The hidden work behind AI transformation

AI transformation is our term for the work of making an organisation understandable enough that AI can help with real work.

This is a deliberately narrow use of the phrase. It is not a claim that every AI programme must rebuild the whole company. It is a claim that serious operational use needs more than model access.

That definition is deliberately practical. It does not start with the model. It starts with the organisation: where work happens, where evidence lives, who owns decisions, which systems are authoritative, what a user or agent is allowed to see, and when software should stop for review.

In that sense, AI transformation depends on organisational context.

Most AI programmes look more contained from the outside than they are from the inside. A team can buy access to a capable model quickly. It can run pilots, produce summaries, draft emails, and connect a few tools. The harder part is making the operating environment legible. Without that work, AI remains a general assistant pointed at unclear context.

AI Transformation As Organisational Legibility

Organisational legibility means the live state of work can be read by people and software.

In this article, we use the term to mean something specific: workflows, sources, permissions, owners, review points, and automation boundaries are explicit enough that an AI system can retrieve the right context, use the right tools, and stay inside the right limits.

This is close to governance, but not identical to it. Governance says who is accountable and what rules apply. Legibility turns those rules into operating structure. It makes the organisation inspectable at the level where work actually moves.

NIST's AI Risk Management Framework treats AI risk management as a socio-technical practice, not just a model-quality exercise. It says AI systems are shaped by their technical design, their users, and the social context in which they are deployed, and it organises risk work around governance, mapping, measurement, and management ^{1NIST: Artificial Intelligence Risk Management Framework 1.0}. That is the right starting point for transformation: before AI can act safely, the organisation has to understand the context in which action would happen.

From model access to operating context

The common mistake is to treat AI transformation as access to a smarter interface. The organisation gives employees a model, connects it to a document store, and expects productivity to follow.

That can help with personal work, but it does not transform the operating system of the organisation. The difficult questions remain:

• Which source is authoritative when systems disagree?
• Which role can see client, employee, matter, finance, or vendor information?
• Who owns the next step when a workflow crosses departments?
• What evidence supports a recommendation?
• Which actions can be automated, prepared, or only suggested?
• Where does review happen before a system writes back to a record?

These are not minor implementation details. They are the work.

Why The Problem Exists

Modern organisations are software-rich but context-poor.

Business intelligence can collect, manage, and analyse data for decisions ^{4IBM: What is business intelligence?}. Workflow automation can replace manual tasks with software that executes part or all of a process ^{3IBM: What is workflow automation?}. Both are useful. Neither automatically explains the operating meaning of a document, task, meeting note, renewal, approval, exception, or client commitment.

Work spreads across systems because each system has a local purpose. The CRM holds accounts. The finance tool holds spend. The document system holds files. The task board holds assignments. The inbox holds informal decisions. The calendar holds commitments. The meeting transcript holds context that never becomes a field.

Humans bridge those gaps through memory, habit, and judgment. AI does not inherit that tacit operating knowledge. If the context is not represented, the model has to guess, overgeneralise, or ask the user to reconstruct the organisation inside the prompt.

AI exposes unclear ownership

AI makes ownership gaps visible. If a person asks an agent to prepare a client update, the agent needs to know the relevant project, current status, promises made, risks, source documents, tone, reviewer, and approval rule. If no system knows those relationships, the agent can still write fluent text. It just cannot know whether the text is responsible.

Anthropic's guidance on building agents distinguishes predefined workflows from more autonomous agents that dynamically direct their own tool use. It also stresses ground truth from the environment, checkpoints, stopping conditions, and clear tool interfaces for reliable agentic work ^{2Anthropic: Building effective agents}. Those requirements sound technical, but they depend on organisational structure: the system needs a reliable environment to observe.

The Practical Approach

The practical approach is to build an operating layer before expecting deep automation.

That layer does not have to be one large system. It can begin as a structured model of the work area: what objects matter, how they relate, who owns them, which sources feed them, what permissions apply, and what actions are possible.

