Framework · AI Strategy

The AI Operating Model
Framework

This is something I have been developing as I work alongside organisations progressing their AI strategy. It's rooted in my experience designing, building, and embedding new operating capabilities — and it draws on a wide range of published research and frameworks, all of which are referenced below. The result is something I find genuinely practical: a way to help organisations shape the right outcome and identify which parts of the model matter most at a given point in time.

Suzanne Bartkiw Enterprise Architecture & AI Strategy v2.0 · 2025
Where it comes from

Experience and evidence, combined

Most AI strategies focus on what to build — which models to deploy, which use cases to prioritise, which vendors to select. That's necessary, but is it sufficient? The harder and more important question is whether the organisation is designed to make AI work at scale.

Gartner's 2025 research found that only 19% of AI leaders have a strategy fully embedded in their business strategy, and 41% lack widespread participation in their AI programme. McKinsey's analysis of agentic AI adoption points to the same root cause: technology is rarely the bottleneck. Governance gaps, unclear accountability, poor data foundations, and change management failures are.

A reference architecture tells you what to build. An operating model tells you what needs to be true for it to work.

The AI Operating Model addresses this gap. It draws on published research from McKinsey, Deloitte, Gartner, BCG, MITRE, NIST, and the World Economic Forum, synthesised through my own experience working in organisations to design and embed new operating capabilities. It is not a consulting deliverable — it's a working tool I use and continue to evolve.

9
Components across three layers
3
Layers: Strategic, Operational, Enabling
5
Cross-cutting themes
14
Source frameworks synthesised
The framework

Nine components. Three layers.

The framework organises AI operating model requirements into three conceptual layers. Unlike a checklist or implementation guide, it describes conditions — things that need to be designed, owned, and maintained — rather than tasks to complete once and move on from.

Click any layer to see the components within it.

Strategic layer Direction, selection & structure

The choices that set the direction, ambition, and structural architecture for AI across the enterprise. These are the decisions that determine what AI is for — and who is accountable for it.

C1
Strategy & Value Architecture
How AI connects to corporate strategy, how the portfolio of AI investments is managed, and how value is defined and tracked.
C2
Value Selection & Prioritisation
A structured method for evaluating AI opportunities — classifying value type, assessing feasibility, sequencing dependencies, and ranking against each other before committing.
C3
Organisational Design & Governance
How AI accountability is structured — centralised CoE, federated, or hub-and-spoke — and how governance bodies, decision rights, and operating rhythm are designed.
Operational layer Data, technology & people

The execution machinery — the data, technology, governance controls, and talent that make AI work in practice. Strong strategic decisions fail here if the operational conditions aren't in place.

C4
Data Foundation
Data quality, access, lineage, and governance — the precondition for all AI. The single biggest predictor of whether an AI initiative succeeds or fails.
C5
AI Technology Architecture & MLOps
The platforms, pipelines, and engineering practices that take AI from prototype to production — and keep it working reliably once it's there.
C6
AI Governance, Risk & Responsible AI
Risk classification, model risk management, regulatory compliance (EU AI Act and beyond), and the mechanisms that turn ethical principles into operational controls.
C7
Talent, Roles & Workforce Design
The specialist AI roles the organisation needs, how the broader workforce is built for AI fluency, and how human-AI work is designed — not assumed.
Enabling layer Culture, change & measurement

The cultural and measurement systems that sustain AI capability over time. These are the components most often treated as afterthoughts — and the ones most responsible for AI programmes that fail to scale.

C8
Culture & Change Management
Leadership narrative, psychological safety, adoption culture, and change management embedded in every AI deployment — not bolted on at the end.
C9
Performance Measurement & Continuous Improvement
How AI value is measured and attributed, how the operating model learns and improves, and how the AI strategy refreshes as the landscape changes.
Cross-cutting themes

Five themes run through every component simultaneously. They can't be owned by a single component and then considered someone else's problem — they have to be addressed across the whole framework. Here's what that looks like in practice.

