As a small business owner, you’ll often need someone else to “step into your shoes” and deal with customers, suppliers, banks, platforms, accountants or government bodies on your behalf.
That might be a staff member chasing an overdue invoice, your operations manager signing off on a supplier purchase, or a bookkeeper speaking to your accountant and lodging documents. In these everyday situations, the other party will often ask for one thing before they cooperate: a signed authorisation form.
Having a clear authorisation form (and using it consistently) can save you time, reduce misunderstandings, and help you avoid a messy “they weren’t allowed to do that” dispute later.
In this guide, we’ll walk you through what an authorisation form is, when your business should use one, how to set it up, and what to include so it works in the real world.
An authorisation form is a written document where one person or entity (the authoriser, often your business) gives another person (the authorised representative) permission to do specific things on their behalf.
It’s practical proof of authority. It tells third parties:
- who is allowed to act,
- what they are allowed to do,
- how far that permission goes (limits), and
- how long it lasts (time period).
In a small business, authorisation forms are commonly used to reduce friction with third parties who need certainty before they release information, accept instructions, or process requests.
You’ll see a few terms used interchangeably, but they aren’t always the same thing.
- Authorisation form: Usually a structured form (sometimes provided by the third party) where you give permission for a particular action or relationship.
- Letter of authority: Often a more flexible “letter-style” document giving permission. This is common where there isn’t a strict template and you want a clear written record (for example, permission for a staff member to speak with a supplier about your account). A letter of authority can be especially useful when you need something quickly and the other party will accept a signed letter.
- Power of attorney: A more formal legal instrument that can give broad powers (and is often used for personal affairs, but can also be relevant in business contexts). It’s not the same as a basic authorisation form and may have specific witnessing/execution requirements depending on the state/territory and the circumstances.
For many everyday business scenarios, an authorisation form (or letter of authority) is enough. The key is making sure it’s clear, correctly signed, and appropriate for what you’re trying to achieve.
If you’re only one person running everything, you might not think you need an authorisation form. But the moment you delegate tasks, outsource admin, or scale your operations, you’ll run into situations where third parties want written authority.
Common scenarios include:
1) Staff Or Contractors Dealing With Suppliers And Service Providers
If your team negotiates pricing, places purchase orders, or approves variations, a supplier may ask for proof that the person contacting them is authorised to make commitments.
This becomes even more important if your authorised person can:
- order stock or equipment,
- approve spending above a threshold,
- accept a quote or sign a statement of work, or
- change delivery addresses or account details.
In these scenarios, your authorisation form helps avoid confusion and reduces the risk of unauthorised purchases being treated as “approved”.
Third parties often won’t share account details, invoices, or records without written permission from the account holder/business owner.
For example, you might need an authorisation form so a team member or external provider can:
- speak with your accountant/bookkeeper,
- access a telco or utilities account,
- collect goods from a depot, or
- manage a platform account (for example, an online marketplace account).
Just be careful: if the information involved includes personal information (for example, customer details), your authorisation process should line up with your privacy compliance and the consents you’ve collected.
3) Handling Customer Requests Or Disputes
If you have staff handling refunds, cancellations, warranty claims, or settlement discussions, you’ll want a clear internal process that states who can authorise what. In some cases (particularly for large refunds or sensitive complaints), you may want the customer to sign an authorisation form if they are asking you to deal with their representative.
4) Banking, Finance And Security Arrangements
Banks and lenders typically have their own strict forms and processes. If you’re granting security or dealing with asset finance arrangements, you may also be working with documents like a general security agreement, where it becomes critical that only properly authorised people sign and give instructions.
Even if the bank uses its own paperwork, it’s still helpful to maintain your internal authorisation form/process so you can control who has authority to request changes or give directions.
5) When Someone Signs Or Accepts Contracts On Your Behalf
This is one of the biggest risk areas for small businesses.
If a staff member “accepts” a quote by email, signs a supply agreement, or clicks through online terms, you may have a binding contract on your hands. Having a clear authorisation form (and internal delegation policy) helps you manage that risk and show what was actually approved.
If you’re using a structured internal document for this, an Authority to act form can help you formalise who can do what, and when they need escalation or a second sign-off.
The biggest mistake we see is treating an authorisation form as a one-off document you only scramble for when a third party refuses to cooperate.
Instead, it’s better to set up a simple system your business can repeat consistently.
Step 1: Identify The “High-Risk” Actions In Your Business
Start by listing the actions that could create legal or financial exposure if the wrong person does them. For example:
- signing contracts and accepting quotes,
- approving refunds over a certain value,
- ordering stock or equipment,
- changing bank details on supplier accounts,
- accessing customer personal information,
- making statements that could be relied on (for example, promising delivery dates or performance outcomes).
This step helps you decide what the authorisation form should (and shouldn’t) allow.
Step 2: Decide Whether You Need Internal Authority, External Authority, Or Both
- Internal authority: You want an internal record of who can do what (great for delegation, onboarding, and audits).
- External authority: You want third parties to accept instructions from your representative (often required by banks, telcos, government portals, or large suppliers).
Often, you’ll need both: an internal system to control permissions, and a separate authorisation form/letter that you provide to third parties when needed.
Step 3: Use Clear Limits (Not Vague Permissions)
A vague authorisation like “X is authorised to act on behalf of the business” is often too broad. It can create risk and may still be rejected by a third party that wants more detail.
Instead, specify:
- the purpose (what relationship or issue the authority relates to),
- the exact actions permitted, and
- any value thresholds (for example, approvals up to $5,000).
This makes the authorisation form more useful and safer for your business.
