I also want to note that the scenario was not binary as you present. You can understand the root cause and use a superficial fix (like the AD), not to avoid a more comprehensive fix, but as an interim action to be followed by one or multiple additional rounds of improvement. You could also not understand a root cause, but know the effects well enough to mitigate them while you continue to investigate the root cause. I have not read the IG report in detail, but I have familiarized myself with it, and the actual logic stated in the IG report was:
"FAA’s risk analysis also indicated that the AD mitigated the risk sufficiently enough to allow continued aircraft operation for a limited period of time, until July 2019, while the software fix was being developed and implemented on the existing fleet. As a result of the Lion Air accident, Boeing agreed to begin developing software design changes to MCAS. The initial proposal for the software fix would revise MCAS to compare data from both AOA sensors and limit its ability to activate multiple times."
I emphasize "initial proposal" because making a fix that could be implemented quickly did not preclude making further improvements later if deemed necessary. The deadline was July, but the initially proposed fix was intended to be ready by April.
I've read the IG report and can agree this is one of the key sections, and in particular the last sentence.
When I was thinking of "superficial fix" I was thinking of "limit its ability to activate multiple times". There's plenty of ways to do that in a superficial manner.
When I was thinking of "root cause" I was thinking of "compare data from both AOA". Once you realize you need to read both sensors someone in the loop has to realize both sensors need to be available thus the safety assessment immediately
moves from "major" to "catastrophic" as per pg 28:
In this system safety assessment, Boeing identified potential failure scenarios
related to the horizontal stabilizer and evaluated their risk. Notably, Boeing
included a scenario in which there would be an “unintended MCAS activation.”
However, Boeing assigned this failure scenario the risk rating of “Major” under
normal flight operations, which meant that there was no requirement to provide
design redundancy (i.e., a requirement for MCAS to pull data from both external
AOA sensors on the 737 MAX 8, rather than relying on a single AOA sensor as the
system was designed). Such redundancy is required for the higher-risk rating of
Boeing recognized that the risk of unintended MCAS activation could be more
severe under certain circumstances [b]if the aircraft was operating outside of normal
flight parameters. [/b]However, the company adjusted its evaluation of this risk
based on statistical analysis showing it was unlikely that a typical flight would be
operating in those circumstances, and therefore unlikely that MCAS would
activate under these conditions.
This is something multiple people called out on earlier versions of this thread so you don't extraordinary insight to draw these conclusions. People looking into this in their spare time without access to detailed design info or crash data called it out early on.
Thing is, the aircraft was not operating outside of normal flight parameters i.e. the aircraft was not in a wind up turn. That should have ruled out the "adjustment" because the accident disproved its basis. The report goes on to say JATR found Boeing didn't even do the statistical analysis correctly so we can infer it should have been deemed catastrophic from the start.
The IG report doesn't speak at all to who/what/when/where/how FAA did their risk analysis at the time, i.e. "FAA’s risk analysis also indicated that the AD mitigated the risk sufficiently". It does say:
In January 2019, FAA initiated an internal review of the original MCAS certification
process. This was the first time FAA performed its own detailed analysis of MCAS,
and according to several FAA certification engineers, it was also the first time that
they were presented with a full picture of how MCAS worked.
That date is after the risk analysis was done, so it was done before (presumably anyone in) FAA had a full picture of how MCAS worked, and it's not clear if these "certification engineers" were the same people who did the risk assessment. If they were different people it's not clear if they reached out to those who did the analysis and said "time to update your analysis", the IG report doesn't tell us.
Again, all this happened after there was a crash, so one would hope everyone involved was doing their utmost to figure out exactly what happened.