diff --git a/RIGS/migrations/0029_eventauthorisation_sent_by.py b/RIGS/migrations/0029_eventauthorisation_sent_by.py
new file mode 100644
index 00000000..80c86299
--- /dev/null
+++ b/RIGS/migrations/0029_eventauthorisation_sent_by.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+from django.conf import settings
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('RIGS', '0028_migrate_purchase_order'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='eventauthorisation',
+            name='sent_by',
+            field=models.ForeignKey(default=1, to=settings.AUTH_USER_MODEL),
+            preserve_default=False,
+        ),
+    ]
diff --git a/RIGS/models.py b/RIGS/models.py
index 9b73a1ab..31496ed0 100644
--- a/RIGS/models.py
+++ b/RIGS/models.py
@@ -513,6 +513,7 @@ class EventAuthorisation(models.Model, RevisionMixin):
     account_code = models.CharField(max_length=50, blank=True, null=True)
     po = models.CharField(max_length=255, blank=True, null=True, verbose_name="purchase order")
     amount = models.DecimalField(max_digits=10, decimal_places=2, verbose_name="authorisation amount")
+    sent_by = models.ForeignKey('RIGS.Profile')
 
 
 @python_2_unicode_compatible
diff --git a/RIGS/rigboard.py b/RIGS/rigboard.py
index ecd15842..9213e900 100644
--- a/RIGS/rigboard.py
+++ b/RIGS/rigboard.py
@@ -272,6 +272,7 @@ class EventAuthorise(generic.UpdateView):
         form = super(EventAuthorise, self).get_form(**kwargs)
         form.instance.event = self.event
         form.instance.email = self.request.email
+        form.instance.sent_by = self.request.sent_by
         return form
 
     def dispatch(self, request, *args, **kwargs):
@@ -280,7 +281,8 @@ class EventAuthorise(generic.UpdateView):
             data = signing.loads(kwargs.get('hmac'))
             assert int(kwargs.get('pk')) == int(data.get('pk'))
             request.email = data['email']
-        except (signing.BadSignature, AssertionError, KeyError):
+            request.sent_by = models.Profile.objects.get(pk=data['sent_by'])
+        except (signing.BadSignature, AssertionError, KeyError, models.Profile.DoesNotExist):
             raise SuspiciousOperation(
                 "This URL is invalid. Please ask your TEC contact for a new URL")
         return super(EventAuthorise, self).dispatch(request, *args, **kwargs)
@@ -314,7 +316,8 @@ class EventAuthorisationRequest(generic.FormView, generic.detail.SingleObjectMix
             'request': self.request,
             'hmac': signing.dumps({
                 'pk': self.object.pk,
-                'email': email
+                'email': email,
+                'sent_by': self.request.user.pk,
             }),
         }
 
diff --git a/RIGS/templates/RIGS/event_detail.html b/RIGS/templates/RIGS/event_detail.html
index 3493a421..4a803e1a 100644
--- a/RIGS/templates/RIGS/event_detail.html
+++ b/RIGS/templates/RIGS/event_detail.html
@@ -170,6 +170,9 @@
                                 £ {{ object.authorisation.amount|floatformat:"2" }}
                             {% endif %}
                         </dd>
+
+                        <dt>Authorsation request sent by</dt>
+                        <dd>{{ object.authorisation.sent_by }}</dd>
                     {% endif %}
                 </dl>
             </div>
diff --git a/RIGS/templates/RIGS/invoice_detail.html b/RIGS/templates/RIGS/invoice_detail.html
index d8da9182..a55927f8 100644
--- a/RIGS/templates/RIGS/invoice_detail.html
+++ b/RIGS/templates/RIGS/invoice_detail.html
@@ -110,6 +110,9 @@
                                     £ {{ object.event.authorisation.amount|floatformat:"2" }}
                                 {% endif %}
                             </dd>
+
+                            <dt>Authorsation request sent by</dt>
+                            <dd>{{ object.authorisation.sent_by }}</dd>
                         </dl>
                     </div>
                 </div>
diff --git a/RIGS/test_functional.py b/RIGS/test_functional.py
index 5d3bf245..c854a91b 100644
--- a/RIGS/test_functional.py
+++ b/RIGS/test_functional.py
@@ -952,6 +952,13 @@ class ClientEventAuthorisationTest(TestCase):
     }
 
     def setUp(self):
+        self.profile = models.Profile.objects.get_or_create(
+            first_name='Test',
+            last_name='TEC User',
+            username='eventauthtest',
+            email='teccie@functional.test',
+            is_superuser=True  # lazily grant all permissions
+        )[0]
         venue = models.Venue.objects.create(name='Authorisation Test Venue')
         client = models.Person.objects.create(name='Authorisation Test Person', email='authorisation@functional.test')
         organisation = models.Organisation.objects.create(name='Authorisation Test Organisation', union_account=False)
@@ -962,7 +969,8 @@ class ClientEventAuthorisationTest(TestCase):
             person=client,
             organisation=organisation,
         )
-        self.hmac = signing.dumps({'pk': self.event.pk, 'email': 'authemail@function.test'})
+        self.hmac = signing.dumps({'pk': self.event.pk, 'email': 'authemail@function.test',
+                                                      'sent_by': self.profile.pk})
         self.url = reverse('event_authorise', kwargs={'pk': self.event.pk, 'hmac': self.hmac})
 
     def test_requires_valid_hmac(self):
@@ -1015,7 +1023,7 @@ class ClientEventAuthorisationTest(TestCase):
 
     def test_duplicate_warning(self):
         auth = models.EventAuthorisation.objects.create(event=self.event, name='Test ABC', email='dupe@functional.test',
-                                                        po='ABC12345', amount=self.event.total)
+                                                        po='ABC12345', amount=self.event.total, sent_by=self.profile)
         response = self.client.get(self.url)
         self.assertContains(response, 'This event has already been authorised.')