Why Maturity Models For Data Governance Are Irrelevant In The Data Economy

There are multiple maturity models and associated assessments for data governance on the market. Some are from software vendors, or from consulting companies, which use these as the basis for selling services. Others are from professional groups like the one from the Data Governance Council.

They are all good – but frankly not adequate for the data economy many companies are entering into. I think it is useful to reshuffle some too well established ideas...

Maturity models in general are attractive because:

  • Using a maturity model is nearly a “no-brainer” exercise. You run an assessment and determine your current maturity level. Then you can make a list of the actions which will drive you to the next level. You do not need to ask your business for advice, nor involve too many people for interviews.
  • Most data governance maturity models are modeled on the very well known CMMI. That means that they are similar at least in terms of structure/levels. So the debate between the advantages of one vs another is limited to its level of detail.

But as firms move into the data economy – with what this means for their sourcing, analyzing and leveraging data, I think that today’s maturity models for data governance are becoming less relevant – and even an impediment:

  • Maturity models are useful for very stable and well known capability domains. But with big data, cloud, BI self-service, extended enterprises, personal information management, and open data, to cite a few big changes, data governance will evolve drastically to a more business oriented governance reflecting a new set of business decisions.
  • Maturity models tend to focus on the “quality and automation of process.” The business rarely sees the correlation between maturity levels and the impact for their own objectives - and on business results.
  • While adopting these different initiatives or technologies the data governance maturity level of enterprises will unavoidably decrease. Getting next maturity level was often the only justification for investments. How then to justify to the business that the maturity level is drastically decreasing?

In the data economy, there is not a single data governance framework which works for all firms. Each will be different and highly tailored to the (data) business model. As data governance advisors, we should recommend our customers start now to learn a different approach: derive data governance objectives from business and IT objectives, and use that to drive governance structures, processes, and criteria. This brings coherency between objectives, organization design and data governance architecture.

Please share your thoughts about data governance maturity models – if you think they are useful and why. Share your experience if you are already using another method to build your next data governance.


DGI Framework

An alternative to using a maturity model you could take a look at the Data Governance Institute Framework http://www.datagovernance.com/dgi_framework.pdf which I think is going in the right direction.

The only thing that I regret on this very interesting framework is it is still for a data governance 1.0 meaning for "internal data" and it would require some adaptation to deal with "late governance" or "after the facts" type of governance required for Big Data. If you are dealing with these new DG 2.0 challenges we are starting new research on that subject. So please share with us your good ideas and your thoughts.

Distinction between DG Maturity Models and DG Frameworks

Great post Henry, I think you bring up some very valid points.

As someone who has designed a data governance maturity model for a vendor, I’d like to share my point a view on the benefits and drawbacks of any maturity model and assessment. I posted a blog in February discussing why we developed a model (http://blogs.informatica.com/perspectives/2013/02/01/data-governance-how...) and my main take-away from that post was this:
“Don’t expect any tool to design a data governance plan or roadmap for you (unless you’re paying consultants to do just that). The goal of an assessment should be to provide input and direction steeped in best practice that your plan can leverage. Most maturity assessments can be valuable if you use properly – and with appropriately set expectations.”

You brought up in your post “Maturity models are useful for very stable and well known capability domains. But with Big Data, Cloud, BI self-service, extended enterprises, Personal Information Management, Open Data to cite a few big changes, data governance will evolve drastically to a more business oriented governance reflecting a new set of business decisions.”

While I agree that new and emerging information management technology challenges and opportunities will challenge traditional data governance paradigms, I don’t think this negates the need for an assessment of your non-technology competencies around People, Process, Measurement, Value Generation, Policy creation, Change management, etc. These are all examples of foundational data governance principles that all vendors, analysts and consultancies seem to agree upon, and are relevant to assess whether you’re working on a traditional on premises BI implementation or a next generation “Cloud-based, Big Data, Social Sentiment Analysis via Mobile devices initiative” (lots of fun buzz-words in there - BINGO!).

