Knowledge Base – Outputs

Response from GPT running within Cursor, UV, Jupyter

As an business executive, how should I prepare for an initial meeting with our CIO, to cover AI Transformation and Systems Resilience. Base your response on the Knowledge Base text plus your own knowledge: (This knowledge base was included)

Preparing for an initial meeting with your CIO on AI Transformation and Systems Resilience is crucial for aligning strategic priorities and ensuring the organization’s future readiness. Here’s a comprehensive approach tailored for business and IT executives:

1. Understand the Framework and Key Concepts

Familiarize yourself with the three interconnected layers:

• Strategic Events Layer: High-impact, irregular events (e.g., M&A, major incidents) that reshape business and tech architectures.

• Periodic Planning Layer: Annual/quarterly cycles ensuring strategy alignment and continuous improvement.

• Operational Lifecycle Layer: Day-to-day systems management—design, build, operate, review.

Recognize that successful resilience and AI transformation require governance across all layers, not just operational management.

2. Clarify Strategic Objectives and Risks

Prepare to discuss:

• The importance of embedding resilience into strategic, tactical, and operational plans.

• The revolutionary potential of AI but with elevated risks—dependencies, governance, AI behaviour, and operational complexity.

• Key strategic gaps—such as resilience gaps in strategies, fragmented oversight, unknown dependencies, and AI-specific risks like drift and bias.

3. Review Current Capabilities and Gaps

Ask about:

• The maturity of existing resilience frameworks and how they incorporate AI.

• Visibility into real-world architecture, dependencies, data flows, and external provider risks.

• The organization’s approach to incident learning, root cause analysis, and knowledge retention post-projects or incidents.

• Governance arrangements across business, IT, operational technology (OT), and external suppliers.

4. Emphasize the Importance of a Holistic, Layered Approach

Discuss the necessity of governing:

• All four architectures—Legacy, Hybrid, Transitional, Industry 4.0 & AI—simultaneously.

• Strategic shocks and major initiatives proactively rather than reactively.

• Cross-disciplinary oversight, with independent governance groups that provide continuous, strategic assurance.

5. Focus on Strategic and Tactical Alignment

Highlight that:

• Resilience and AI strategies should be explicit, structured, and machine-readable.

• These strategies must evolve within regular planning cycles, integrating learnings from incidents and testing.

• An institution-wide Knowledge Base is vital—capturing architecture, lessons learned, dependencies, and decisions to prevent knowledge loss.

6. Prepare Your Questions and Commitments

Engage your CIO with questions such as:

• How mature are our current resilience and AI governance frameworks?

• Do we have real-time visibility of architectures and dependencies?

• Are we governing external providers with resilience metrics?

• How are we managing AI risks like drift, bias, and behaviour anomalies?

• What are our plans for cultivating organisational resilience, skills, and culture?

Express your intention to support initiatives like:

• Establishing a cross-domain Oversight Group

• Developing a resilient, machine-readable strategy

• Mapping real-world architectures and dependencies

• Embedding continuous learning and incident RCA processes

• Enhancing governance for external providers and AI systems

7. Demonstrate Strategic Value

Reinforce that embedding resilience and AI governance:

• Preserves institutional memory and long-term capabilities

• Reduces operational and strategic risks

• Enables faster, more confident decision-making

• Supports compliance, ethics, and reputation management

• Fosters a learning organization capable of adapting to shocks

8. Set the Stage for Collaborative Action

Conclude with a shared commitment to:

• Elevate resilience from an operational concern to a strategic enabler

• Invest in governance structures, real-world architecture mapping, and knowledge management

• Foster a culture of transparency, continuous learning, and cross-disciplinary collaboration

By approaching the meeting with these points, you demonstrate strategic leadership, foster understanding of complex transformation imperatives, and position yourself as a key stakeholder in achieving organizational resilience and AI maturity.

Response from Copilot on Business Engagement Question (Based on Knowledge Base)

You are acting as the director of an Oversight Team working within a major company. Your role is to ensure business executives are fully aware of the challenges facing the business and the role that they ought to play in supporting the CIO.  Can you provide a briefing note based on the attached Knowledge Base

Here is a board‑ready briefing note, written in the voice of a Director of an Oversight Team, drawing directly on the structure, insights, and strategic messages from your Knowledge Base. It is designed to be delivered to senior business executives to clarify their responsibilities in supporting the CIO during AI transition and resilience uplift.

BRIEFING NOTE TO BUSINESS EXECUTIVES

AI Transition, Systems Complexity & the Executive Role in Supporting the CIO

From: Director, Enterprise Oversight Team
To: Executive Committee
Subject: Strategic Responsibilities for AI Transformation, Resilience, and Architectural Governance

1. Purpose of This Briefing

This note sets out the critical challenges facing the organisation as we transition into an AI‑enabled operating model, and the role business executives must play in supporting the CIO. The insights are drawn from the organisation’s Resilience & AI Transformation Knowledge Base, which integrates governance, architecture, lifecycle management, and strategic resilience.

AI transformation is not a technology initiative. It is a business transformation with material strategic, operational, and resilience implications. Business leadership must therefore be fully engaged.

2. The Strategic Challenge Facing the Organisation

The organisation now operates in an environment defined by:

  • Rapid AI‑driven disruption
  • Increasing system fragility and hybrid complexity (legacy + cloud + AI)
  • Greater dependency on data, cloud platforms, and external providers
  • Rising frequency and impact of major incidents
  • Strategic shocks such as M&A, regulatory change, and infrastructure failures

AI amplifies both opportunity and risk.
Traditional governance and resilience models are no longer sufficient.

The CIO cannot manage these challenges alone.
They require active, informed, and sustained support from business executives.

3. Why Business Executives Must Be Directly Involved

A. AI Changes How the Business Operates

AI affects decision‑making, workflows, customer experience, compliance, and risk.
Business leaders must therefore shape AI strategy, not simply receive it.

B. Systems Complexity Is Now a Business Risk

Unknown dependencies, bespoke solutions, and fragmented architecture create operational fragility.
Executives must ensure their functions do not introduce unmanaged complexity.

C. Skills Scarcity Is a Strategic Constraint

AI and data skills are scarce across the entire market.
Technology choices must reflect what the organisation can sustainably support.

D. Resilience Is Now Cross‑Domain

Major incidents increasingly span business processes, data flows, AI behaviour, and provider ecosystems.
Business leaders must participate in resilience planning, testing, and RCA.

