Updated: Oct 11, 2018
One of the many ways one can categorize organizational decisions is based on the risk of those decisions. PMI defines Risk as "an uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives."
PMI best practices advise us to determine preliminary risks that predicts "what could go wrong and what steps to take to mitigate the risks" at the very first stages of the project initiation phase. We want to argue here that this is not an intuitive way of solving possible problems. in our everyday life we do not first think of what could go wrong and then assign someone to fix that. We give people an area to "lookout" for and whatever goes wrong in that area would be their responsibility to manage/mitigate or even transfer the risk to other parties within the organization. This is a more attainable way to look at risk management. We should add here that this approach will not eliminate the need for risk management but adds more depth to it.
To best cover the decision making part of the risk management without having to look at the Risk Chart everytime, it is more intuitive to assign decision making authority to different individuals based on the decision they are authorized to make. But first, each organization shall create types of decisions that suits its needs and define them and assign an importance level. After that, groups or individuals should be assigned to mitigate (or transfer/accept) those risks.
Below is an example of risks types, their risks levels and potential decision makers.
(Green- Low Importance , Yellow-Medium Importance, Red-High Importance)