The organisation needs deliberate ways for operational signals to enter the system: documents, emails, meeting notes, forms, calendars, tickets, finance records, case systems, databases, and user updates. That should not mean indiscriminate collection. Each signal needs source type, source owner, permission, date, related work, and confidence. A stale policy, draft contract, approved board minute, and informal Slack message should not be treated as equal facts.

The material then has to be structured into concepts the organisation actually uses: client, matter, vendor, owner, approval, risk, renewal, obligation, evidence, task, deadline, review, and exception. It also needs deduplication, normalisation, permissioning, lineage, and reconciliation. If two tools describe the same client differently, the operating layer needs a way to represent the difference rather than hide it.

The resulting state must live somewhere durable and queryable: databases, indexes, document stores, knowledge graphs, vector stores, workflow logs, and audit records.

NIST SP 800-53 frames security and privacy controls as flexible and customisable controls used in an organisation-wide risk process, with control families including access control and audit and accountability ^{5NIST: SP 800-53 Rev. 5 Security and Privacy Controls}. For AI transformation, those ideas matter because the operating layer must remember not just content, but authority: who can see it, who changed it, and why the system used it.

People and agents then need controlled ways to interact with the state: search, summaries, APIs, editors, queues, review screens, approval flows, and write-back tools.

Retrieval without tools leaves AI as an adviser. Tools without governance create risk. The useful layer combines both: the system can find the relevant context, prepare work, route it, and record what happened.

What This Is Not

This is not a claim that every workflow should be automated.

Some work should remain human because it involves judgment, relationship risk, professional responsibility, sensitivity, or incomplete evidence. Some work should be prepared by AI but reviewed by an accountable owner. Some work should be automated because the conditions are stable and the consequences are low. The point of legibility is to know the difference.

This is also not a claim that companies need a heavy transformation programme before using AI. Small teams can get value from focused tools, retrieval, templates, and narrow automations. The legibility problem becomes urgent when AI is expected to operate across systems, users, permissions, clients, money, compliance, or external commitments.

ISO/IEC 42001 describes an AI management system standard for organisations that provide or use AI systems ^{6ISO: ISO/IEC 42001 AI management systems}. Whether or not a team adopts that standard formally, the direction is useful: AI should be managed through responsibilities, objectives, controls, evaluation, and continual improvement, not through enthusiasm alone.

What This Looks Like In Practice

Client services

A client-services agent should not draft updates only from a prompt. It needs the current project state, agreed scope, latest deliverables, open risks, prior commitments, client preferences, and review owner. The hidden work is connecting those records before the draft is generated.

Operations

An operations workflow may look contained from the outside: route exceptions to the right person. But routing requires a model of exception type, severity, customer impact, service-level deadline, owner, backup owner, and escalation rule. AI can help classify and prepare the route only when those boundaries exist.

Leadership reporting

A leadership summary is useful only if it can distinguish facts from interpretation. The system needs source links, date stamps, open assumptions, missing data, and changes since the last review. Otherwise AI produces a plausible narrative without enough evidence.

Internal automation

A renewal reminder can be automated. A vendor cancellation may require finance approval, legal review, operational handover, and client-risk checks. The difference is not in the model. It is in the operating context.

The Conclusion

The hidden work behind AI transformation is making the organisation legible.

That means mapping how work really moves, where reliable sources live, who owns decisions, which permissions apply, where review happens, and what automation is allowed to do. Models matter, but they are not the whole transformation. The organisation has to become readable enough for the model to be useful.

The most credible AI programmes will therefore look less like sudden automation and more like disciplined operating design. They will turn scattered context into structured state, expose uncertainty instead of hiding it, and give agents controlled tools rather than vague authority.

AI transformation is not the replacement of organisational work. It is the work of making the organisation understandable enough that people and software can act with context.

Sources

1. NIST: Artificial Intelligence Risk Management Framework 1.0
2. Anthropic: Building effective agents
3. IBM: What is workflow automation?
4. IBM: What is business intelligence?
5. NIST: SP 800-53 Rev. 5 Security and Privacy Controls
6. ISO: ISO/IEC 42001 AI management systems