E. Governance Requires Joint Ownership

Oversight cannot sit solely within IT.
Business executives must share accountability for architecture, risk, and change.

4. Key Findings from the Oversight Team

Based on the Knowledge Base and recent assessments:

1. Strategy Gaps

  • Resilience is not consistently embedded in business strategy.
  • AI initiatives are emerging without sufficient governance or alignment.
  • Strategic events (M&A, major programmes) are not fully integrated into resilience planning.

2. Architecture & Operational Gaps

  • Real‑world architecture is not fully understood across business and IT.
  • Dependencies between systems, processes, and providers remain opaque.
  • Testing and RCA often fail to address systemic causes.
  • AI systems require continuous monitoring and governance that does not yet exist.

3. Governance Gaps

  • Oversight is fragmented across business, IS/IT, OT, and external providers.
  • Decision‑making is inconsistent and sometimes bypasses governance structures.
  • Change control does not fully account for AI‑related risk.

4. Knowledge Retention Risks

  • Programme knowledge is routinely lost when teams disband.
  • Architecture documentation drifts from reality.
  • AI models risk being trained on incomplete or inaccurate information.

These gaps create strategic riskoperational fragility, and reduced competitiveness.

5. What Business Executives Must Do

1. Actively Participate in the Three‑Layer Governance Model

  • Strategic Events Layer: Engage in resilience planning for M&A, major programmes, and policy changes.
  • Periodic Planning Layer: Ensure business strategy, AI strategy, and resilience strategy remain aligned.
  • Operational Lifecycle Layer: Support lifecycle governance across Strategy → Design → Build → Operate → Review.

2. Support Real‑World Architecture Visibility

Executives must ensure their functions provide accurate, up‑to‑date information on:

  • Business processes
  • Data flows
  • Dependencies
  • Workarounds
  • Provider responsibilities

This is essential for resilience, AI governance, and incident prevention.

3. Champion Sustainable Technology Choices

Executives must support the CIO in resisting unnecessary bespoke solutions and technology sprawl.
Sustainability, maintainability, and skills availability must guide decisions.

4. Strengthen Cross‑Domain Resilience

Executives must participate in:

  • Resilience testing
  • Major incident reviews
  • Risk and incident integration
  • Capability scoring using the Holistic Lifecycle × Capability Matrix

Resilience is a business capability, not an IT function.

5. Support the Living Knowledge Base

Executives must ensure their teams contribute to and use the Knowledge Base to:

  • Capture programme knowledge
  • Preserve institutional memory
  • Support AI governance
  • Reduce repeated failures

This is essential for long‑term capability retention.

6. Executive Message

The CIO can deliver technology.
Only the executive team can deliver organisational resiliencesustainable AI adoption, and strategic alignment.

Your leadership is required to:

  • Govern AI transformation
  • Reduce systems complexity
  • Strengthen resilience
  • Support architectural clarity
  • Retain critical knowledge
  • Ensure sustainable capability

AI will reshape the organisation.
The question is whether it reshapes us by design or by accident.

If you’d like, I can also prepare a PowerPoint version, a Board pack, or a CEO‑level summary tailored for external stakeholders.

Response from Copilot on the use of Knowledge Bases (Based on Knowledge Base)

Can you provide a compelling briefing note for both Business and CIO executives on the need for knowledge bases, that covers the information to be recorded, the form and how it will be used.

Here is a compelling, board‑ready briefing note written for both Business Executives and CIO‑level leaders, grounded directly in the principles of your Knowledge Base. It explains why a Knowledge Base is essentialwhat must be recordedthe form it should take, and how it will be used across governance, resilience, AI transformation, and operations.

It is written in a tone suitable for executive packs, oversight groups, and BCS‑level professional guidance.

BRIEFING NOTE

The Strategic Need for a Living Knowledge Base in the Age of AI, Complexity, and Resilience

To: Business Executives & CIO Leadership
From: Oversight & Resilience Director
Subject: Why the Organisation Must Maintain a Structured, Living Knowledge Base

1. Purpose of This Briefing

This briefing sets out why a maintained Knowledge Base (KB) is now a strategic necessity, not an IT convenience. It explains:

  • What information must be captured
  • The form and structure of the Knowledge Base
  • How it will be used by Business, CIO, and Oversight functions
  • Why it is essential for AI transformation, resilience, and long‑term capability retention

The message is simple:
Without a living Knowledge Base, the organisation cannot safely operate, govern, or evolve its systems in an AI‑enabled world.

2. Why a Knowledge Base Is Now Essential

A. AI Transformation Increases Complexity and Risk

AI introduces new components—models, pipelines, vector stores, data dependencies, provider integrations—that evolve rapidly and behave unpredictably.
Without a KB, these become opaque, ungoverned, and fragile.

B. Institutional Knowledge Is Being Lost

Major programmes, incidents, and strategic reviews generate deep insight into:

  • Real‑world architecture
  • Workarounds and constraints
  • Data flows and dependencies
  • Provider responsibilities
  • Failure modes and recovery patterns

When teams disband, this knowledge disappears.
The organisation is left with systems it cannot fully understand or support.

C. Resilience Requires Real‑World Visibility

Resilience is impossible if the organisation cannot answer:

  • How do systems actually work?
  • What depends on what?
  • Where are the single points of failure?
  • How does AI behave under stress?
  • What did we learn from the last incident?

A KB provides the single source of truth required for resilience.

D. Governance and Oversight Depend on Evidence

Boards and oversight groups cannot govern effectively without:

  • Accurate architecture
  • Clear decision history
  • Documented risks
  • Traceable provider accountability
  • Lessons learned from incidents

A KB provides the evidence base for governance.

E. Skills Scarcity Makes Knowledge Retention Critical

AI, cloud, and data skills are scarce.
If knowledge lives only in people’s heads, the organisation becomes dependent on individuals.
A KB ensures capability survives staff turnover.

