Decision Rights Matrix
When AI systems participate in decisions, the question is not whether to use them – it is who is accountable. This matrix prevents the accountability vacuum that undermines most AI deployments.
The Accountability Vacuum
Most organizations deploying AI cannot answer a basic question: When the AI is wrong, who is responsible? Not the vendor. Not the data team. Not the business unit. Not the board. The answer is usually silence – and silence is risk.
The Decision Rights Matrix assigns four explicit roles to every AI-augmented decision, eliminating ambiguity before it creates liability.
Four Roles, No Gaps
| Role | Function | Question Answered |
|---|---|---|
| Proposer | Generates recommendation or output | "What does the system suggest?" |
| Approver | Validates and authorizes action | "Who signs off?" |
| Override | Can reverse or halt the decision | "Who can say no after the fact?" |
| Auditor | Reviews outcomes, detects drift | "Who checks whether it worked?" |
Applied: Hiring Decision (AI-Assisted)
| Role | Assigned To | Authority |
|---|---|---|
| Proposer | AI screening tool + Recruiter | Generates candidate shortlist based on criteria |
| Approver | Hiring Manager | Reviews shortlist, makes interview/offer decisions |
| Override | CHRO / VP People | Can halt process if bias detected or policy breached |
| Auditor | Internal Audit / DPO | Quarterly review of outcomes, adverse impact analysis |
Implementation Principles
No role left empty
Every AI-augmented decision must have all four roles assigned before deployment. An empty cell is an unmanaged risk.
Roles map to people, not teams
Accountability requires a name, not a department. "The data team" cannot be an approver.
Autonomy level determines role weight
At L1 (Assisted), the Approver matters most. At L4 (Autonomous), the Auditor becomes critical. See the Autonomy Levels Model.
Review cadence matches risk tier
High-risk decisions (EU AI Act classification) require quarterly audit. Low-risk decisions can be reviewed annually.
Governance Principle
The Decision Rights Matrix is not a permissions system – it is an accountability architecture. Its purpose is to ensure that when AI participates in a consequential decision, the answer to "who is responsible?" is never ambiguous.
Sources: NIST AI RMF 1.0 GOVERN function, ISO/IEC 42001:2023 Clause 6, EU AI Act Article 14 (Human Oversight)