Responsible AI
Does every component ask: is this fair, explainable, and safe?
Applied well
An organisation building a customer-facing recommendation engine runs a bias assessment during development, requires a human review gate before deployment, and monitors fairness metrics in production — not as a compliance checkbox at the end, but as part of how the system is designed from the start.
When ignored
Responsible AI is assigned to the governance team as a pre-deployment sign-off. Technology teams build without those constraints in mind, discover issues late, and either delay launch or ship with known risks. The governance function becomes a bottleneck rather than a design input.
Human-AI collaboration
Have we decided what humans do, what AI does, and what happens at the boundary?
Applied well
When deploying an AI system that assists with credit decisions, the organisation explicitly defines which decisions AI can make autonomously, which require human review, and which must be made entirely by a person. Staff are trained on the new workflow before go-live, not after.
When ignored
An agentic AI system is deployed to handle customer queries. No one has defined the escalation boundary — when should it hand off to a human? The system handles edge cases badly, staff don't know when to intervene, and customers receive inconsistent service. The technology works; the work design doesn't.
Regulatory compliance
Is compliance a design constraint from the start, or a review at the end?
Applied well
A financial services organisation uses the EU AI Act's risk classification tiers to determine, at the intake stage, which use cases require independent validation, which need explainability controls, and which can proceed with standard review. Regulatory requirements shape the architecture — they don't delay it.
When ignored
A healthcare organisation builds an AI triage tool over six months, then discovers it likely qualifies as a high-risk system under the EU AI Act and requires conformity assessment documentation that was never captured during development. The launch is delayed by months while the team reconstructs evidence retrospectively.
Change management
Is adoption being designed, or assumed?
Applied well
Every AI use case going to production requires a stakeholder impact assessment and a change plan as part of the delivery process — not as a separate project. The teams who will work with the new system are involved in design, trained before go-live, and asked for feedback at 30 and 90 days. Adoption is tracked as a success metric alongside technical performance.
When ignored
A sophisticated AI tool is deployed to a sales team. Usage is low six months later. Investigation reveals: staff weren't consulted during design, training was a one-hour webinar, and no one explained how it fitted into their existing workflow. The technology was sound. The change was not managed.
Value measurement
Can we demonstrate that AI is delivering — and to whom?
Applied well
At the point a use case is approved, the team defines the outcome metrics it will be measured against — not vague productivity gains, but specific business results with a baseline and a measurement method. Six months post-deployment, the organisation can say: this system reduced processing time by 40% and is attributable to a saving of X. The board receives this as part of regular AI reporting.
When ignored
An organisation deploys fifteen AI initiatives over two years. When the board asks what value has been delivered, no one can give a credible answer — metrics weren't defined upfront, benefits weren't tracked, and attribution is impossible. Investment continues on the basis of activity rather than outcome. Eventually, confidence in the programme erodes.
How it's different

A design framework, not a task guide

Most AI strategy guides — including Gartner's excellent reference guide — are structured as execution sequences: Strategize, then Plan, then Execute. That's useful for getting started. But it implies a waterfall that doesn't reflect how operating model components actually work.

Governance, data foundations, talent, and culture aren't things you address in the Execute phase and then stop. They are ongoing structural conditions. If they're not designed and owned properly from the beginning, the technology layer — no matter how good — won't deliver at scale.

The AI Operating Model is organised by conceptual layer rather than execution phase. The strategic layer sets direction and structure. The operational layer delivers capability. The enabling layer sustains it. All nine components operate simultaneously — and all five cross-cutting themes run through every one of them.

It's also built to work in regulated environments. The governance and responsible AI components incorporate the NIST AI Risk Management Framework, EU AI Act risk classifications, the IIA Three Lines Model, and ISO/APQC process standards — not as compliance checklists, but as design inputs that shape how the operating model is built.

Sources & attribution

What I drew on

The framework synthesises published research, practitioner frameworks, and regulatory standards. I've drawn on these to build a coherent design framework — the synthesis, structure, and design decisions are my own original work, but the intellectual foundations are real and properly acknowledged here. I'm grateful to the researchers and practitioners whose thinking informed mine.

Consulting & management research
McKinsey & Company The Agentic Organization: Contours of the Next Paradigm for the AI Era 2025
Informed the organisational design and governance structure component, particularly the shift from centralised to federated AI capability models and the implications of agentic AI for workforce design.
McKinsey & Company The Gen AI Operating Model: A Leader's Guide 2024
Foundational for the overall operating model structure — particularly the distinction between strategy, delivery, and enablement layers, and the emphasis on value realisation discipline.
Deloitte AI Institute State of AI in the Enterprise 2026 2026
Survey of 3,235 leaders. Provided empirical grounding for the talent, culture, and measurement components — particularly around adoption barriers and the gap between AI ambition and operational readiness.
Deloitte The Rise of the AI Operating Model: Why Every Business Needs an AI Centre of Excellence Now 2024
Informed the organisational design choices, particularly the hub-and-spoke CoE model and the conditions under which centralisation vs federation is appropriate.
Gartner Reference Guide for AI Strategy July 2025
Authors: Rita Sallam, Frances Karamouzis, Nate Suda, Hung LeHong. Contributors: David Mayer, Paul Friedman, Rachel Ratcliffe (Executive Partners)
Provided the Defend / Extend / Upend business case typology, the AI ambition opportunity radar, and empirical data on AI strategy maturity (19% fully embedded; 41% lacking widespread participation). Informed the value selection and prioritisation component.
Boston Consulting Group Enterprise-as-Code: Standardising AI Processes for Repeatability at Scale 2024
Informed the AI Technology Architecture & MLOps component — particularly the industrialisation of AI delivery and the principle of treating enterprise processes with the same rigour as software development.
California Management Review Governing the Agentic Enterprise: A New Operating Model for Autonomous AI at Scale 2026
Informed the governance and responsible AI component, particularly the challenge of real-time embedded oversight for agentic systems and the limitations of periodic committee review in fast-moving AI environments.
Tribe AI AI Operating Model: Structure, Governance, and Deployment 2024
tribe.ai/applied-ai/ai-operating-models ↗
Practitioner synthesis that informed role architecture definitions and the framing of data readiness as the primary predictor of AI project success.
Agility at Scale AI Operating Model and Organisational Readiness: Component Analysis 2026
agility-at-scale.com ↗
Informed the maturity progression model and the framing of operating model readiness as a precondition for AI delivery success.
Standards, frameworks & regulation
NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0) 2023
airc.nist.gov/RMF ↗
The AI RMF's four functions — Govern, Map, Measure, Manage — directly informed the structure of the AI Governance, Risk & Responsible AI component, and the principle that governance must be embedded into the development lifecycle rather than applied at the end.
European Union Artificial Intelligence Act — Regulation (EU) 2024/1689 Effective August 2024
artificialintelligenceact.eu ↗
The EU AI Act's risk classification tiers (unacceptable, high, limited, minimal) are used in the governance component as the design basis for tiered review requirements and conformity assessment obligations. Referenced in the regulatory compliance cross-cutting theme.
MITRE Corporation AI Maturity Model 2023
mitre.org ↗
MITRE's six pillars — Ethical/Equitable Use; Strategy & Resources; Organization; Technology Enablers; Data; Performance — provided a cross-validation reference for the framework's component coverage. The maturity progression model draws on MITRE's staged maturity approach.
Institute of Internal Auditors Three Lines Model 2020
theiia.org ↗
The IIA Three Lines Model (operations, risk/compliance functions, internal audit) informed the accountability structures in the governance and organisational design components — particularly the distinction between first-line AI ownership, second-line oversight, and independent assurance.
APQC Best Practices in AI Process Management and Measurement 2024
apqc.org ↗
Informed the value measurement and continuous improvement component — particularly the definition of outcome metrics at intake and the principle of measuring AI adoption as a value driver in its own right.
World Economic Forum Future of Jobs Report 2025 2025
weforum.org ↗
The WEF's analysis of AI-driven job displacement and creation (170M new roles, 92M displaced) informed the workforce design and human-AI collaboration components — particularly the need to explicitly redesign roles rather than assume AI adoption happens naturally.

Let's talk about your AI operating model

If you're working through AI strategy, governance design, or enterprise architecture in a regulated environment — I'm happy to have a conversation.

Get in touch ↗