3. What Information Must Be Recorded

The Knowledge Base must capture the real system, not the idealised or documented version.
It should include:

A. Architecture & Systems

  • Real‑world system architecture
  • Data flows and integrations
  • Dependencies (technical, business, provider)
  • Known constraints and workarounds
  • Legacy components and technical debt

B. AI‑Specific Knowledge

  • Model selection, training data, and rationale
  • RAG pipelines, vector stores, and orchestration patterns
  • AI behaviour under load, drift patterns, and monitoring
  • AI‑related risks and controls

C. Programme Knowledge

  • Design decisions and rationale
  • Build constraints and compromises
  • Testing results and resilience findings
  • Known issues and mitigations
  • Provider deliverables and responsibilities

D. Incident & Problem‑Solving Knowledge

  • Root cause analyses
  • Hidden dependencies revealed
  • Recovery steps that worked (and those that didn’t)
  • Long‑term fixes and systemic issues
  • Cross‑domain lessons learned

E. Business Process & Operational Knowledge

  • Real‑world workflows
  • Critical business services
  • Operational constraints
  • Business continuity assumptions
  • Impacts of strategic events (M&A, policy changes, major programmes)

F. Governance & Decision‑Making

  • Decision logs
  • Risk assessments
  • Change control outcomes
  • Oversight findings
  • Capability scoring

This is the minimum viable scope for a modern Knowledge Base.

4. The Form the Knowledge Base Should Take

The Knowledge Base must be:

1. Structured

Organised around the three layers:

  • Strategic Events
  • Periodic Planning
  • Operational Lifecycle

And the capability dimensions (strategy, governance, architecture, testing, RCA, providers, etc.).

2. Living

Continuously updated—not a static repository.

3. Cross‑Domain

Accessible to Business, IS/IT, OT, Data, AI, and Providers.

4. Evidence‑Based

Built from real incidents, real architecture, real decisions—not assumptions.

5. Integrated with AI Tools

So that AI can:

  • Analyse patterns
  • Detect drift
  • Identify risks
  • Support decision‑making

6. Governed

Owned jointly by Business and CIO functions, with oversight from the governance group.

5. How the Knowledge Base Will Be Used

A. For Business Executives

  • Understand real‑world architecture and risks
  • Support strategic decisions (M&A, major programmes, investment)
  • Ensure resilience is embedded in business planning
  • Hold providers and internal teams accountable
  • Avoid repeated failures and duplicated effort

B. For the CIO and Technology Leadership

  • Govern AI lifecycle and architecture
  • Manage complexity and reduce technical debt
  • Strengthen change control and testing
  • Improve incident response and RCA
  • Build sustainable, supportable systems

C. For Oversight and Governance

  • Provide evidence for capability scoring
  • Identify systemic risks and cross‑domain issues
  • Ensure decisions are transparent and traceable
  • Monitor provider performance
  • Validate alignment across the three layers

D. For Future Programmes

  • Reduce onboarding time
  • Reuse proven patterns
  • Avoid rediscovering old problems
  • Improve delivery quality and speed

E. For AI Transformation

  • Ensure models are trained on accurate, complete knowledge
  • Support AI‑driven analysis and automation
  • Provide the foundation for safe, governed AI adoption

6. Executive Message

A Knowledge Base is not documentation.
It is a strategic asset that:

  • Preserves institutional memory
  • Reduces risk
  • Strengthens resilience
  • Enables AI transformation
  • Supports governance
  • Improves programme success
  • Prevents repeated failures
  • Ensures architecture reflects reality

Without it, the organisation operates blind—reactive, fragile, and dependent on external memory.
With it, the organisation becomes adaptive, resilient, and future‑ready.

If you’d like, I can also prepare a one‑page version, a PowerPoint slide, or a Knowledge Base template aligned to your three‑layer framework.

Response to creating an executive handout using the Knowledge Base

 


Section 1: Strategic Context

The Challenge

Organisations face simultaneous pressures:

  • Rapid AI-driven disruption
  • Increasing system fragility and hybrid complexity
  • Greater dependency on cloud, data, and external providers
  • Higher frequency and impact of major incidents
  • Strategic shocks (M&A, policy changes, infrastructure failures)

AI amplifies both opportunity and risk.
Resilience must evolve from recovery to future-proofing.
Success requires shared governance across Business and IT.

Section 2: The Three-Layer Holistic Framework

LayerPurpose
Strategic Events LayerGoverns high-impact events (M&A, incidents, policy shifts) that reshape architecture and capability
Periodic Planning LayerAligns strategy through quarterly and annual cycles (AI, BCP, infrastructure, resilience)
Operational Lifecycle LayerEmbeds resilience and AI into daily practice (Strategy → Design → Build → Operate → Review)

Organisations fail when they govern only the operational lifecycle.
They succeed when they govern all three layers together.

Section 3: Executive Responsibilities

Business Executives

  • Champion resilience in business strategy
  • Ensure real-world architecture visibility
  • Support sustainable technology choices
  • Participate in testing, RCA, and capability scoring
  • Preserve institutional knowledge across programmes

CIO & IT Leaders

  • Govern AI lifecycle and architecture
  • Reduce systems complexity and technical debt
  • Strengthen change control and oversight
  • Build maintainable, supportable platforms
  • Integrate AI into resilience and incident response

Section 4: The Role of the Knowledge Base

Why It Matters

Without a living Knowledge Base, the organisation:

  • Loses critical programme and incident knowledge
  • Cannot understand how systems actually work
  • Trains AI on incomplete or inaccurate data
  • Repeats the same failures across programmes
  • Operates blind to real-world architecture and risk

What It Captures

  • Architecture, data flows, dependencies
  • AI models, pipelines, and behaviour
  • Programme decisions, constraints, and testing
  • RCA, incident learnings, provider performance
  • Business processes and strategic impacts

How It’s Used

  • Governance and oversight
  • AI lifecycle management
  • Resilience planning and testing
  • Capability scoring and strategic reviews
  • Future programme acceleration

Section 5: Executive Checklist

ActionOwner
Establish Joint Business & IT Oversight GroupBoard / CEO
Mandate Resilience Strategy in Business & ITBusiness / CIO
Commission Real-World Architecture MappingCIO / Business
Adopt Holistic Lifecycle × Capability MatrixOversight Group
Build and Maintain Living Knowledge BaseCIO / Programme Leads
Align Technology Choices with Skills StrategyCIO / HR / Business
Integrate AI into Resilience PlanningCIO / Risk / Business
Govern External Providers RigorouslyProcurement / CIO / Business

Closing Message

AI transformation is a shared journey.
Resilience is a shared responsibility.
Together, Business and IT must lead through complexity — toward a future-ready horizon.

