Requisite Authority, Not Decision Authority

Why Governance Starts with Obligations, Not Decisions

Scroll through any governance-focused discussion on LinkedIn right now and you'll find a recurring theme: organizations need decision authority at the point of execution. The argument is intuitive. Operations move fast. People closest to the action can't wait for three levels of sign-off. Therefore, push decision-making authority as close to the action as possible.

It's a reasonable operational principle. But it isn't governance. It's operational efficiency using governance language.

What Decision Authority Gets Right

The focus on decision authority didn't come from nowhere. Decades of governance literature — COBIT, RACI, corporate governance theory, and more recently the AI governance frameworks from NIST and ISO — have centred on clarifying who can authorize what. This solves a real problem. In large organizations, ambiguity about decision rights creates paralysis, duplication, and unaccountable action. Clarifying those rights genuinely fixes things.

But this literature solves a structural problem, not a purposive one. It answers "who decides" without first answering "in service of what commitment." In stable environments where the obligations are implicit and obvious — where everyone already knows what we're trying to achieve and just needs clear lanes — that works fine. The obligations are the water the fish don't notice.

Where It Breaks Down

Consider the range of obligations that any regulated organization must fulfil: safety obligations to workers and the public, security obligations to protect people and assets, sustainability commitments to communities and future generations, quality obligations to customers, ethical obligations to stakeholders, and legal obligations to regulators and the courts. Each of these represents a promise — sometimes mandated, sometimes voluntary — that someone in the organization owns and is accountable for keeping.

Now ask: does the person who owns the safety obligation have the authority to stop a production run when conditions are unsafe? Does the person who owns the environmental commitment have the standing to redirect capital toward emission reductions? Does the person accountable for data privacy have the power to override a product decision that compromises it? In every case, the governance question isn't whether someone has decision authority in the abstract. It's whether the obligation owner has the specific authority needed to keep their promise.

When decision authority is allocated without reference to obligations, organizations end up with a familiar pathology: the safety manager has a title but not the authority to halt operations; the compliance officer can write reports but not block a non-conforming shipment; the sustainability lead can set targets but not direct spending. Decision authority exists, but it isn't matched to the obligations it's supposed to serve. The decisions are all authorized, documented, and reviewed — and the promise is still broken.

From Decisions to Obligations

The alternative isn't to abandon decision authority. It's to recognize that decision authority is derived, not foundational. The foundation is obligation ownership.

An obligation owner isn't just someone with decision rights. They are someone who has made or inherited a promise — to a regulator, a customer, a stakeholder, the public — and who is accountable for its fulfilment across time. Decision authority is one capability they need. But they also need visibility into whether the obligation is being met, the capacity to intervene when it isn't, and the organizational standing to allocate resources toward keeping the promise.

Decision-centric governance asks: "Who gets to decide what?" Obligation-centric governance asks: "Who owns the obligation, and what must be true for that obligation to be kept?" Decisions become instruments in service of obligations, not the primary object of governance.

Requisite Authority

Elliott Jaques' work on Requisite Organization offers a rigorous foundation for this shift. Jaques argued that organizational structure should be designed around the time horizon of accountability, not around functions or decision speed. Each level in his model exists because there is a qualitatively different kind of work to be done — work defined by the complexity and time span of the obligations attached to it.

In Jaques' framework, decision authority isn't a freestanding thing you allocate for efficiency. It's a consequence of the accountability structure. You have decision authority because you are accountable for a certain scope of work over a certain time horizon, and you need that authority to fulfil that accountability. Strip away the accountability and the decision authority has no justification.

This gives us a better term than "decision authority." What governance actually requires is requisite authority — the decision-making capacity necessary for an obligation owner to fulfil their obligation. The word "requisite" does the critical work. It immediately implies that something else defines what's needed. Authority isn't self-justifying. It exists because an obligation demands it.

The Diagnostic Question

Requisite authority also gives us a diagnostic that decision authority alone cannot provide: Is the authority matched to the obligation?

Too little authority relative to the obligation and you have an Operability Gap — the obligation owner made or inherited a promise but doesn't have the means to keep it. Too much authority without corresponding obligation ownership and you have unaccountable power — decisions being made by people or systems that bear no accountability for the commitments those decisions affect.

Both are governance failures. But only the obligation-first framing reveals them as such. The decision-authority crowd can't ask "is this enough?" because they have no reference point for enough. Enough for what? For speed? For efficiency? Those are operational questions. "Requisite to the obligation" is a governance answer.

What This Means for AI

When an AI agent operates autonomously, it exercises decision authority without being situated in a requisite structure. There is no one above it carrying the longer-horizon obligation. No one tracing the link from the agent's micro-decisions back to the promise that justified those decisions in the first place.

The consensus — "push decision authority to the point of execution" — is essentially flattening organizational accountability into a single layer. It optimizes for speed of action at the cost of accountability for commitments. Jaques would recognize this as the pathology he spent his career diagnosing: decisions being made at a level of complexity that the role wasn't designed to carry.

The governance design question for AI isn't "where should decision authority live." It's "where do obligations live, who owns them, and what authority do those owners need to fulfil them?" That's a fundamentally different starting point, and it produces a fundamentally different governance architecture.

The Bottom Line

Decision authority is a necessary governance mechanism but an insufficient governance foundation. The foundation is obligation ownership. Decision authority is derived from it, allocated in service of it, and meaningless without it.

The people arguing for decision authority at the point of execution aren't wrong. They're standing on a floor without knowing what's underneath it. Requisite authority — authority matched to the obligation it serves — is what's underneath.