Data Governance Maturity Model for Micro Financial
Organizations in Peru
Stephanie Rivera
, Nataly Loarte
, Carlos Raymundo
and Francisco Dominguez
Escuela de Ingeniería de Sistemas y Computación, Universidad Peruana de Ciencias Aplicadas (UPC), Lima, Peru
Facultad de Facultad, Universidad Rey Juan Carlos, Madrid, Spain
Keywords: Data Governance, Micro Finance, Maturity Model, Data Management.
Abstract: Micro finance organizations play an important role since they facilitate integration of all social classes to
sustained economic growth. Against this background, exponential growth of data, resulting from transactions
and operations carried out with these companies on a daily basis, becomes imminent. Appropriate
management of this data is therefore necessary because, otherwise, it will result in a competitive disadvantage
due to the lack of valuable and quality information for decision-making and process improvement. Data
Governance provides a different approach to data management, as seen from the perspective of business
assets. In this regard, it is necessary that the organization have the ability to assess the extent to which that
management is correct or is generating expected results. This paper proposes a data governance maturity
model for micro finance organizations, which frames a series of formal requirements and criteria providing
an objective diagnosis. This model was implemented based on the information of a Peruvian micro finance
organization. Four domains, out of the seven listed in the model, were evaluated. Finally, after validation of
the proposed model, it was evidenced that it serves as a means for identifying the gap between data
management and objectives set.
Data governance is a trend that allows for
proper data management in the organization since
information is at present a company asset which
offers benefits when used strategically; thus, offering
a competitive advantage (Soares, 2010).
On the other hand, organizations play a key role
in a country’s economic development. In particular,
micro finance organizations are the means through
which entrepreneurs can access financial services
(World Vision, 2014), thereby promoting self-
improvement and development pathways for
different countries, especially economics low sector,
using the concept of micro finance in its financial
system (Gestion, 2015).
Given this, as the data volume and complexity
grows, organizations have two options: they can
succumb to information overload or they can
implement data governance in order to take advantage
of the organization data huge potential (EY, 2014).
It is vital that these organizations are able to
manage their data properly in order to be able to
exploit them. According to some Digital Universe
studies, only 1% of the global data is analysed and
over 80% of the data is not protected (The Guardian,
2014). In addition, IBM studies show that one of the
most affected sectors in this gap of data governance
is the financial sector, as the cost of each record of
lost or stolen data is USD 215, which translates into a
loss of USD 3.79 million a year (Ponemon Institute
and IBM, 2015). Given this scenario, organizations
must be able to assess their data management to
prevent such threats and meet the gap be-tween the
desired data governance level and its current level.
There are solutions proposed that consist in the
development of a maturity model focused on data
management. In 2007, Peter, David, Burt and Angela
proposed a maturity model of data management
consisting of six governance processes and five levels
of maturity (Aiken et al., 2007). On the other hand,
Marco and Katharina, in 2015, proposed a maturity
model for master data management called the master
data management maturity model (MD3M), which is
characterized by addressing various aspects of
governance through five thematic or flexible domains
and five levels of maturity (Spruit and Pietzka, 2015).
Rivera, S., Loarte, N., Raymundo, C. and Dominguez, F.
Data Governance Maturity Model for Micro Financial Organizations in Peru.
DOI: 10.5220/0006149202030214
In Proceedings of the 19th International Conference on Enterprise Information Systems (ICEIS 2017) - Volume 3, pages 203-214
ISBN: 978-989-758-249-3
Copyright © 2017 by SCITEPRESS Science and Technology Publications, Lda. All rights reserved
Likewise, the Governing Council Data of IBM
also addresses the issue of data governance based on
best practices and methods used by its members after
their performance in various organizations
worldwide. As a result, they pose a flexible scheme
consisting of five levels of maturity (based on CMM)
and eleven domains, which enable organizations to
assess current deficiencies in data governance
practice and identify opportunities for improvement
(IBM, 2007). While there are data governance
maturity models, these are generic and do not align to
the requirements of the micro finance sector, which
has its own characteristics such as the exponential
growth of data volume, the criticality of data and
regulations and standards to which it is subject
(Informatica, 2015).