In your comment, you mentioned the Data Governance Institute’s (DGI) DG Framework– I’m also a fan and believe they have done an awesome job and provide a fantastic service with clear thought leadership. But I would distinguish a DG Framework from a maturity model. Any DG Framework, be it DGI’s, DAMA’s, or ours (see http://governyourdata.com/page/what-is-data-governance) should prescribe the competencies, roles and responsibilities, best practices and direction needed for any DG initiative.

As a complement to that framework, a good maturity model and assessment should simply be a tool used to measure where your organization currently stands in its ability to effectively leverage and deliver business value from those competencies. And what’s the greatest value of a maturity assessment? The ability to use the results as a catalyst to help secure executive sponsorship and build a business case for increased DG investment and resources.

Thanks again for starting this great discussion, I’m really looking forward to your upcoming research in this area!
Best regards

Use a framework rather than a maturity model to build your DG pr

Thank you Rob to jump in this discussion. I appreciate a lot your comments and I agree with you we should not confuse a DG maturity assessment and a DG Framework. The problem is a lot of customers today are using a DG maturity assessment to build their DG program. And my post is arguing that we should not use anymore DG maturity assessment to build the DG required for the Data Economy era.
The next data governance would be so different :
1. Closer to business decisions/governance
2. Involving more operational people with delegated decision (data scientists, customer intelligence) because of the real time enterprise factor
3. Data governance decisions will get broader impact at enterprise level like brand image, e-reputation
4. Data governance will not only turn into policies and rules, but in establishing ethical rules and being able to execute them in a day to day manner
So the next data governance will be more real time, more operational, more impactful on the business as it is a consequence of the data economy. In addition a DG maturity tends to see the progress only on the "level" dimension while the reality of the next DG will be more dynamic and will see progress even if sometimes that would require to regress on the maturity level.

Data Literacy before data goverance

Although data goverance frameworks and capability models are usefull, they are premature. Most organizations and staff in them have not been trained in the basics of data such as meaning and semantics. Most staff think of data as facts devoid of bias and subjectivity. They perceive data as reality or truth. But they fail to understand that data is created and interpreted with bias and subjectivity. The context and motivations underlying the data has to be understood before you can "govern" data.

What is then needed are principles to govern data. What are the principles concerning privacy and security if data. Not policies! Policies are for enforcement. Principles are the organization's beliefs and might I say morals an ethics that "govern" data. Until staff understand data literacy and governing princlpes, data goverance will fail or stagnate.

There are ways to assess dta literacy and to determine if the organization's data goverance principles. Start there before considering data goverance.

Thank you Richard for your

Thank you Richard for your comment. In your comment you consider meaning and semantics as a prerequisite before data governance should take place. I think in the data economy the data governance 2.0 should determine the risks involved in using data that you do not fully understand, because this is what will happen to many data scientists and customer intelligence analysts when they will tend to use external sources they do not know how it has been obtained through "secret sauce" algorithms. So in my mind we should surely include the "understanding" of data as part of the data governance.

Frameworks and Models Don't Make Decisions - People Do

Henry, et al,

Its common to criticize the status quo with explanations about how the world is changing and what was once good enough just isn't anymore. The fact is that Maturity Models are just assessment tools, and the quality of Data Governance Maturity Models themselves vary so greatly one can't just say all models are this or that. Nor can one say that a new epoch of Data Economy is upon us and past methods for assessment are invalid.

As the instigator and facilitator of the Data Governance Industry and the Industry's first real peer developed Maturity Model I can tell you there are still many, if not the majority, of firms around the world who are not involved in the Data Economy. They are still very much in the industrial and post- industrial economy. They buy and sell real goods, and data is the artifacts of those decisions. For these organizations, Data Governance is very new. Their organizations are mired in an archivist view of data management, or at best an application level world view. In retailing, manufacturing, oil and gas, utilities, transportation, healthcare, education and government, Data Governance is a discipline yet to be discovered and certainly not mastered.

