A target operating model in four layers. Click any box to drill down. The framework Andrew Wyatt uses with growth-stage CEOs to prepare for scale, board readiness, and AI deployment. Built across multiple executive operating roles, including as Chief Operating Officer at Lumeon.
| ID | Risk | Causes | Existing controls | Initial | Mitigation | Owner | Status | Mitigated | ALARP |
|---|---|---|---|---|---|---|---|---|---|
| 01 | Annual plan obsolete by Q2 | Market shifts, no replan trigger | Annual Board review | H · P · 9 | Quarterly plan refresh; trigger-based replan | CEO | In progress | H · L · 6 | ALARP pending |
| 02 | Board approval lags into operating quarter | Calendar misalignment with year-end | Quarterly Board meetings | M · P · 6 | Pre-circulate plan four weeks before vote | CEO | Open | M · R · 3 | Yes |
| 03 | Cascade fails to reach operational level | Translation gap from Exec to Department | Quarterly Exec cadence | M · P · 6 | OKR cascade tool; Department review with CEO | Exec Team | Open | M · R · 3 | Yes |
| 04 | KPIs misaligned with strategic objectives | Bottom-up KPI design without ratification | Board KPI review | M · L · 6 | Top-down KPI framework; Board ratification | CEO | Open | L · L · 3 | Yes |
| ID | Risk | Causes | Existing controls | Initial | Mitigation | Owner | Status | Mitigated | ALARP |
|---|---|---|---|---|---|---|---|---|---|
| 01 | Triage lag exceeds 24h SLA on a Sev 1 | Single-channel paging, no on-call rota | Inbound monitoring; pager-duty integration | M · L · 6 | Two-person standby rota; multi-channel paging | CS Manager | Open | M · R · 3 | Yes |
| 02 | Incident team cannot convene inside SLA window | No predefined roster; meeting scheduling friction | Slack channel pre-created | H · P · 9 | Standby roster, pre-booked recurring war room, fallback comms protocol | Incident Owner | In progress | H · R · 6 | ALARP pending |
| 03 | Improper severity classification routes incident to wrong path | Severity matrix not codified; one-reviewer policy | Internal training; matrix in playbook | M · P · 6 | Two-reviewer policy on Sev 1-2 classification; decision matrix in tool | Incident Owner | Open | M · R · 3 | Yes |
| 04 | Customer comms sent without legal review on a Sev 1-2 | SLA pressure; legal review bottleneck | Standard template requires legal sign-off | H · P · 9 | Pre-approved template library for top scenarios; named legal on-call | Legal | Open | H · R · 6 | ALARP pending |
| ID | Risk | Causes | Existing controls | Initial | Mitigation | Owner | Status | Mitigated | ALARP |
|---|---|---|---|---|---|---|---|---|---|
| 01 | EOL announced without viable migration path | Rushed decision; no migration product | EOL playbook | H · P · 9 | Migration plan required as gate to EOL announcement | Product | In progress | H · R · 6 | ALARP pending |
| 02 | Customers in long-term contracts unable to migrate by EOL | Contract terms mismatched to EOL timeline | Pre-EOL legal review | H · P · 9 | Per-contract review twelve months pre-EOL | CS Manager | Open | H · R · 6 | ALARP pending |
| 03 | Data migration failures during transition | Schema differences; tooling gaps | Manual migration support | M · L · 6 | Automated migration tools; dry-run pilots | Eng Lead | Open | M · R · 3 | Yes |
| 04 | Reputational impact from forced sunset | Communication missteps; surprise | Standard EOL comms template | M · P · 6 | Customer Advisory Board notification twelve months out | CS Manager | Open | L · R · 2 | Yes |
| ID | Risk | Causes | Existing controls | Initial | Mitigation | Owner | Status | Mitigated | ALARP |
|---|---|---|---|---|---|---|---|---|---|
| 01 | Detection lag — incident undetected for over 24h | Insufficient monitoring; alert fatigue | SIEM tool; on-call rota | H · P · 9 | Tuned alerting; quarterly detection drills | CISO | In progress | H · L · 6 | ALARP pending |
| 02 | Investigation blocked by insufficient logging | Logs not retained; aggressive rotation | 30-day retention policy | M · P · 6 | Twelve-month log retention for critical systems | CISO | Open | M · R · 3 | Yes |
| 03 | Regulatory disclosure missed (GDPR 72h) | Unclear breach criteria; legal not looped early | Breach checklist | H · P · 9 | Standing legal partner; pre-approved disclosure templates | Legal | Open | H · R · 6 | ALARP pending |
| 04 | Slow response due to absence of playbook | Ad hoc handling; no named owner | Generic IT incident process | M · L · 6 | Security-specific playbook with named owners | CISO | Open | L · L · 3 | Yes |
How a growth-stage SaaS business might equip each layer in 2026, with AI tooling integrated into the operating model rather than bolted on the side. Named tools are representative, not exhaustive. The principle is one platform per layer where possible, with AI woven through.
// One platform per layer where the volume justifies it. AI tools chosen for the tasks that are narrow, codified, and rule-tolerant. Strategic and regulated work stays human-owned.
Two artefacts to run this with your team. The whitepaper explains the framework. The Claude prompt runs the diagnostic conversationally, twenty questions with an operator's voice, and returns a scored assessment at the end.
The framework in twenty-four pages. Four operating components, the diagnostic in full, three cross-industry worked examples, and where the model does not apply.
Download PDF→Paste the prompt into Claude or ChatGPT. Twenty questions, one at a time, with hedging pushed back. Component and total scores at the end. Thirty minutes to run.
Copy the prompt→An interactive three-level target operating model for growth-stage B2B SaaS, with risk and AI-readiness overlays. Click any layer to expand its sub-components, then any sub-component to see the underlying processes. The tool exists so a CEO or Chair can point at the specific component that is under-built rather than talking about the "operating model" as a shape.
CEOs, chairs and PE operating partners preparing a board pack, running a first-hundred-days review, or scoping a commercial diagnostic. The tool is a reference, not a scoring diagnostic. It gives a shared vocabulary for what a complete operating model actually looks like at growth stage.
Management (governance, strategy and board rhythm). Commercial (go-to-market, product, marketing, sales, customer success). Delivery (implementation, professional services, support, operations). Each level has its own components and sub-processes, and each level has a different owner in a mature growth-stage business.
Risk maps each component to a health signal (healthy, watch, hot) that surfaces where growth-stage businesses typically break. AI-readiness maps each component to a treatment (human-led, augmented, automatable) that surfaces where AI actually changes the operating model, and where it does not.
The TOM tool itself is a visual reference. The scored companion is the Five-Foundation Diagnostic which grades a business against five foundations of scalable B2B SaaS on a traffic-light basis. If the goal is a numeric read, use that. If the goal is a shared picture of what a complete operating model contains, use this.
No. The tool is free and browser-based. There is no signup, no lead form and no gate. The whitepaper and Claude prompt that accompany the tool are also free and require no email.
Use the tool as the reference during the next board discussion of the operating model. Point at the specific component that is under-built or hot on the risk overlay. Then run the Five-Foundation Diagnostic to get a scored read, and the whitepaper for depth on any one component.
For a board, advisory or fractional engagement, or a working call on the next stage, email directly. Thirty minutes is usually enough to test fit.
Book a 30-minute intro call