Given this, the objective of this research study is
to demonstrate the advantages and benefits that
entails the ability to objectively measure and assess
the management carried out in relation to a micro
finance sector organization data, in such a way that it
ensures integrity, availability and confidentiality of
data through a flexible proposal. In this sense, the
proposal that arises is the development of a data
governance maturity model for micro finance
organizations, consisting of fundamental domains
covering the most important fronts of data
management in the organization. This model serves
as a tool to carry out the abovementioned assessment.
This paper is divided into five sections. Section 2
contains information subject matter of the research
study, and reviews the literature related to the topic
presented in this document. Section 3 discusses the
proposal developed during the research period. On
the other hand, the result of the validation of the
model applied in a study case is in Section 4. Finally,
the research conclusions and the conclusions of the
model application are presented in Section 5.
First, Research has been approached from two
perspectives: Data Governance Models that provide a
frame-work for holistic integration on data
management and control in the organization; and
Data Governance Maturity Models, which establish
evaluation criteria to diagnose data
Regarding the Data Governance Models, in 2007,
in order to offer the organization, the possibility to
unify in one single model the technical and business
approach, Kristin (Wende, 2007) proposed a data
governance model consisting of 4 domains. The main
feature of this model is that it was specifically
designed to contribute to the decision-making process
of everyday life in organizations. In 2009, Kristin,
Boris and Hubert (Weber et al., 2009) observed that
organizations failed to address the critical aspects for
successful quality data management, limiting to only
associating it to IT. Thus, they propose a data
governance model that consists of seven parameters
with a strategic focus on three decision areas called
Strategy, Organization and Information Systems. Its
main objective is to obtain an optimal quality data
management for the organization, based on the
establishment of at least eight major activities for
each decision area of the model. In addition, in 2010,
Vijay and Carol (Vijay and Brown, 2010) state that
organizations manage information technology
considering them as corporate assets; however, data
is not valued and therefore it is managed in the same
way despite the criticality of its importance. In this
sense, the authors state that both IT governance and
data governance revolve around decision making,
which is why in 2010 they proposed a framework for
data governance consisting of five domains called
DDG, taking the IT governance framework as the
main reference. Peter (Malik, 2013), in 2013,
proposed a model for data governance based on Big
Data due to the exponential growth of information
volume experienced by organizations. The proposal
includes five key factors and ten principles or best
practices for optimum results in data management.
On the other hand, in 2014, with the aim of converting
the organization data in significant inputs that
generate value, Hongwei, Stuart, Yang and Richard
(Zhu et al., 2014) propose a data governance model
that addresses six categories and five criteria
including assessment methods. The latter, unlike
other models, allows the organization to anticipate the
various ways in which the model can affect while
being implemented.
Data governance models analysed have different
perspectives; Kristin, Vijay and Carol, and Hongwei,
Stuart, Yang and Richard models are approached
from a strategic point of view prioritizing decision-
making, while the Kristin, Boris and Hubert, and
Peter Model focuses on specific features such as Data
Quality and Big Data trend.
On the other hand, regarding Data governance
maturity models, in 2007, Peter, David, Burt and
Angela (Aiken et al., 2007) stated that a data
governance assessment within an organization can
draw a roadmap for improvement of data
management; however, they pointed a lack of a
framework to guide such management from an
achievement-oriented approach. This drives the
ICEIS 2017 - 19th International Conference on Enterprise Information Systems
authors to propose a data management maturity
model consisting of six governance processes and
five maturity levels based on CMMI. In 2007 as well,
based on the experience of IBM data governance
council members and after understanding the needs of
various international organizations with which they
worked on data management, they posed a maturity
model whose levels are based on the ones proposed
by the CMMI. Likewise, they defined eleven
categories grouped in four key domains with which
all fronts of the organization involved in data
governance are covered. This model was applied in
the fifty organizations that make up the IBM council
revealing their state of maturity (Aiken et al., 2007).