For those insitutions a capable DG Maturity Model is an outstanding tool to understand how past practices can be changed and outcomes improved. Even among more mature industries like Financial Services and Telecommunications, organizations don't assess often enough and don't internalize what the assessments tell them. And on a global level, maturity varies tremendously.

If you want to say that Maturity Models themselves aren't enough to ground an effective governance program on, I will agree with that. But a good Maturity Model, like the one created by the 50 companies in the IBM Data Governance Council, is an invaluable tool for learning what you are doing, how it compares to other behaviors, and how you can improve.

As an industry we still have a ways to go to offer more advanced tools for identifying immature practices, data exposures, and issues needing triage on a regular basis - tools that actually facilitate decision-making. But Maturity Models remain an important method for judging what's what.

I see this every day in my travels around the world.

Have you seen customers asking for agile governance?

Thank you Steven for your insight and the courage to disagree. I knew that I would provoke some controversy by publishing such blog... And I think it is good to have that sort of debate.
At Forrester we tend to identify some of the big trends like Digital Disruption, Data Economy. That forces us to think what will change under these large drivers in advance and prepare the answer. To complete that, I am receiving inquiries and doing interviews of more advanced customers (it is not the majority I agree) and they do not feel comfortable when adopting big data, cloud, BI self service, operational BI technologies because usual data governance thinking does not answer some of their challenges. They are asking a right sized data governance, agile, more real time, more operational, more pragmatic governance, broader data governance which connects with business governance like for customer intelligence issues like personal information. Of course there are several interpretation behind these words. It is probably also in line with Lean and Agile that these customers have seen getting some early success in devops. I agree these companies today do not represent the majority but they are announcing a claim which will unavoidably increase.
So if I agree with you that maturity models and assessment are very useful for a majority of companies today and will continue to be useful even in the data economy but it will not be anymore to build the next data governance. Even worst it could become an impediment to build the right sized governance.

Maturity Models More Relevant than they Appear

The notion of a maturity model has been a useful consulting construct for many years now. It allows everyone involved to "self assess" where they are on a somewhat arbitrary maturity curve and to make a plan for "growth to some target value" over time. While this process has become rote to most Information Governance (IG) engagements, I find that it has broader applicability in the domain of Organizational Change Management (OCM).

OCM is the forgotten component of almost all IG engagements where there is almost myopic focus on the "People (what they do), Process (how they do it) and Technology (the means to do it). Excluding the criticality of "Cultural Adoption and Readiness" to accept the belief that "Information is an Asset" can be disastrous to a burgeoning IG Program. In my practice, I use the Maturity Assessment process to help establish a "Change Readiness" baseline which can then be augmented with more formalized (PROSCI) Change Management techniques. All of the progress around making Information critical to the success of the enterprise will be lost if we do not establish the concept of "Personal Stewardship" in support of an Information is an Asset-driven culture.

Cultural readiness

Thank you Richard for bringing an interesting angle to the discussion. I agree with you the culture can be very different and being french I am very aware about the cultural differences. Data Governance 1.0 have resulted sometimes in very prescriptive, process driven, guided decisions. That was presented as the only manner to be compliant with the multiple regulations, quality, security and privacy concerns. BY following strict governance processes you avoid people particularly operational people to interrogate themselves. With Big Data crossed with sentiment analysis the marketers, customer intelligence, data scientists should use their creativity to innovate, to find gold nuggets. If we want to avoid to get "mad" marketers the same way that we have had mad traders there should be an after the fact governance to verify that the gold nugget would not become a brand image bomb. This is this new type of right sized, agile, operational, pragmatic, continuously learning governance which is the next governance. We still need the previous DG activities to take place for internal and what Forrester is calling "qualified" data. But the new data governance needed to deal with Big Data, Self Service, external sources and algorithms, the volume and multiple sources of data collection, etc will extend current DG practices. So to come back to your cultural dimension I would say how to bring a data governance which does not kill creativity while allowing to mitigate risks. I am calling this DG2.0 practice "risks vs rewards".

Shift to Data Governance 2.0

I am surely not alone having that feeling that data governance is deeply changing as the number of recommendation for this post demonstrate. But some more well known than I on this DG domain are also feeling that. Take a look at Nigel Turner's blog post : http://blogs.trilliumsoftware.com/trilliuminsights/2013/05/data-governan...

What is your viewpoint about where is going the next data governance?

The Paradox of Governance

I will just say there is a huge difference between writing about Data Governance and actually doing it day in and day out. Those of us writing about it may get bored with the mundane aspects of documenting issues for remediation and finding organizational support for solutions. We may pine for the new and exciting future of Data Governance 2.0, the Digital Economy, Agility, Speed, and Convenience. Governance is hard because people are hard to organize in one direction for longer than a day. The Paradox of Governance is that people like to govern and control others and don't want to be governed and controled themselves.

As long as our organizations will be staffed and ruled by people with diverse needs and freedom of will, Data Governance will be dependent on an ever changing mix of intellectual tools, software solutions, and communication processes. New forms of data, commerce, and interaction create new challenges for existing models that themselves are new and unproven. Add in the ever changing nature of people as they cycle into new roles and leave old responsibilities and you can begin to understand why Data Governance Maturity Models remain invaluable tools.

Data Governance 2.0 - grist for analysts and writers, consulants and strategists. In the real world, 1.0 remains a dream yet unattained.

I've been practicing

I've been practicing governance within large corporations for over a decade and I agree with Steven. Many governance practitioners view it as a control or police function. This always bothers me.

However, that is why I find the right maturity model is enabling. I'm constructed several data management models and I do include elements that are CMM oriented, its hard not to, but I go in the direction that the model itself is a living document and requires yearly updating based on what the business is doing, priorities, and the awareness curve of the company.

I also don't agree with the premise of the author that maturity models have outlived their usefulness due to the rapidly changing environment. The principles are the same, it's just technology that is changing, and frankly, that's a relative assessment.

Maturity Model as a moving target

The prescriptive unyielding (maturity) models never worked, except in very short periods of time. I believe that every model worth its salt - and that includes maturity models - should be capable of adapting to "known unknowns". Your advice seems to be predicated on implicit assumption of maturity model's rigidity, while it can - and should be - constantly evolving.
A framework provides both Business and IT with a common ground, a starting point from which they start driving that "governance structures, processes, and criteria" you recommend, and constant revision to the maturity model for data governance is a given. It is a moving target, to be sure, but the one that keeps organization focused.

Blog about data stewardship new role

Another interesting post reflecting the change of data governance and consequently how the role of data stewardship will shift from managing domestic concerns to an new role like airplane stewards dealing with passengers needs. http://t.co/JTByFYdOyb

Another interesting article

Another interesting article about data governance, it has given a different perspective.


Data Governance Toolkit delivered

For those following that blog started in may and you are numerous as 354 recommended that discussion, I am pleased to announce that today Forrester published the "data governance toolkit" to help companies build their own new data governance. This is a toolkit to help companies align their DG to Business and IT objectives, aligning organisational constraints. This shows the value of DG and transform DG into a business enabler rather staying a cost. http://www.forrester.com/Forresters+Data+Governance+Toolkit/fulltext/-/E...

Forrester proposes Data Governance Archetypes

Michele Goetz and I are currently finishing writing a document proposing an alternative to DG maturity models. The Data Governance Toolkit we published recently remains a complex approach which requires to align DG objectives/actions to Business and IT objectives. Most of the companies who are not used to regularly realize that alignment feel uncomfortable and lengthy to do that. Leslie Owens proposed Michele and I to simplify this complex process by finding patterns which in addition will accompany companies toward Data Governance 2.0. We will soon publish the Data Governance Archetypes document. Let us know what you think about these archetypes and if you recognize in your own organisation some of these DG archetypes.