Step 4: Store And Track Authorisations
From an operational standpoint, you’ll want to be able to answer quickly:
- Who is currently authorised?
- When does their authorisation expire?
- Was the authorisation revoked?
- What documents did we provide to third parties?
A simple approach is maintaining a central register (even a spreadsheet) plus a folder with signed PDFs. If you’re growing, consider integrating it into your HR or compliance system.
While the right content depends on the context, most authorisation forms for Australian small businesses should cover the following.
1) Details Of The Authoriser (Your Business)
- Legal name of the business entity
- ABN/ACN (as relevant)
- Registered address (or principal place of business)
- Contact details (email/phone)
If you operate through a company, use the exact company name and ACN as shown on ASIC records. Small differences in names can cause delays.
2) Details Of The Authorised Representative
- Full legal name
- Position/title (for example, Operations Manager)
- Contact details
- Optional: ID verification details (only if appropriate and necessary)
If the authorised person is a contractor (for example, a virtual assistant or outsourced admin provider), make sure your internal arrangements and contracts also support that delegation.
3) Exactly What They Are Authorised To Do
This is the heart of your authorisation form. Be specific and use plain English.
For example, you might authorise someone to:
- request and receive copies of invoices and account statements;
- place purchase orders up to a specified amount;
- approve refunds up to a specified amount;
- discuss and negotiate contract terms (but not sign);
- sign certain documents (list them);
- collect goods from a warehouse (include collection reference details if needed).
Where possible, separate “can negotiate” from “can sign”. That one distinction alone prevents a lot of issues.
4) What They Are NOT Authorised To Do
This section is often missed, but it can be extremely helpful for risk control.
Examples include:
- They cannot enter into contracts on behalf of the business (unless expressly stated).
- They cannot change bank account details for payments.
- They cannot access sensitive customer information unless required for the task.
- They cannot approve settlement offers or waive fees without written approval.
These boundaries protect you and also guide your staff on when to escalate.
5) Duration (Start Date, End Date, Or Event-Based Expiry)
Authorisation should not live forever by default.
You might use:
- a fixed period (for example, 3 months),
- an end date (for example, until 30 June), or
- event-based expiry (for example, “until the dispute is resolved” or “until the shipment is collected”).
Time limits reduce the risk that old authorisations get reused after roles change.
6) Signature And Execution Details
Your authorisation form needs to be signed by someone who actually has authority to bind the business.
That might be:
- a director (for a company),
- the business owner (for a sole trader), or
- a partner (for a partnership), depending on your structure and internal arrangements.
If you’re unsure who should sign, it’s worth tightening up your internal governance documents (for example, a Company Constitution for a company) so you’re not relying on guesswork.
If the authorisation form allows someone to access personal information (for example, a customer’s records), make sure your privacy compliance is aligned end-to-end.
Depending on the scenario, this might include:
- confirming the individual consents to collection/use/disclosure,
- linking the authorisation to your Privacy Policy, and
- ensuring you have an appropriate privacy collection notice in place where you collect personal information.
Keep in mind that privacy obligations can be complex. While many small businesses may be covered by the “small business exemption” under the Privacy Act 1988 (Cth), that exemption doesn’t apply in every case (including for some businesses handling health information or where the business has opted in). Even where an exemption may apply, clear consent and good privacy practices are still important for customer trust and risk management.
Authorisation forms are simple in concept, but small mistakes can make them ineffective (or risky).
Using A “One-Size-Fits-All” Authorisation For Everything
If your authorisation form is too broad, you may accidentally empower someone to make commitments you didn’t intend.
It can also backfire with third parties who want authorisation tied to a specific account or transaction. Where possible, tailor the authority to the task.
Not Matching Your Actual Business Structure
Many businesses trade under a business name, but the legal contracting party might be a company or an individual.
If the authorisation form is issued in the wrong name (or signed by the wrong entity), third parties may reject it, or you may later have a dispute about whether authority existed at all.
Not Updating Authorisations When People Change Roles
Promotions, resignations and contractor changes happen. If old authorisations are still floating around, you can end up with someone who no longer works with you still having access to accounts or information.
A good practice is:
- review authorisations every 6-12 months, and
- immediately revoke/replace authorisation when someone leaves or changes roles.
Confusing Authority With Employment Terms
An authorisation form is not a substitute for a proper employment agreement.
If you’re delegating authority to staff (especially authority to commit spend or manage customers), it’s a good idea to also have clear employment documentation and policies that set expectations and boundaries.
In many cases, a tailored Employment Contract helps you reinforce confidentiality, role responsibilities and conduct expectations alongside your authorisation process.
Not Considering How Authorisation Is Given Online
Many approvals happen via email, project management tools, or procurement platforms. If your team is giving approvals informally, you may want to standardise the workflow so the business has a clear record of “who approved what”.
This isn’t just operationally helpful - it can matter a lot if there’s a later dispute about scope, pricing, or whether a variation was approved.
Key Takeaways
- An authorisation form is a practical way to show who can act on behalf of your business, and it helps third parties accept instructions with confidence.
- Small businesses commonly need authorisation forms for supplier dealings, account access, customer disputes, finance arrangements and contract approvals.
- A good authorisation form clearly sets out the authorised person, the exact scope of what they can do, what they can’t do, and how long the authority lasts.
- Be especially careful where authorisation involves signing contracts or accessing personal information - clear limits and privacy alignment matter.
- Keeping authorisations current (and revoking old ones when roles change) reduces the risk of unauthorised commitments and information leaks.
This article is general information only and doesn’t take into account your specific situation. If you’d like legal advice on what authority wording you should use (or who can sign for your business), you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