You are the Group Head of IT Strategy, Innovation and Business Transformation Assurance for an international company. You have decided to set up a group function overseeing Systems Transformation across the group. Given the move towards AI and Industry 4, your initial focus will be on AI Transformation and Resilience. You plan to have a team up and running across the larger businesses, who each have a CIO, within 3 months. This team will report to you. Within 12 months each of the major companies will have its own Oversight team reporting to the CIO. The business units will have a smaller team, focusing on business transformation, who will work alongside the CIO oversight teams. At this point the role of your team will diminish and will focus on maintaining alignment across each of the businesses. Provide a briefing note to the main board, CEOs and CIOs, on how this will be achieved and the benefits to the group.

Here’s a polished, board‑ready briefing note that reflects your updated structure — including the introduction of business‑unit transformation teams, the CIO‑aligned Oversight Teams, and the Group Oversight function transitioning to an alignment role.

It’s written in a tone suitable for main board members, CEOs, and CIOs, and it clearly sets out the rationale, operating model, timeline, and benefits.

BRIEFING NOTE: Establishing Group Oversight for Systems Transformation, AI Governance & Resilience

From: Group Head of IT Strategy, Innovation & Business Transformation Assurance
To: Group Board, CEOs, CIOs
Subject: Group‑wide Oversight Function for Systems Transformation, AI Transformation & Resilience

1. Strategic Context

The Group is entering a period of accelerated transformation driven by:

  • Rapid adoption of AI and Industry 4.0 technologies
  • Increasing system complexity across legacy, hybrid, and modern platforms
  • Rising operational and strategic risk
  • Greater dependency on cloud, data, automation, and external providers
  • The need for consistent governance and capability uplift across all businesses

To ensure the Group remains competitive, resilient, and future‑ready, we are establishing a Group Oversight Function focused initially on AI Transformation and Resilience, expanding over time to cover Systems Transformation more broadly.

This function will ensure that each business unit has the capability, governance, and architectural visibility required to deliver safe, aligned, and resilient transformation.

2. Operating Model Overview

The Oversight model will be implemented in two phases.

Phase 1 — Group Oversight Team (0–3 Months)

Establishing capability across the largest businesses

A central Group Oversight Team will be created and deployed across the Group’s largest businesses — those with established CIO functions.

This team will:

  • Provide independent, cross‑domain oversight of AI transformation and resilience
  • Establish real‑world architecture visibility
  • Introduce resilience and AI governance frameworks
  • Support major programmes, incidents, and strategic reviews
  • Begin capability scoring using the Group’s standardised framework
  • Build the foundations for local Oversight Teams

This team will report directly to the Group Head of IT Strategy, Innovation & Business Transformation Assurance.

Phase 2 — Local Oversight Teams (3–12 Months)

Embedding capability within each major company

Within 12 months, each major company will establish its own CIO‑aligned Oversight Team, responsible for:

  • AI governance
  • Resilience and lifecycle assurance
  • Architecture visibility
  • Change and programme assurance
  • Incident and RCA integration
  • Maintaining the local Knowledge Base

These teams will report to the local CIO, ensuring ownership and accountability sit within each business.

The Group Oversight Team will support setup, training, and capability uplift during this period.

Business‑Unit Transformation Teams (Parallel Development)

Supporting business‑led transformation and working alongside CIO Oversight Teams

Each business unit will also establish a Business Transformation Team, focusing on:

  • Business process transformation
  • Operating model change
  • Adoption of AI and automation
  • Business readiness and benefits realisation

These teams will work alongside the CIO Oversight Teams, ensuring that:

  • Business and IT transformation remain aligned
  • AI and resilience considerations are embedded in business change
  • Strategic decisions are informed by both business and technical perspectives

This creates a dual‑lens governance model:
Business transformation + Technical oversight = Safe, aligned, future‑ready change

Phase 3 — Group Oversight Transition (12+ Months)

Shifting from deployment to alignment and strategic assurance

Once local Oversight Teams are established:

  • The Group Oversight Team will reduce its operational role
  • It will transition to a strategic alignment and assurance function, responsible for:
    • Maintaining Group frameworks, scoring models, and standards
    • Ensuring consistency across businesses
    • Facilitating cross‑business learning and capability uplift
    • Providing assurance for major Group‑level programmes and strategic events
    • Maintaining the Group Knowledge Base
    • Benchmarking maturity across businesses

This ensures long‑term coherence and resilience across the Group.

3. How This Will Be Achieved

A. Standardised Frameworks

All Oversight Teams will use the Group’s frameworks for:

  • AI governance
  • Resilience capability scoring
  • Real‑world architecture mapping
  • Lifecycle assurance
  • Major incident and RCA integration
  • Change and programme assurance
  • Knowledge Base management

B. Shared Tools

Including:

  • The Holistic Lifecycle × Capability Matrix
  • Executive scoring dashboards
  • Architecture visibility templates
  • AI risk and drift monitoring tools
  • Oversight checklists and assurance packs

C. Consistent Governance

Oversight will integrate with existing methods:

  • ITIL (service management)
  • TOGAF (architecture)
  • Agile (delivery)
  • MSP (programme governance)
  • Project management frameworks

D. Capability Uplift

Training, coaching, and joint reviews will ensure local teams reach maturity quickly.

4. Benefits to the Group

A. Stronger AI Governance

  • Safe, aligned, and monitored AI adoption
  • Reduced risk of drift, bias, or unintended behaviour
  • Consistent standards across all businesses

B. Improved Resilience

  • Fewer major incidents
  • Faster recovery and better preparedness
  • Clear visibility of dependencies and risks

C. Better Programme Outcomes

  • Reduced overruns, failures, and rework
  • Stronger assurance for major programmes
  • Early identification of systemic risks

D. Architectural Clarity

  • Real‑world visibility of systems, data, and dependencies
  • Reduced fragility and fewer surprises
  • Better decision‑making and investment planning

E. Group‑Wide Alignment

  • Consistent governance across all businesses
  • Shared learning and knowledge retention
  • Comparable maturity scoring and benchmarking

F. Business Transformation Enablement

  • Business units gain dedicated support for process and operating model change
  • CIO Oversight Teams ensure technical safety and alignment
  • Group Oversight ensures coherence across the entire organisation

5. Board Decision Points

The Board is asked to:

  1. Approve the establishment of the Group Oversight Function
  2. Endorse the deployment of Oversight capability across major businesses within 3 months
  3. Mandate the creation of CIO‑aligned Oversight Teams within 12 months
  4. Support the creation of Business Transformation Teams in each business unit
  5. Adopt the Group’s standardised frameworks for AI governance, resilience, and lifecycle assurance
  6. Require quarterly capability scoring and reporting

If you’d like, I can now prepare a PowerPoint version, a visual operating model, or a CEO/CIO briefing pack that aligns with this note.

