AboutBlogBusiness First AIFounder FreedomBook a conversation

What is a decision rights framework in a small business?

May 17, 2026
Two people reviewing a printed document together at a desk in a small office
TL;DR

A decision rights framework is a simple map of who can make which decisions in your business, who can block them, and who needs to be consulted or informed. For a 5 to 50 person UK services firm, it covers pricing, contracts, hiring, and data governance, names one owner per decision, and sets escalation thresholds. It takes an afternoon to draft and removes the need for every significant call to route back to the founder.

Key takeaways

- A decision rights framework maps who owns each recurring decision in the business, who can veto it, who inputs, and who is informed. BCG's OVIS model (Own, Veto, Influence, Support) is the most widely used version. - Ambiguity about decision ownership is a common cause of bottlenecks and re-work in growing firms, not a lack of effort or skill in the team. - The ICO, FCA, and NCSC each expect UK firms to have named owners for decisions around personal data, regulated activities, cyber risk, and AI tool deployment. - Start with 10 to 20 recurring, high-impact decisions across pricing, contracts, people, finance, and technology. Name one owner per decision and set simple escalation thresholds. - A decision rights framework works best alongside delegation frameworks, RACI matrices, and standard operating procedures as the structural layer that lets a business run without the founder in every room.

A founder I spoke to recently described her week like this: she had approved a 12 per cent discount for one client, turned down a refund request for another, and personally reviewed three supplier contracts before they went out. None of these decisions needed her. But because nobody in the firm was clear on who else had the authority to say yes, everything found its way back to her desk.

That pattern has a name, and it has a straightforward fix.

What is a decision rights framework?

A decision rights framework is a simple map of who can make which decisions in your business, who can block them, who should be consulted, and who only needs to be kept informed. BCG describes it using the OVIS model: one owner with final say for each decision, optional veto roles for functions such as finance or legal, people who provide input, and those who carry out the work once the decision is made.

In a 5 to 50 person services firm, this need not be complicated. Bain & Company describe decision rights tools as a way to set clear roles and accountabilities so people know when to provide input, who should follow through, and what lies outside their scope. For a small firm that typically means a single one-page table covering the 10 to 30 recurring decisions that matter most: who can approve a discount, who can sign a contract above a certain value, who decides on a new hire. One page. Real decisions. No ambiguity.

The aim is specific: handle the recurring, high-value decisions that currently default to the founder because the alternative was never made explicit. Everything else can stay informal.

Why does it matter for a small business?

The research is clear on this. A study in Personnel Psychology found that clear roles and responsibilities improve strategy execution speed and team outcomes. Deloitte’s analysis of organisational decision-making identifies the same mechanism: when people do not know who owns which decision, the result is delay, re-work, and duplication. Often the work finds its way back to whoever seems most decisive in the room.

For a 5 to 50 person services firm, the practical consequences are familiar. Clients receive pricing promises that cannot be honoured because the account manager was unsure of their authority. Refund requests wait three days for a founder who is travelling. New staff discover that decisions they assumed they owned are quietly reclaimed whenever the stakes become high enough.

BCG reports that clarifying decision rights using their OVIS model “unstuck” stalled work in large organisations by limiting ownership of key decisions to a single individual and restricting veto power to a small number of people. The mechanism applies at any scale: fewer, clearer owners and vetoes produce faster, more predictable decisions. The size of the organisation changes the number of decisions on the list, not the underlying logic.

Where will you actually meet it in practice?

The places a decision rights framework shows up in a small services firm are almost always the same: pricing above a threshold, contract terms over a certain value, client acceptance decisions, refunds, and which AI tools can handle which types of data. These are the recurring decisions that either bottleneck at the founder or, when left unclear, generate commitments the business cannot keep.

LSA Global suggest focusing on the “critical few” decisions that drive revenue or carry risk, rather than mapping every judgement call the business makes. In practice, a small firm will often find that 10 to 15 decisions cover the recurring situations that create the most friction: who can approve discounts above 10 per cent, who can sign contracts above a given value, who accepts or rejects high-risk clients, who authorises refunds or write-offs, and who decides which tools can hold client data.

That last category deserves its own line. As AI tools become common in small firms, the ICO’s accountability guidance makes clear that someone within the organisation must make decisions about how personal data is used, including decisions about which AI systems it can be fed into. If that owner is unnamed, those decisions still get made, just informally, without a clear record of who was responsible.

When should you bother, and when is it overkill?

The framework earns its cost when you have recurring, high-impact decisions that currently bottleneck at the founder, carry compliance risk, or generate confusion about who can say yes. LSA Global suggest starting with the “critical few” that disproportionately affect revenue or risk. If your firm is FCA-authorised, operates under SM&CR, or handles personal data, clearer decision allocation is already an expectation from your regulator.

The FCA’s Senior Managers and Certification Regime requires authorised firms to assign named individuals to specific areas of responsibility. The NCSC’s guidance on cyber security and AI deployment asks organisations to name who decides on risk appetite, tool approval, and incident response. The ICO expects data controllers to have clear internal accountability for data decisions. None of these obligations is satisfied by a general sense that “management” handles it.

The cases where a framework genuinely adds no value are fewer than founders tend to assume. A two or three person team working together daily may find informal communication sufficient for now. And no framework should cover trivial, one-off decisions where the overhead outweighs any benefit. But if your firm is growing, taking on staff, adopting AI tools, or operating in any regulated context, the informal version breaks well before you notice it has broken.