In 2009, based on the objective of providing the
organization with a roadmap to organize their efforts
around critical factors in data management, the
Enterprise Content Management Maturity Model
(ECM) (ECM, 2009) was proposed, a model
consisting of three domains and 5 levels of maturity
that have an approach based on the organization
management action. A year later, in 2010, DataFlux
Company points out that organizations only focus on
entering and monitoring data to meet specific needs,
however, this leads to the storage of redundant and
obsolete data; therefore, they proposed a model that
addresses four domains and four levels of maturity
(Dataflux Company, 2010). In the same year, Kalido
Company (Kalido, 2010) made research on over forty
companies with various maturity levels, detecting that
the ratio of data-related problems growth is outpacing
our ability to detect them. Thus, they pro-posed a
model based on three domains, whose maturity levels
are based on the evolution of information assets in the
organization approach. One year later, in 2011, with
the aim to promote and support organizations on how
to focus their efforts on data management and
materialize them through benefits Oracle Insight
Team (Oracle, 2011) proposed a maturity model
based on five domains and six maturity levels adapted
to CMMI. In 2014, after analysing the behaviour of
organizations, the CMMI Institute (CMMI Institute,
2014) said that it is necessary a model that aligns data
management with business needs; therefore, it
proposes a model with six domains and five maturity
levels. On the other hand, after investigating and
concluding that quality data assurance arises from the
integration of master data, and in the absence of a
framework that supports this approach, in 2015,
Marco and Katharina (Spruit and Pietzka, 2015)
proposed a maturity model called MD3M, which
addresses master data management through five
flexible themes and five maturity levels also based on
Each data governance maturity model studied
poses a different approach for its models and maturity
levels; however, all of them have the same objective:
help the organization identify its real maturity level.
Thus, they base themselves on domains, which are the
main aspects that must be considered to measure data
management and maturity levels, as well as their level
of management of each aspect or domain.
3.1 Basis
From the literature reviewed, we have selected eight
models of data governance maturity, each model
provides a context of the aspects considered
necessary to be addressed in order to improve data
management. These aspects are called domains. Each
model defines the level of granularity of their
domains, so with the aim of identifying fundamental
aspects to implement data governance in an
organization, the following common domains are
identified from the selected models:
Principles of data: Focus on data policies,
strategies and regulations (Oracle, 2011)
(Dataflux Company, 2010) (Kalido, 2010)
(ECM, 2009) that determine the desired
organizational behaviour (IBM, 2007) (Vijay
and Brown, 2010). The overview for setting
policies is preventive and requires a high
commitment from senior management (CMMI
Institute, 2014);
Data lifecycle: Systematic policy for data
collection, retention and disposal (IBM, 2007),
supported by analysis and continuous
measurement (CMMI Institute, 2014). In
addition, it is essential that there is a tool for
optimal data storing in the organization (Vijay
and Brown, 2010) (Spruit and Pietzka, 2015);
Data quality: The organization adopts
guidelines to maintain the data integrity and
define the impact of data categories in the
business (Oracle, 2011) (Spruit and Pietzka,
2015). Measurement improvement and quality
certification data (IBM, 2007) to pre-vent
damage to operational and reputational levels
(CMMI Institute, 2014) (Vijay and Brown,
Data Governance Maturity Model for Micro Financial Organizations in Peru
Metadata: It describes what data is about and
provides a common, single and consistent
semantic definition that provides an
understanding at a technical and business level
(IBM, 2007) (ECM, 2009) (Vijay and Brown,
2010) (Spruit and Pietzka, 2015). Data
integration architecture to improve operational
efficiency (Oracle, 2011);
Information Technologies: Technology of
organization supports and monitors data, it is
also aligned to the business strategy (Kalido,
2010) (ECM, 2009). Infrastructure technology
to support BI strategy (Oracle, 2011) (Dataflux
Company, 2010);
Information Security: Enterprise-scale data
security architecture to support the integrity,
reliability and availability of data (Oracle,
2011). Policies, practices and controls to
mitigate the risks (IBM, 2007) (Dataflux
Company, 2010) (Spruit and Pietzka, 2015). It
addresses the guidelines for assigning value to
different data categories and, on that basis; it
sets the information access limits (ECM, 2009)
(Vijay and Brown, 2010).
Regarding the page layout, authors should set the
Section Start to Continuous with the vertical
alignment to the top and the following header and
None: There is no initiative to improve
processes. Data is not valued (Oracle, 2011);
Initial: Unpredictable process, poorly
controlled and reactive (IBM, 2007) (Dataflux
Company, 2010). Data management only by IT
(Spruit and Pietzka, 2015) (Oracle, 2011);
Managed: Process characterized for being
manageable (IBM, 2007) (Dataflux Company,
2010). There is data management only of
certain business units (Spruit and Pietzka,
2015) (Oracle, 2011) (CMMI Institute, 2014);
Defined: Process characterized for its
organization and for being proactive (IBM,
2007) (Dataflux Company, 2010). Business
committed to data management (Spruit and
Pietzka, 2015) (Oracle, 2011);
Quantitatively Managed: Process that can be
measured quantitatively (IBM, 2007) (Dataflux
Company, 2010). Metrics to evaluate data
governance (Spruit and Pietzka, 2015) (Oracle,
Optimized: It is focused on continuous
improvement of processes (IBM, 2007)
(Dataflux Company, 2010). Data governance is
a process of main business (Spruit and
Pietzka, 2015) (Oracle, 2011).
Table 1 show a comparison matrix between of
models of data governance maturity and the domains
they address. The six previously explained domains
address the associated data management basic
aspects; however, not all the models refer to them.
The MD3M (Spruit and Pietzka, 2015) and DDG
(Vijay and Brown, 2010) models have limited
approach on data and data management, but they do
not address a key aspect like IT strategies for data
support. On the other hand, Oracle (Oracle, 2011) and
DataFlux (Dataflux Company, 2010) present a more
technological approach that starts from the premise of
using technological tools to govern data properly
without addressing in detail the strategic aspects.
With regard to maturity levels, we can classify
models into two groups: those models that have made
an adaptation of CMMI levels and others which have
chosen to propose their own levels of maturity.
Regarding the models with adapted levels, the
DMM and IBM models have chosen not to modify
the definition proposed by CMMI established for
each level of maturity. While Oracle and MD3M have
made an adaptation of CMMI levels adding certain
concepts specifically associated with data
management. These four models support their choice
in that such levels of maturity belong to an already
robust and validated international model. There are
models that have proposed their own maturity levels
such as Kalido, DataFlux, ECM and DDG. The last
two are similar because they have approached
maturity levels from the initial stage where data
governance does not exist yet or is barely known, to
a level where initiative data management is based on
proactive management. While the first two, DDG and
Kalido, differ markedly from those discussed above
since they address their maturity levels with
approaches based on data management from
information centralization. Therefore, as seen in
Table 2, maturity levels each model addresses have
been standardized in order to compare these
approaches and unify the concepts per level.
After studying each model, we have finally
detected three points in which each model has
decided to address maturity levels: general approach
proposed by CMMI; an approach proposed by CMMI
adapted to the context of data governance and an
approach strictly linked to data management. No
model combines these three perspectives, which
would enrich the proposal. Finally, each model
addresses intervention assessments in different ways.
ICEIS 2017 - 19th International Conference on Enterprise Information Systems
Table 1: Comparative matrix of models and domains.
Table 2: Comparative matrix of maturity levels.
First, IBM, DataFlux and Kalido models are based
solely on the proposed domains and maturity levels;
they do not need to disaggregate each domain to
perform the assessment. While the other models
establish a mechanism of differentiated and detailed
However, not all the models coincide with the
assessment mechanisms at a content level, that is
why, based on the different aspects each model
addresses, it is considered fundamental to consolidate
said key areas, components or ideas in a unique
concept called assessment criteria, which facilitates
maturity assessment for organizations. This can be
seen in Table 3.
3.2 Model
The micro finance environment presents peculiarities
that have a direct impact on data management,
starting from the personalized customer service
sought, the very strict regulatory regime to which they
are subjected, and the dynamic financial system to
which they must adapt. There is a critical issue that
characterizes the data manipulated by these
organizations, the protection of personal data
(Deloitte, 2014), and whose consideration as a
separate domain from the Information Security
domain is crucial given the context of the proposal
(Arnold, 2016).
After analyzing the existing proposals, a model is
proposed, as shown in Fig. 1. It allows integration of
the seven domains, including the domain of data
protection as a separate domain in a single frame of
reference aligned to the characteristics of the micro
financial sector and whose maturity assessment
through level standardization, results simple and
objective for micro finance organizations.
