The AI Operating Model for adjacent functions

The AI Operating Model describes how a company turns AI ideas into initiatives, products, and confirmed impact. But no AI initiative reaches production through the AI function alone: along the way it encounters the project office, information security, the data warehouse, enterprise architecture, compliance and legal, risk management, and procurement.

The problem this section solves. In most companies, adjacent functions connect to AI projects haphazardly and late — as a "wall of approvals" right before launch. This produces two typical failures: either the initiative stalls at the final review because of requirements no one knew about at the start, or those requirements are quietly bypassed, and the company ends up with shadow AI that lacks control over data, access, and risks.

The AI Operating Model principle. An adjacent function is not a final barrier but a built-in participant in the funnel with a predefined point of entry. For each function, the following is fixed:

Where it connects — at which stage gate of the business funnel or delivery track its involvement is mandatory.
What it receives as input — which initiative artifacts it needs in order to issue an opinion.
What it delivers as output — an opinion, requirements, constraints, or formal approval to pass a stage gate.
Antipatterns — exactly how its involvement usually breaks down and what that leads to.

Functions in this section

Project office

How the AI function's PMO synchronizes with the corporate project office: the business funnel versus the corporate project portfolio, budgets, reporting, and resources.

Information security

Where infosec connects to AI initiatives: data classification, access, secrets, the threat model for LLMs/agents, and control of shadow AI.

Data warehouse (DWH)

How the DWH and the data team supply data for AI: access to sources, quality, data contracts, and data marts for RAG and impact analytics.

Architecture

How enterprise and solution architecture connect AI products to the landscape: integrations, reuse, technology standards, and architecture review.

Compliance and legal

Where the legal and compliance functions assess AI initiatives: regulation, personal data, vendor contracts, explainability, and accountability.

Risk management

How the risk function embeds AI risks into the corporate risk perimeter: assessment, risk appetite, routing initiatives by risk level, and monitoring.

Procurement and vendors

How procurement and vendor management support the acquisition of AI products and models: supplier selection, licenses, SLAs, cost control, and dependency management.

The key idea of this section

A mature AI Operating Model does not "negotiate" with adjacent functions from scratch every time; instead, it has a map of connection points: at each stage gate, it is known in advance who participates, what they bring, and without whose opinion the initiative does not move forward. This turns approvals from a bottleneck into a predictable part of a managed conveyor.

Functions in this section​

Project office​

Information security​

Data warehouse (DWH)​

Architecture​

Compliance and legal​

Risk management​

Procurement and vendors​

The key idea of this section​