What concepts sit alongside it?

A decision rights framework works best alongside related tools. Delegation frameworks specify what authority each role carries as a matter of standing, day to day. RACI matrices clarify who is Responsible, Accountable, Consulted, and Informed on a given task or project. Standard operating procedures set out the how once the who is settled. Think of these three together as the structural layer of a business that can run without the founder present in every room.

The relationship between them is practical rather than theoretical. A RACI tells you who does what on a specific piece of work. A delegation framework sets the standing authority each role holds. A decision rights framework handles the boundary cases: the recurring decisions that sit at the edges of roles, the choices that currently fall back to the founder because nobody agreed in advance who owned them.

If your firm already has a team handbook or role descriptions in place, some of this may be implicit. A decision rights framework makes it explicit. It names the owner for each decision category, sets the thresholds that trigger escalation, and gives new staff a clear picture of what they can and cannot decide without checking. The Founder Freedom Programme covers how to build this alongside the other structural pieces that free a founder from day-to-day operational dependency.

Sources

- BCG (2022). Clarifying Decision Rights with the OVIS Framework. Describes the OVIS model for assigning decision ownership, covering Owner, Veto, Influence, and Support roles per decision. https://www.bcg.com/industries/public-sector/decision-rights-using-ovis-framework - Bain & Company (accessed 2026). Management Tools: Decision Rights Tools. Sets out how decision rights tools clarify who recommends, who decides, and who is informed, reducing duplication and indecision in organisations of all sizes. https://www.bain.com/insights/management-tools-decision-rights-tools/ - Deloitte Insights (2020). Getting organisational decision making right. Analysis showing that clear decision rights reduce duplication and indecision, with particular relevance to growing firms where informal authority starts to break down. https://www.deloitte.com/us/en/insights/topics/talent/organizational-decision-making.html - LSA Global (accessed 2026). Decision Rights Framework: 7 Steps to Drive Performance. Practitioner guidance on focusing on the "critical few" decisions that disproportionately affect strategic priorities rather than mapping every judgement call. https://lsaglobal.com/decision-rights-framework-7-steps-to-drive-performance/ - ICO (accessed 2026). Accountability framework: Governance and accountability. ICO guidance requiring organisations to assign clear internal responsibilities for data protection decisions, including who decides how personal data is used. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-framework/ - ICO (2023). Generative AI and data protection. ICO guidance on governance requirements for AI tools processing personal data, including named ownership of AI usage decisions and risk sign-off. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/generative-ai-and-data-protection/ - FCA (accessed 2026). Senior Managers and Certification Regime: Guide for FCA solo-regulated firms. Sets out the requirement for authorised firms to assign named Senior Management Function holders with clear responsibilities for each key business area and decision. https://www.fca.org.uk/publication/policy/ps18-14.pdf - NCSC (accessed 2026). Board Toolkit: Cyber security and risk management. Guidance that organisations should clearly assign responsibility for cyber risk decisions, risk appetite, and change control over tools including AI systems. https://www.ncsc.gov.uk/collection/board-toolkit/risk-management - CMA (2023). AI foundation models: initial review. Sets out the CMA's expectation that firms using AI maintain decision-making oversight over how AI is deployed in pricing, marketing, and customer-facing activities. https://www.gov.uk/government/publications/ai-foundation-models-initial-review

Frequently asked questions

What is the simplest way to start building a decision rights framework for a small business?

Spend an hour listing the 10 to 20 decisions that currently create bottlenecks or confusion, typically around pricing, contracts, hiring, client acceptance, and spending limits. For each, name one person as the owner, set a threshold that triggers escalation, and note who should be consulted or informed. Write it on a single page, share it with the team, test it for a month, and revise where things still stall.

Does my firm need a decision rights framework if it is not regulated?

Even without formal regulatory obligations, unclear decision ownership creates real costs. Delayed approvals, client promises that cannot be honoured, and decisions that default to the founder by habit rather than design all slow a business down. A lightweight framework covering 10 to 15 recurring decisions typically takes a couple of hours to draft and can be the difference between a team that operates independently and one that waits for you.

How does a decision rights framework differ from a RACI matrix?

A RACI matrix clarifies who is Responsible, Accountable, Consulted, and Informed on a specific task or project. A decision rights framework operates at a different level: it defines who has the standing authority to make a category of recurring decision, such as approving discounts above a threshold or signing contracts above a given value. The two tools work well together. RACI handles task execution; decision rights handle standing authority.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

Two professionals reviewing documents together across a meeting table

Should your management team buy the business?

A practical guide for founders weighing up whether their management team is ready to buy the business and what the decision actually turns on.

Two professionals in a focused conversation across a meeting table with papers and a laptop between them

How private equity buyers approach law, accountancy and consultancy firms

Private equity is moving into UK law, accountancy and consulting at pace. Here is what PE buyers look for, how they change firms, and what it means for UK owner-operators who may or may not want to sell.

Two people in discussion across an office desk, papers spread between them

Comparing the main succession planning options for owners

Five succession routes for UK owner-managed businesses explained: the trade-offs between family transfer, MBO, EOT, trade sale, and wind-down, and how to choose.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd