From time to time, organizations ask me to use a traditional Capability Maturity Model (CMM) to evaluate their organizational maturity from the perspective of Data Governance. With this article I will align a known capability model with several aspects of data governance.
The following statement comes from Wikipedia, “The Capability Maturity Model, a registered service mark of Carnegie Mellon University (CMU), is a development model created after a study of data collected from organizations that contracted with the U.S. Department of Defense. This model became the foundation from which Carnegie Mellon created the Software Engineering Institute (SEI). The term ‘maturity’ relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined steps, to managed result metrics, to active optimization of the processes.”
“The term ‘maturity’ relates to the degree of formality and optimization of processes,
from ad-hoc practices, to formally defined steps, to managed result metrics,
to active optimization of the processes.”
When the model is applied to an existing organization’s software-development processes, it allows an effective approach toward improving these processes.
When the model is applied to the process and structure of governing data, it can also be used to improve the processes and structures.
Over time it became clear that the model can be applied to many other processes as well. This gave rise to a more general concept, described in this article, that is applied to many areas of business. Many companies that are in the process of planning their Data Governance evolution in a systematic fashion are making use of Data Governance Maturity Models to control change by determining what level is appropriate for their business and use of technology – and how and when to move from one level to the next. Each stage requires certain investment, primarily in the use of internal resources. The rewards from a Data Governance Program increase while risks decrease as the organization proceeds through each level.
Level 1 – Initial Level
It is characteristic of processes at this level that they are (typically) undocumented and in a state of dynamic change, tending to be driven in an ad-hoc, uncontrolled, and reactive manner by users or events. This provides a chaotic or unstable environment for the processes. The level 1 organization has no strict rules or procedures regarding data governance. Data may exist in multiple files and databases; using multiple formats (known and unknown); and stored redundantly across multiple systems (by different names and using different data types). There is no apparent method to the madness and few, if any, attempts have been made to catalog what exists.
Reports are developed “on the fly” as they are requested by Business Units. The quality of data in a level 1 organization depends on the skills of the technical IT analysts and developers. A level 1 organization will take on monumental tasks with little knowledge of their impact causing project cancellations, or even worse, completed package implementations and updates with severely corrupted data and/or invalid reports. As a rough estimate, approximately 30% to 50% of organizations operate at Level 1.
Level 2 – Repeatable Level
It is characteristic of some processes at this level to be repeatable, possibly with consistent results. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress. To move from level 1 to level 2, an organization must begin to adhere to data governance best practices. The best practices (typically) define four to six practices upon which the Data Governance Action Plan has been built. For more information about Data Governance Best Practices, please visit this article. Although level 2 organizations follow some sort of governance program, they usually have yet to institutionalize the program. Instead, these organizations’ plans rely on a central person or group to understand the issues and implement the data governance reliably and consistently. This will manifest itself by the creation of the Data Governance Team function.
Approximately 15% to 20% of organizations operate at Level 2. Upon successful implementation of a Data Governance Launch, and the ability to repeat these same steps for future Data Governance Launch-like activities, the organization will be well on their way to becoming a level 2 organization.
Level 3 – Defined Level
It is characteristic of processes at this level that there are sets of defined and documented standard processes established and subject to some degree of improvement over time. These standard processes are in place (i.e., they are the AS-IS processes) and are used to establish consistency of process performance across the organization. Organizations that have successfully moved from level 2 to level 3 on the data governance maturity scale have documented and established a data governance program as a core component of their report development and data usage life-cycle. The program is enforced and testing is done to ensure that data quality requirements are being defined and met.
Level 4 – Managed Level
It is characteristic of processes at this level that, using process metrics, management can effectively control the AS-IS process (e.g., for software development ). In particular, management can identify ways to adjust and adapt the process to particular projects without measurable losses of quality or deviations from specifications. Process Capability is established from this level.
An organization can move to level 4 only when it institutes a managed meta-data (data about data) environment. This enables the Data Governance Team to catalog and maintain meta-data for corporate data structures. It also provides the Information Technology and end-user staff access to what data exists where within the organization (along with definitions, synonyms, homonyms, etc.). The data governance team is involved (at some level) in all development efforts to assist them in the cataloging of meta-data and reduction of redundant data elements (in logical models always; in physical models as appropriate for performance and project requirements). Level 4 organizations have begun to do data audits to gauge production data quality.
The success of the level 4 organization depends on the buy-in of upper management to support the “data is a corporate asset” maxim. This involves treating data as they treat other assets (personnel, finances, buildings, finished goods, etc.). Advanced tools are utilized to manage meta-data (repositories), data quality (transformation engines), and databases (agent-based monitors, centralized consoles for heterogeneous database administration, etc.). Approximately 5% to 10% of organizations operate at Level 4.
Level 5 – Optimizing Level
It is a characteristic of processes at this level that the focus is on continually improving process performance through both incremental and innovative technological changes/improvements.
The level 5 organization uses the practices evolved in levels 1 through 4 to continually improve the data access, data quality, and database performance. No change is ever introduced into a production data store without it first being scrutinized by the data governance team and documented within the meta-data repository. Level 5 organizations are continually trying to improve the processes of data governance. Less than 5% of organizations operate at Level 5.