In this sense, MMGD offers the organization the
ability to be assessed in the financial sector in which
it is governed, allowing it to use it as benchmark to
learn about their deficiencies regarding competition.
In addition, this model is flexible and the organization
not only has the possibility to know its overall
maturity, but also, according to needs and / or
Oracle (Oracle, 2011)
ECM3 (ECM, 2009)
DataFlux (Dataflux Company, 2010)
Kalido (Kalido, 2010)
DDG (Vijay and Brown, 2010)
IBM (IBM, 2007)
DMM (CMMI Institute, 2014)
MD3M (Spruit and Pietzka, 2015)
Models Maturity Levels
(Oracle, 2011)
None Initial Managed Standardized Advanced Optimized
(ECM, 2009)
Incipient Formative Operational Proactive
(Dataflux Company, 2010)
Undisciplined Reactive Proactive Governed
(Kalido, 2010)
Focused on
Focused on
Focused on
Totally governed
(Vijay and Brown, 2010)
Centralized Governed
(IBM, 2007)
Initial Managed Defined
(CMMI Institute, 2014)
Realized Managed Defined Measured Optimized
(Spruit and Pietzka, 2015)
Initial Repetitive
Managed and
Data Governance Maturity Model for Micro Financial Organizations in Peru
circumstances, it can measure the maturity level of a
given domain independently.
Table 3: Assessment Criteria.
Domain Criteria
Data Governance Objectives (Vijay and
Brown, 2010) (Oracle, 2011) (Kalido, 2010)
Roles and Responsibilities (Spruit and
Pietzka, 2015) (Oracle, 2011) (Dataflux
Company, 2010)
Policies, Principles and Guideline (Vijay and
Brown, 2010) (Oracle, 2011) (Dataflux
Company, 2010)
Organizational Culture (Vijay and Brown,
2010) (Dataflux Company, 2010)
Regulatory Compliance (Vijay and Brown,
2010) (Oracle, 2011)
Data planning (Vijay and Brown, 2010)
(Dataflux Company, 2010)
Data processing (Vijay and Brown, 2010)
(Spruit and Pietzka, 2015)
Data analysis (Vijay and Brown, 2010)
(Kalido, 2010)
Data preservation (Vijay and Brown, 2010)
(Kalido, 2010) (Dataflux Company, 2010)
Data Publication (Vijay and Brown, 2010)
(Spruit and Pietzka, 2015)
Definition of metadata (Vijay and Brown,
2010) (Spruit and Pietzka, 2015)
Scope of metadata (Spruit and Pietzka, 2015)
(Kalido, 2010)
Inventory of metadata (Vijay and Brown,
2010) (Oracle, 2011) (Kalido, 2010)
(Dataflux Company, 2010)
Modelling of metadata (Vijay and Brown,
2010) (Spruit and Pietzka, 2015) (Dataflux
Company, 2010)
Data Integration and Interoperability (Oracle,
Data Warehousing & Business Intelligence
(BI) (Oracle, 2011) (Kalido, 2010) (Dataflux
Company, 2010)
Information Technology Governance
alignment (Oracle, 2011) (Kalido, 2010)
Risk Identification and Information Security
planning (Vijay and Brown, 2010) (Oracle,
2011) (Kalido, 2010) (Dataflux Company,
Domain Criteria
Information Security responsibilities (Vijay
and Brown, 2010) (Spruit and Pietzka, 2015)
(Oracle, 2011)
Access to network management (Spruit and
Pietzka, 2015) (Oracle, 2011) (Dataflux
Company, 2010) (Kalido, 2010)
Internal Audit (Vijay and Brown, 2010)
Definition of data quality (Vijay and Brown,
2010) (Spruit and Pietzka, 2015) (Oracle,
Impact on business (Spruit and Pietzka, 2015)
(Dataflux Company, 2010)
Data quality gap (Spruit and Pietzka, 2015)
(Oracle, 2011)
Data quality improvement (Vijay and Brown,
2010) (Spruit and Pietzka, 2015) (Dataflux
Company, 2010)
3.2.1 Domains
The data governance maturity model aligned to the
micro financial sector comprises seven domains, as
shown in Fig. 1. which in turn comprises seventeen
assessment criteria.
Data Principles: The focus of this domain lies
in the general guidelines of data that exist in the
micro finance organization, which will be
greatly influenced by the regulatory framework
for establishing policy guidelines, standards
and strategies under which data management is
governed. There are five criteria to consider in
assessing this domain: Data Governance
Objectives, Organizational Culture, Roles and
Responsibilities, Regulatory Compliance,
Policies, Principles and Guideline;
Data Quality: The definition of this domain
within the maturity model results from the
importance of accuracy, consistency and data
integrity for the organization. In a dynamic
financial sector, which in order to develop
business strategies based on analytics, poor
quality data have an impact on the organization
both operationally and strategically.
Assessment of this domain revolves around
four criteria: Definition of data quality, Impact
on business, Data quality gap and Data quality
ICEIS 2017 - 19th International Conference on Enterprise Information Systems
Figure 1: Data Governance Maturity Model for Micro Finance Organizations.
Metadata: This domain focuses on defining
data characteristics within the organization
context. In other words, the importance of this
domain in the model lies in the ability given to
the organization to enable the translation of
data content, from the repositories of storage to
a business concept up to establishing a
language and standard understanding. The
evaluation of the domain addresses four
criteria: Definition of metadata, Scope of
metadata, Inventory of metadata and Modelling
of metadata;
Information Security: Its approach is focused
on data accessibility and control according to
the needs of use at different levels of the
organization. The importance of this lies in the
mechanisms and controls in order to ensure
confidentiality, integrity and availability of
data. This includes both the physical and
logical security of information, with which a
comprehensive framework of assessment of
this domain is provided. According to the
regulatory regime, a micro financial
organization must comply with regulations
associated with risk management and business
continuity management. Therefore, four
assessment criteria are contemplated: Risk
Identification and Information Security
planning, Information Security responsibilities,
Access to network management and Internal
Data Protection: Given the nature of the micro
finance sector and as mentioned above, it is
necessary to be aligned to specific regulatory
compliance for data protection (Law on
Protection of Personal Data), which allows you
to convert this in a domain apart from the
Information Security Domain. In this sense, the
assessment of this domain revolves around
three fundamental criteria: Data consent,
Recording and Data Processing and Regulation
Information Technology: The domain
approach revolves around IT since they support
business processes and the information
produced during these. In this sense, being a
critical resource that supports data volume of
micro finance organizations, both at customers’
data and transaction level in its various
stages such as collection, processing, storage
and distributionit is necessary to consider it
as a key aspect in data management. Three
fundamental criteria are considered for each
domain assessment: Data Integration and
Interoperability, Data Warehousing &
Business Intelligence and Information
Technology Governance alignment;
Data Lifecycle: The domain approach
focuses on the various stages data goes
through. The importance is that this domain
addresses a number of processes and
mechanisms to optimize the management of
data throughout its lifecycle, making it
efficient. A micro finance organization stores
historical data for analytical or other purposes;
Data Governance Maturity Model for Micro Financial Organizations in Peru
Figure 2: Assessment Matrix Example.
however, this domain must define when data is
outdated for business and debug redundancies
at all levels. The assessment criteria considered
are five: Data planning, Data processing, Data
analysis, Data preservation and Data
3.2.2 Maturity Levels
The proposal regarding maturity levels is based on the
standardization of the previously studied model
levels, keeping the focus of the levels established by
CMMI and considering as a fundamental aspect the
adaptation of each of these levels to the context of
data governance in micro finance organizations.
Initial: There is no formal governance process;
data is merely seen as a sub product of
applications and processes. The organization
has no stable environment that offers support to
Managed: Standardized processes are in an
early stage of business. However, data
ownership and administration are defined only
in certain business units.
Defined: It comprises standards, procedures,
tools and methods that offer consistency to the
whole organization, achieving a good
characterization and under-standing of data use
in processes.
Quantitatively managed: Quantitative targets
are set in terms of process quality performance
and used as criteria during data management,
i.e., a statistical analysis is performed on
effective data management in the organization.
Optimized: Process performance continuous
improvement based on quantitative
understanding of the common causes of
process variation and its impact on data,
through incremental and innovative
improvements both to processes and to the
level of technology supporting data.