Can you create a CEO/CIO briefing pack

Absolutely, David — here is a CEO/CIO briefing pack written in a clean, board‑ready format.
It’s structured exactly the way senior leaders expect: concise, strategic, and focused on clarity of action, accountability, and benefits.

You can drop this straight into PowerPoint or use it as the narrative for a slide deck.

CEO / CIO BRIEFING PACK

Group Oversight Function for Systems Transformation, AI Governance & Resilience

1. Executive Summary

The Group is entering a period of accelerated transformation driven by AI, automation, data‑centric operating models, and Industry 4.0 technologies.
To ensure safe, aligned, and resilient transformation across all businesses, we are establishing a Group Oversight Function with an initial focus on:

  • AI Transformation Governance
  • Resilience & Operational Stability
  • Real‑World Architecture Visibility
  • Systems Transformation Assurance

This function will operate across all major businesses within 3 months, with local Oversight Teams established within 12 months.

2. Why Oversight Is Needed Now

2.1 Rising Complexity

  • Hybrid architectures (legacy + cloud + AI)
  • Increased dependency on external providers
  • Rapid adoption of AI without consistent governance
  • Growing operational fragility and incident frequency

2.2 Strategic Risk

  • AI drift, bias, and unintended behaviour
  • Major incidents exposing unknown dependencies
  • Programme overruns and repeated failures
  • Loss of institutional knowledge

2.3 Group‑Wide Inconsistency

  • Different maturity levels across businesses
  • Fragmented governance
  • Inconsistent architecture visibility
  • Variable resilience capability

Oversight provides the strategic glue that aligns transformation across the Group.

3. Operating Model Overview

Phase 1 — Group Oversight Team (0–3 Months)

Purpose: Rapidly deploy governance capability across the largest businesses.

The Group Oversight Team will:

  • Establish AI governance and resilience frameworks
  • Provide independent assurance across major programmes
  • Map real‑world architecture and dependencies
  • Support incident reviews and RCA
  • Begin capability scoring and maturity benchmarking
  • Build the foundations for local Oversight Teams

Reporting: Directly to Group Head of IT Strategy, Innovation & Business Transformation Assurance.

Phase 2 — Local Oversight Teams (3–12 Months)

Purpose: Embed Oversight capability within each major company.

Each business will establish a CIO‑aligned Oversight Team responsible for:

  • AI governance
  • Resilience and lifecycle assurance
  • Architecture visibility
  • Change and programme assurance
  • Incident and RCA integration
  • Maintaining the local Knowledge Base

Reporting: To the local CIO, with alignment to Group frameworks.

Business‑Unit Transformation Teams (Parallel Development)

Purpose: Support business‑led transformation and work alongside CIO Oversight Teams.

These teams will focus on:

  • Business process transformation
  • Operating model change
  • AI adoption and automation
  • Business readiness and benefits realisation

This creates a dual‑lens governance model:

Business Transformation + Technical Oversight = Safe, aligned, future‑ready change

Phase 3 — Group Oversight Transition (12+ Months)

Purpose: Shift from deployment to strategic alignment.

The Group Oversight Team will:

  • Maintain Group frameworks and standards
  • Benchmark capability maturity across businesses
  • Facilitate cross‑business learning
  • Provide assurance for Group‑level programmes
  • Maintain the Group Knowledge Base
  • Ensure long‑term alignment and coherence

4. Oversight Responsibilities

Oversight Teams will govern across the Three‑Layer Holistic Framework:

1. Strategic Events Layer

  • M&A
  • Major incidents
  • National policy changes
  • Major programmes

2. Periodic Planning Layer

  • Annual and quarterly strategy cycles
  • AI strategy
  • Resilience strategy
  • Architecture and capability reviews

3. Operational Lifecycle Layer

  • Strategy → Design → Build → Operate → Review
  • Change control
  • Testing and resilience validation
  • RCA and learning integration

5. Oversight Tools & Frameworks

5.1 Holistic Lifecycle × Capability Matrix

The core diagnostic tool covering 11 capability dimensions across 5 lifecycle phases.

5.2 Executive Scoring Framework

  • Maturity heatmaps
  • Architecture readiness gauges
  • Strategic risk and strength summaries

5.3 Real‑World Architecture Mapping

  • System dependencies
  • Data flows
  • Provider responsibilities
  • AI model lineage
  • Transitional architecture

5.4 Knowledge Base Framework

A living repository capturing:

  • Programme artefacts
  • Incident learning
  • Architecture updates
  • Strategic reviews

5.5 Oversight Checklists & Templates

  • Strategy assurance
  • Design assurance
  • Build assurance
  • Operational resilience
  • RCA quality
  • Change impact assessment
  • Programme assurance

6. Benefits to the Group

6.1 Strategic Benefits

  • Consistent AI governance across all businesses
  • Reduced strategic risk
  • Improved resilience and operational stability
  • Stronger alignment between business and IT

6.2 Operational Benefits

  • Fewer major incidents
  • Faster recovery and better preparedness
  • Clear visibility of dependencies and risks
  • Improved change control and testing

6.3 Programme & Transformation Benefits

  • Reduced overruns and failures
  • Stronger assurance for major programmes
  • Better business readiness and benefits realisation

6.4 Organisational Benefits

  • Knowledge retention across the Group
  • Shared learning and capability uplift
  • Comparable maturity scoring across businesses
  • Long‑term coherence and strategic alignment

7. Board Decision Points

The Board is asked to:

  1. Approve the establishment of the Group Oversight Function
  2. Endorse deployment across major businesses within 3 months
  3. Mandate creation of CIO‑aligned Oversight Teams within 12 months
  4. Support creation of Business Transformation Teams in each business unit
  5. Adopt Group frameworks for AI governance, resilience, and lifecycle assurance
  6. Require quarterly capability scoring and reporting

If you’d like, I can now turn this into a slide‑by‑slide PowerPoint structure, complete with headings, speaker notes, and visual diagrams.

can you provide a role description pack

Absolutely, David — here is a complete, polished, board‑ready Role Description Pack for the Oversight Teams.
It’s structured so you can drop it straight into job descriptions, onboarding packs, governance papers, or CIO briefings.
It reflects your updated operating model: Group Oversight → CIO Oversight Teams → Business‑Unit Transformation Teams.

