AboutBlogBusiness First AIFounder FreedomBook a conversation

A rapid decision rights framework for owner-led firms

May 18, 2026
Two people at a meeting room table reviewing a document, one gesturing at the page
TL;DR

A decision rights framework assigns a single named owner to each significant decision and limits veto power to narrowly scoped roles, removing the ambiguity that makes founders a bottleneck as the team grows. The RAPID model from Bain & Company and OVIS from Boston Consulting Group give you practical starting points. For UK owner-managed firms, UK GDPR, NCSC guidance, and for FCA-regulated businesses the SM&CR, all make documented decision accountability an operational requirement.

Key takeaways

- RAPID (Bain & Company) and OVIS (BCG) assign a single named owner to each material decision and keep veto power narrow and domain-based, removing shared-committee drift and the founder bottleneck. - A McKinsey survey found only 20% of managers rate their organisations as excelling at both decision speed and quality; decision-rights clarity is consistently the cited differentiator. - Under UK GDPR the ICO requires documented responsibility for AI-related processing decisions; NCSC and FCA guidance adds further expectations for named accountability over AI and system governance. - The right use case is recurring decisions with genuine stakes: tooling approvals, client proposal sign-off, hiring, and data-handling decisions. Applying it to trivial choices adds overhead without value. - No framework compensates for a founder who keeps overriding decisions; real authority must transfer, not just be described on a diagram.

A founder hits around twelve people and something shifts. Questions that used to get resolved informally start backing up, not because the team lacks judgement, but because nobody has agreed where their authority starts and ends. Good decisions wait for sign-off from someone who would happily have delegated the call if they had known that was expected.

That is the decision rights problem. A framework to name it and resolve it takes an afternoon to sketch out, and pays back that time quickly.

What is a decision rights framework?

A decision rights framework is a map of who holds which role in a significant decision: who recommends an option, who can block it on specific grounds, who gathers input, who executes, and who has the final call. Two widely-used models offer practical starting points. RAPID, developed by Bain & Company, defines five roles: Recommend, Agree (narrow veto), Perform, Input, and Decide. OVIS from Boston Consulting Group runs similar logic: Owner, Veto, Input, Support.

Both models share the same core principle. Each material decision gets a single named Decider. Veto power is kept narrow and time-bounded, assigned only to people with a specific domain responsibility, such as legal review or data protection sign-off. Input roles give everyone a way to contribute without giving everyone a blocking vote. Umbrex’s RAPID guide recommends setting explicit domains for each veto role and a clear review window, so unanswered reviews trigger an escalation rather than silently stalling the decision.

For an owner-led firm, the goal is not to add bureaucracy. The point is making explicit what currently lives in the founder’s head, so that decisions can move without requiring the founder in every conversation.

Why does this matter if you run an owner-managed firm?

A McKinsey survey found only 20% of managers say their organisations excel at both decision speed and quality, with decision-rights clarity consistently cited as a differentiator. That figure comes from large businesses. The problem shows up earlier and harder in owner-managed firms, where the informal ‘ask the founder’ approach works fine at five people and breaks quietly at fifteen, usually without anyone acknowledging it has broken.

Three pressures stack up as headcount grows. First, the founder becomes the bottleneck. Applied Frameworks describes the pattern directly: what once worked as implicit shared knowledge becomes a blocker as the firm adds people. Second, inconsistency creeps in. Without clear ownership, two managers resolve the same class of problem differently, and the team learns to route everything upward for a consistent answer. Third, regulatory exposure rises. The more AI tools, client data, and regulated work you take on, the more UK regulators expect named, documented owners for decisions touching data protection, security, and compliance. That expectation is written into UK GDPR, NCSC guidance, and for FCA-authorised firms, into the SM&CR.

Where will you actually use it?

The highest-value use is recurring decisions with non-trivial stakes: approving new software above a spend threshold, signing off client proposals over a certain value, making hiring calls, or approving any processing of client data through a new AI system. These are decisions your team faces regularly enough that a standing RAPID assignment removes the need to escalate every time.

The regulatory case is direct. Under UK GDPR, the ICO’s Accountability Framework expects organisations to assign and document responsibility for data protection decisions and to demonstrate how those decisions are made. The ICO’s guidance on AI and data protection goes further, requiring firms to record who determines the purposes and means of AI-based processing and to document risk assessments and mitigations. The NCSC’s guidance on AI security similarly expects named responsibility for approving new AI systems, managing access, and leading incident response, embedded into existing risk management structures rather than treated as a one-off technical choice. For FCA-authorised firms, the Senior Managers and Certification Regime already requires clearly allocated responsibilities and a responsibilities map. A RAPID-style assignment makes that operational rather than theoretical.

If your firm uses third-party AI tools, the CMA’s 2023 review of AI foundation models is worth knowing about. It flagged concentration risk in AI supply chains and signalled future scrutiny of how firms govern their AI vendor relationships. Owning the decision about which AI providers you depend on, with a named Decider and a documented assessment, is part of sound governance at any size.

When is this worth setting up, and when can you leave it?

The clearest signal that you need this is repeated friction on the same class of decisions. If the same types of questions keep landing on your desk, or if your team is making inconsistent calls because the boundaries are not clear, a RAPID map for two or three recurring categories will pay for the time it takes to build within a month.

Where it adds less value is in very small teams, three or four people with genuine trust and daily contact, where the overhead of a formal matrix typically exceeds the benefit. BCG notes a harder limit: no framework compensates if the founder keeps overriding decisions or does not give real authority to the Owner role. The tool works only when the authority transfer is genuine, not just described.

Two failure modes are worth knowing. Applying RAPID to every small operational choice creates bureaucracy without benefit. Both Bain and Umbrex stress it should cover material decisions only. A framework that is not maintained loses its value as staff change or AI usage expands. The ICO’s accountability guidance assumes living documentation, not a static diagram drawn once and filed.

What does this sit alongside?

A decision rights framework works best when paired with adjacent tools. The firms that get the most value from it have already done related work: role descriptions that define what falls within each person’s remit by default, and some version of a delegation policy that gives the framework a wider context. On its own, a RAPID map tells you who decides. The surrounding operating system tells you what they are deciding within.

For owner-led firms working through the founder dependency problem, the decision rights piece is one of three interlocking moves. Clearer role descriptions remove the ambiguity about what each person already owns. A delegation policy lifts the threshold at which the founder expects to be consulted. A decision rights map for the recurring categories that sit above that threshold completes the picture.

The practical start is straightforward. Write down the five or ten decisions that recur in your business and currently land on you. For each one, name the Decide role, the Agree role with a specific domain, and the Perform role. Share it with your management team and give it a month. A shared document and an hour’s conversation is enough to test whether the framework fits before you build anything more formal. If you want to work through this in the context of your specific business, Book a conversation and we can map the decision categories that matter most for your firm.

Sources

- Bain & Company. RAPID Decision Making Framework. Originator of the RAPID model defining Recommend, Agree, Perform, Input and Decide roles for structured decision governance. https://www.bain.com/insights/rapid-decision-making/ - BCG. Clarifying Decision Rights with the OVIS Framework. Describes the OVIS model and BCG's case evidence that limiting ownership and veto power significantly increases decision-making efficiency. https://www.bcg.com/industries/public-sector/decision-rights-using-ovis-framework - McKinsey. Decision-making in the age of urgency. Survey finding that only 20% of managers rate their organisations as excelling at both decision speed and quality, with decision-rights clarity cited as a key differentiator. https://www.mckinsey.com/capabilities/people-and-organizational-performance/our-insights/decision-making-in-the-age-of-urgency - ICO. Accountability Framework (UK GDPR). Sets out the ICO's expectations for documented responsibility and decision governance in organisations handling personal data. https://ico.org.uk/for-organisations/accountability-framework/ - ICO. Guidance on AI and data protection. Requires organisations to record who determines purposes and means of AI-based processing and to document risk assessments and mitigations. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/ai-and-data-protection/ - NCSC. Principles for the security of machine learning. Recommends embedding named responsibility for AI system choices into existing governance and risk management structures. https://www.ncsc.gov.uk/collection/machine-learning - NCSC. Cyber security for small organisations. Advises SMEs to define named roles for approving new systems, managing access, and leading incident response. https://www.ncsc.gov.uk/collection/small-business-guide - FCA. Senior Managers and Certification Regime. Requires FCA-authorised firms to maintain clearly allocated responsibilities and a formal responsibilities map. https://www.fca.org.uk/firms/senior-managers-certification-regime - CMA. AI foundation models: initial report (2023). Flags concentration risk in AI supply chains and signals future scrutiny of governance around AI vendor relationships. https://www.gov.uk/government/publications/ai-foundation-models-initial-report - Umbrex. RAPID Decision-rights Framework. Practical guide covering standing assignments for recurring decisions, time-boxed veto roles, and escalation triggers for unresponsive reviewers. https://umbrex.com/resources/frameworks/strategy-frameworks/rapid-decision-rights-framework/

Frequently asked questions

What is the RAPID decision-making framework?

RAPID is a decision-rights model developed by Bain & Company that assigns five roles to each significant decision: Recommend (builds the proposal), Agree (holds narrow domain-based veto power), Perform (executes), Input (provides expertise and information), and Decide (makes the final call). The goal is a single named Decider for each material decision, removing the shared-committee ownership that slows decisions and makes accountability unclear after the fact.

When does a decision rights framework help a small firm?

It delivers real value when you are past around ten people and the same classes of decisions keep landing on your desk or getting answered inconsistently across the team. Recurring decisions with genuine stakes, such as approving new tools above a spend threshold or signing off client proposals, are the highest-value starting point. Applying it to small operational choices adds overhead without benefit. Start with two or three recurring categories only.

What do UK regulators expect from small firms around decision accountability?

The ICO's Accountability Framework under UK GDPR expects organisations to assign and document responsibility for data protection decisions and demonstrate how those decisions are made. The ICO's AI guidance requires firms to record who determines the purposes and means of AI-based processing and to document risk assessments. The NCSC recommends named responsibility for approving AI systems. FCA-authorised firms face the additional requirement of a formal responsibilities map under SM&CR.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

Two professionals reviewing documents together across a meeting table

Should your management team buy the business?

A practical guide for founders weighing up whether their management team is ready to buy the business and what the decision actually turns on.

Two professionals in a focused conversation across a meeting table with papers and a laptop between them

How private equity buyers approach law, accountancy and consultancy firms

Private equity is moving into UK law, accountancy and consulting at pace. Here is what PE buyers look for, how they change firms, and what it means for UK owner-operators who may or may not want to sell.

Two people in discussion across an office desk, papers spread between them

Comparing the main succession planning options for owners

Five succession routes for UK owner-managed businesses explained: the trade-offs between family transfer, MBO, EOT, trade sale, and wind-down, and how to choose.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd