrix for a two-person finance team?
For a two-person team, the minimum is: different individuals enter and approve each bill, with no one approving their own requests. Document this rule explicitly, including the value threshold above which a third sign-off (owner or director) is required. Even in a small team, the discipline of not approving your own entries prevents the most common control breach in small business AP.
What is the best accounting software for Australian small businesses that enforces approval limits?
Xero and MYOB are the dominant accounting platforms in Australian small business and both are strong at financial recording and reporting. Neither enforces approval limits natively - that function requires a dedicated AP workflow tool configured to mirror the approval matrix. The right approach is to use the best accounting software for your financial needs and add a dedicated workflow layer to enforce the approval controls that the accounting software cannot.
Sources: ATO record-keeping requirements for business · ASIC financial reporting obligations