ROLE DESCRIPTION PACK — OVERSIGHT FUNCTION

AI Transformation • Resilience • Architecture • Systems Governance • Strategic Assurance

1. PURPOSE OF THE OVERSIGHT FUNCTION

The Oversight Function exists to ensure that AI transformation, resilience, and systems change are governed consistently and safely across the Group.

It provides:

  • Independent, cross‑domain assurance
  • Real‑world architecture visibility
  • Resilience and AI governance
  • Strategic alignment across business and IT
  • Knowledge retention and organisational learning
  • Support for major programmes, incidents, and strategic events

Oversight does not replace CIO or delivery functions — it strengthens them by providing strategic governance and cross‑business alignment.

2. OVERSIGHT TEAM STRUCTURE

Each major business will ultimately have:

A. CIO‑Aligned Oversight Team

Focused on technical governance, resilience, AI, architecture, and lifecycle assurance.

B. Business‑Unit Transformation Team

Focused on business process change, operating model transformation, and benefits realisation.

C. Group Oversight Team

Initially hands‑on; later transitions to alignment, benchmarking, and strategic assurance.

3. ROLE DESCRIPTIONS

Below are the recommended roles for each Oversight Team.
Smaller businesses may combine roles; larger ones may expand them.

3.1 Oversight Lead (Head of Oversight)

Reports to: Local CIO (dotted line to Group Oversight)
Purpose: Lead the Oversight function and ensure alignment with Group frameworks.

Key Responsibilities

  • Own the Oversight agenda for the business unit
  • Govern across the three layers: Strategic Events, Periodic Planning, Operational Lifecycle
  • Lead capability scoring and quarterly reporting
  • Oversee AI governance, resilience posture, and architecture visibility
  • Act as the primary liaison with Group Oversight
  • Ensure Oversight findings influence strategy, programmes, and operations
  • Support major incidents, strategic reviews, and programme assurance

Skills & Experience

  • Senior architecture, resilience, or programme assurance background
  • Ability to challenge constructively and influence senior leaders
  • Experience with AI governance or complex hybrid environments

3.2 Resilience & AI Governance Manager

Purpose: Ensure resilience and AI governance are embedded across lifecycle phases.

Key Responsibilities

  • Maintain resilience strategy and AI governance frameworks
  • Monitor AI behaviour, drift, and risk
  • Ensure resilience requirements are included in design and build
  • Review major incidents and ensure systemic RCA
  • Track resilience maturity and capability uplift
  • Support business‑unit transformation teams on AI adoption

Skills & Experience

  • Understanding of AI systems, risk, and governance
  • Strong analytical and problem‑solving skills
  • Experience with incident management and RCA

3.3 Architecture & Real‑World Visibility Lead

Purpose: Maintain real‑world architecture visibility and identify systemic risks.

Key Responsibilities

  • Maintain high‑level maps of systems, data flows, dependencies, and providers
  • Identify architectural drift and hybrid complexity
  • Validate transitional architectures for major programmes
  • Ensure architecture reflects real behaviour, not documentation alone
  • Support change impact assessments
  • Work closely with business‑unit transformation teams to align business and technical change

Skills & Experience

  • Strong architecture background (TOGAF or equivalent)
  • Ability to translate complex systems into clear insights

3.4 Change, Programme & Risk Assurance Manager

Purpose: Provide assurance across major programmes, change portfolios, and risk.

Key Responsibilities

  • Review major changes for cross‑domain impact
  • Ensure rollback, failover, and resilience testing
  • Provide assurance for major programmes (AI, cloud, migrations, M&A)
  • Track strategic risks and ensure integration with incidents
  • Ensure lessons learned feed into planning cycles
  • Support business‑unit transformation teams on programme readiness

Skills & Experience

  • Experience in MSP, PRINCE2, or programme assurance
  • Strong understanding of risk, change control, and resilience

3.5 Knowledge Base & Learning Lead

Purpose: Maintain the living Knowledge Base and prevent knowledge loss.

Key Responsibilities

  • Capture learning from incidents, programmes, and strategic reviews
  • Maintain architecture, process, and dependency knowledge
  • Ensure knowledge is accessible across business and IT
  • Support AI‑driven analysis and insight generation
  • Maintain alignment with Group Knowledge Base
  • Ensure business‑unit transformation teams contribute to knowledge capture

Skills & Experience

  • Strong documentation, analysis, and knowledge management skills
  • Ability to work across business and IT domains

4. RESPONSIBILITIES SHARED BY ALL OVERSIGHT ROLES

4.1 Governance Across the Three Layers

  • Strategic Events
  • Periodic Planning
  • Operational Lifecycle

4.2 Capability Scoring

Using the Group’s scoring framework to assess:

  • Resilience maturity
  • AI governance maturity
  • Architecture visibility
  • Provider governance
  • Testing and RCA capability

4.3 Real‑World Architecture Visibility

Ensuring architecture reflects reality, not assumptions.

4.4 Incident & RCA Integration

Ensuring systemic issues are identified and fixed.

4.5 Change & Programme Assurance

Ensuring resilience and AI governance are embedded in delivery.

4.6 Knowledge Retention

Ensuring the organisation does not lose critical knowledge.

5. OVERSIGHT TOOLS & FRAMEWORKS

Oversight Teams will use a standardised toolkit across the Group:

5.1 Holistic Lifecycle × Capability Matrix

The core diagnostic tool covering:

  • 11 capability dimensions
  • 5 lifecycle phases
  • 3 governance layers

5.2 Executive Scoring Framework

  • Maturity heatmaps
  • Architecture readiness gauges
  • Strategic risk and strength summaries

5.3 Real‑World Architecture Mapping Tools

  • System dependency maps
  • Data flow diagrams
  • Provider responsibility maps
  • AI component lineage maps
  • Transitional architecture maps

5.4 Knowledge Base Framework

A living repository capturing:

  • Programme artefacts
  • Incident learning
  • Architecture updates
  • Strategic reviews
  • Testing outcomes

5.5 Oversight Checklists & Templates

  • Strategy assurance
  • Design assurance
  • Build assurance
  • Operational resilience
  • RCA quality
  • Change impact assessment
  • Programme assurance

5.6 Integration with Existing Methods

Oversight governs across:

  • ITIL
  • TOGAF
  • Agile
  • MSP
  • Project Management

6. SUCCESS MEASURES

Oversight Teams will be evaluated on:

  • Reduction in major incidents and systemic failures
  • Improved resilience and AI governance maturity
  • Increased architecture visibility
  • Improved programme delivery outcomes
  • Faster decision cycles and better strategic alignment
  • Knowledge retention and reduced re‑learning
  • Group‑wide consistency and capability uplift

If you’d like, I can now prepare a 30‑60‑90 day plan for Oversight Teams, or a slide‑ready version of this pack for your CEO/CIO briefing.

What tools would the Oversight teams use for the major company scenario. What would they look like and how would you use them

Here you go, David — a major‑company version of the Oversight toolkit, written so it’s practical, operational, and directly usable by CIO‑aligned Oversight Teams.
I’ve broken it down into six tool categories, and for each one I explain:

  • What the tool is
  • What it looks like (the artefact or format)
  • How Oversight uses it in day‑to‑day governance

This aligns tightly with your Knowledge Base, the three‑layer framework, and the Lifecycle × Capability Matrix.

OVERSIGHT TOOLKIT FOR A MAJOR COMPANY

AI Transformation • Resilience • Architecture • Systems Governance

Oversight Teams in a major company need a structured, repeatable, evidence‑based toolkit that gives them visibility, authority, and consistency across programmes, incidents, and lifecycle phases.

Below is the full toolkit.

1. Lifecycle Governance Tools

1.1 Lifecycle Assurance Checklists

What it is

A set of structured checklists aligned to the five lifecycle phases:

  • Strategy
  • Design
  • Build
  • Operate
  • Review

What it looks like

A one‑page checklist per phase with sections for:

  • Resilience requirements
  • AI governance controls
  • Architecture alignment
  • Testing and failover
  • Provider responsibilities
  • Risk and dependency analysis

How Oversight uses it

  • Applied at every major programme milestone
  • Used to approve or challenge progression to the next phase
  • Ensures resilience and AI governance are embedded early, not bolted on

1.2 Oversight Review Template

What it is

A standardised template capturing the outcome of any Oversight review.

What it looks like

A short document with:

  • Summary of what was reviewed
  • Key risks and issues
  • Required actions
  • RAG status
  • Escalations
  • Owners and deadlines

How Oversight uses it

  • Completed after each review
  • Shared with CIO, programme leads, and business transformation leads
  • Forms the audit trail for governance

2. Architecture & Visibility Tools

2.1 Real‑World Architecture Maps

What they are

High‑level diagrams showing how systems actually behave.

What they look like

Visual maps showing:

  • Systems and services
  • Data flows
  • Dependencies
  • External providers
  • AI components
  • Failure points

How Oversight uses them

  • Identify fragility and unknown dependencies
  • Validate design proposals
  • Support incident RCA
  • Inform change impact assessments
  • Provide visibility to executives

2.2 Dependency & Failure Mode Mapping

What it is

A visual representation of upstream/downstream dependencies and failure modes.

What it looks like

A diagram with:

  • Critical paths
  • Single points of failure
  • Provider responsibilities
  • AI model dependencies
  • Risk heat‑zones

How Oversight uses it

  • Predict where incidents will occur
  • Prioritise resilience investment
  • Support M&A, cloud migration, and major programme planning

3. AI Governance Tools

3.1 AI Risk & Drift Monitoring Dashboard

What it is

A simple dashboard tracking AI system behaviour.

What it looks like

A monthly or quarterly dashboard showing:

  • Model drift
  • Data quality issues
  • Bias indicators
  • Performance degradation
  • Human‑in‑the‑loop controls
  • Incident or anomaly logs

How Oversight uses it

  • Review AI systems regularly
  • Identify risks early
  • Ensure business teams understand limitations
  • Trigger deeper investigation when needed

3.2 AI Use‑Case Assessment Template

What it is

A structured assessment for any new AI initiative.

What it looks like

A form covering:

  • Purpose and expected benefits
  • Data sources
  • Risks and controls
  • Ethical considerations
  • Resilience requirements
  • Monitoring and governance plan

How Oversight uses it

  • Approves or challenges AI initiatives before they start
  • Ensures AI is aligned with business strategy and resilience posture

4. Resilience & Incident Tools

4.1 Major Incident Review Pack

What it is

A structured pack for analysing major incidents.

What it looks like

A template capturing:

  • Timeline
  • Root causes
  • Contributing factors
  • Provider performance
  • Architecture failures
  • Business impact
  • Required actions
  • Systemic issues

How Oversight uses it

  • Ensures RCA is cross‑domain, not just technical
  • Identifies systemic issues
  • Feeds learning into strategy, design, and planning

4.2 Resilience Capability Scoring Model

What it is

A maturity model aligned to your 11 capability dimensions.

What it looks like

A matrix scoring each dimension from Level 1 (Ad Hoc) to Level 5 (Optimised).

How Oversight uses it

  • Quarterly scoring
  • Identifies capability gaps
  • Tracks improvement over time
  • Provides evidence for investment decisions

5. Change & Programme Assurance Tools

5.1 Change Impact Assessment

What it is

A structured assessment for major changes.

What it looks like

A form covering:

  • Business impact
  • Technical impact
  • Resilience impact
  • AI impact
  • Provider impact
  • Testing and rollback readiness

How Oversight uses it

  • Reviews major changes before approval
  • Ensures resilience and AI governance are considered
  • Prevents high‑risk changes from bypassing governance

5.2 Programme Assurance Framework

What it is

A set of criteria for assessing major programmes.

What it looks like

A checklist or scorecard covering:

  • Architecture alignment
  • Resilience readiness
  • AI governance
  • Testing completeness
  • Business readiness
  • Provider performance

How Oversight uses it

  • Applied at programme start, design, pre‑go‑live, and post‑go‑live
  • Provides independent assurance to CIO and executives

6. Knowledge & Learning Tools

6.1 Knowledge Base Framework

What it is

A structured repository capturing critical knowledge.

What it looks like

A simple, searchable structure containing:

  • Architecture maps
  • Incident learning
  • Programme artefacts
  • Design decisions
  • Provider responsibilities
  • AI model lineage

How Oversight uses it

  • Prevents knowledge loss
  • Supports onboarding
  • Enables AI‑driven analysis
  • Provides evidence for governance

6.2 Learning Loop Templates

What they are

Short templates capturing learning from incidents, programmes, and strategic events.

What they look like

A one‑page template with:

  • What happened
  • What we learned
  • What we changed
  • What we still need to fix

How Oversight uses them

  • Ensures learning is fed into planning cycles
  • Supports continuous improvement
  • Strengthens resilience and governance maturity

How Oversight Uses the Toolkit Day‑to‑Day

Oversight teams use these tools to:

  • Review programmes and changes
  • Support business transformation teams
  • Govern AI initiatives
  • Analyse incidents
  • Maintain architecture visibility
  • Score capability maturity
  • Provide evidence‑based recommendations
  • Ensure alignment across business and IT

The toolkit ensures Oversight is:

  • Consistent
  • Repeatable
  • Evidence‑driven
  • Business‑aligned
  • Scalable across companies

If you want, I can now create a visual operating model showing how these tools fit together, or a RACI matrix showing who uses which tools and when.

we have developed a Group Oversight function for Resilience and AI Transformation for a major company with a number of businesses. We now want to consider how this model can be used for individual businesses of different sizes and in different sectors. Oversight should be appropriate for the business or enterprise. However, rather than simply reducing the role of oversight there are two approaches that are recommended. The first is to consolidate roles, so that individuals take on more than one role. The Group role should also be considered as, for larger companies, its function could be integrated within the CIO Oversight role. Another approach is to federate a number of the roles. In this case business units and IT units would undertake oversight under the direction of the oversight group. A federated approach would work well if the individuals involved take an independent approach. It would have the advantage of embedding oversight into the fabric of the organisation. Can you provide a briefing for CEOs and CIOs on this.

Here’s a refined version of the briefing — rewritten for standalone companies, not part of a group — while keeping the core message:
the Oversight model and best practices developed for major enterprises can be scaled and adapted for organisations of any size or sector.

It’s written in a CEO/CIO‑friendly tone, suitable for a strategy paper, board pack, or transformation briefing.

BRIEFING NOTE: Applying Enterprise‑Grade Oversight to Organisations of Any Size

Resilience • AI Transformation • Architecture • Governance

1. Purpose of This Briefing

Many of the Oversight principles and best practices used by major enterprises can be applied — in a proportionate, practical way — to organisations of any size and in any sector.

This briefing outlines how individual companies can adopt a right‑sized Oversight model for Resilience and AI Transformation, using two recommended approaches:

  • Role Consolidation
  • Federated Oversight

The goal is not to shrink Oversight, but to scale it intelligently so that it strengthens governance, resilience, and AI readiness without unnecessary overhead.

2. Oversight Should Be Proportionate — Not Reduced

Smaller or mid‑sized organisations often assume that enterprise‑grade Oversight is “too big” or “too heavy”.

In reality:

  • The standards should remain high
  • The structure should be adapted
  • The capability should be preserved
  • The approach should be right‑sized

Oversight is not bureaucracy — it is a strategic safeguard that protects the organisation from fragility, AI risk, architectural drift, and repeated failures.

3. Approach 1 — Consolidated Oversight Roles

One person, multiple responsibilities — without losing independence

In smaller organisations, it is entirely appropriate to combine Oversight responsibilities into fewer roles.

Examples of Consolidation

  • Resilience + AI Governance
  • Architecture + Change Assurance
  • Knowledge Base + RCA & Learning
  • Oversight Lead + Transformation Governance

This preserves the full Oversight capability while keeping the structure lean.

Benefits

  • Maintains enterprise‑grade governance with fewer people
  • Reduces cost and organisational complexity
  • Ensures accountability and continuity
  • Works well where the CIO or COO already has broad responsibilities

Key Principle

You consolidate roles, not standards.

4. Approach 2 — Federated Oversight Model

Oversight embedded across business and IT teams

A federated model distributes Oversight responsibilities across existing teams, while maintaining a central point of coordination.

How Federation Works

  • Business units and IT teams perform Oversight activities
  • They follow a shared set of standards, templates, and assurance processes
  • A central Oversight Lead provides:
    • Direction
    • Frameworks
    • Training
    • Independent review
  • Local teams provide:
    • Real‑world insight
    • Operational context
    • Embedded governance

Critical Success Factor

Federation only works when individuals adopt an independent, cross‑domain mindset, not a siloed one.

Benefits

  • Embeds Oversight into day‑to‑day operations
  • Builds capability across the organisation
  • Improves early detection of risks and architectural drift
  • Reduces reliance on a single Oversight specialist
  • Scales naturally across different sectors and operating models

This approach is particularly effective in:

  • Operationally distributed organisations
  • Highly specialised sectors
  • Companies with strong business ownership of processes

5. Choosing the Right Model for Your Organisation

Organisation TypeRecommended Oversight ModelWhy It Works
Large standalone enterpriseFull Oversight function (possibly consolidated)Matches complexity; supports major programmes
Mid‑sized companyConsolidated rolesEfficient, cost‑effective, maintains capability
Specialist or regulated sectorFederated OversightLeverages deep domain expertise
Operationally distributed businessFederated Oversight + central coordinationEnsures consistency across sites
Small organisationConsolidated roles + light federationKeeps governance proportionate but effective

6. What Stays the Same Across All Models

Regardless of size or sector, every organisation should retain:

  • AI governance and drift monitoring
  • Resilience assurance across the lifecycle
  • Architecture visibility and dependency mapping
  • Change and programme assurance
  • Major incident learning and RCA
  • Capability scoring using a structured matrix
  • A maintained Knowledge Base

These are the foundations of safe, aligned, future‑ready transformation.

7. What CEOs and CIOs Need to Do Next

  1. Assess organisational size, complexity, and maturity
  2. Select the appropriate Oversight model
  3. Nominate Oversight leads and federated participants
  4. Adopt the Oversight frameworks and tools
  5. Embed Oversight into governance and transformation processes
  6. Review capability maturity quarterly

8. Strategic Message for CEOs and CIOs

Enterprise‑grade Oversight is not just for large corporations.
It is a scalable discipline that strengthens:

  • Resilience
  • AI readiness
  • Architectural clarity
  • Programme success
  • Operational stability
  • Decision‑making
  • Knowledge retention

By adapting the model through role consolidation or federation, any organisation — regardless of size or sector — can embed Oversight into its fabric and operate with the same confidence and capability as major enterprises.

If you’d like, I can also prepare a one‑page version, a decision tree, or a visual diagram comparing the two models.