3.2.3 Assessment
Reflects the level of maturity regarding data
governance in the micro finance organization, i.e., it
relates the two first components mentioned through a
matrix that serves for assessing, as seen in Fig. 2. This
assessment, by the scores obtained, shows the
representation at a results level of the application of
the model in the organization. It allows for
interpretation and identification of those results to
establish a roadmap for improvement in the micro
finance organization. Assessment takes into account
evaluation, considering the premise that each of the
domains presents a significant impact on the
sectoraccording to the analysis of two important
and prestigious consulting firms like KPMG and EY,
which address themes of each of the domains of the
model as critical factors and high impact for data
governance in the financial sector (KPMG, 2014)
(EY, 2011).To carry out this evaluation, in the first
place, it is fundamental to have a teamwork of four to
six people who we will call evaluators, and who must
have at least one of the following profiles in the
organization: Business architect of data, data
architect, data modeler or Information security
After defining the evaluation team, the organization
is eligible to apply the data governance model, using
the respective equations seen in Fig 3., in two ways.
The first option is that the organization applies the
maturity model considering the seven domains. This
means that the final assessment, i.e., the model score
is the average of the score of each of the existing
criteria for each of the seven domains.
This is the common scenario in which a micro finance
organization is interested in knowing its real
condition and thus, it requires to be assessed
ICEIS 2017 - 19th International Conference on Enterprise Information Systems
Figure 3: Equations of Maturity Score.
holistically to identify the different aspects of
improvement. The second option is that the
assessment is performed only at a specific domain(s)
level; for instance, in a scenario where the
organization had suffered multiple cyberattacks and
is only interested in focusing on the Information
Security domain. If that is the case, the model
presents flexibility in its application and the
Assessment permits reflecting only the score of
maturity for such domain, which is called domain
Finally, in both model application cases, the
organization is able to interpret the scores of each
result based on Table 4, which permits concluding at
what maturity level it is regarding its data governance
and management.
Table 4: Score Equivalences
Score Maturity Level
0 > Score <= 1 Level 1: Inicial
1 > Score <= 2 Level 2: Managed
2 > Score <= 3 Level 3: Defined
3 > Score <= 4 Level 4: Quantitavely Managed
4 > Score <= 5 Level 5: Optimized
In this stage, the validation process has four steps:
Planning, Application Model, Diagnostic and the
Analysis of the Results. In planning the validation
process, we address two fundamental aspects: scope
of validation and micro finance and work team for the
case study. With regard to the scope of validation,
only 4 of the model domains have been considered:
Data Principles, Metadata, Data Quality and
Information Technology due to the limitations in
terms of time and resources. On the other hand, as per
the case study, we worked with a micro-finance we
will call ABC micro finance organization to protect
its information. ABC micro finance organization aims
to promote sustainable and inclusive economic and
social development for economically disadvantaged
people through the use of responsible finance. The
organization is as a leader in the sector in Peru and
has over half a million customers in its portfolio,
about three thousand employees and approximately
153 offices in the country.
In addition, for this validation process, we worked
collaboratively with the micro finance organization,
which offered us a team of four people with the
following profiles: Data Architect, Information
Security Analyst, Data Manager and Quality Data
Analyst to support us with data collection for the
corresponding evaluation.
Table 5: Maturity Score of Domains.
Domain Score
Data Principles 2.86
Data Lifecycle 2.55
Metadata 3.46
Information Technologies 2.47
Table 6: Maturity Score of Evaluation Criteria.
Domain Criteria Score
Data Governance Objectives 4.45
Roles and Responsibilities 3.25
Policies, Principles and
Organizational Culture 1.45
Regulatory Compliance 2.70
Data planning 3.25
Data processing 1.70
Data analysis 1.45
Data preservation 4.10
Data Publication 2.25
Definition of metadata 2.25
Scope of metadata 3.45
Inventory of metadata 3.70
Modelling of metadata 4.45
Data Governance Maturity Model for Micro Financial Organizations in Peru
Table 6: Maturity Score of Evaluation Criteria (Cont.).
Domain Criteria Score
Data Integration and
Data Warehousing & Business
Intelligence (BI)
Information Technology
Governance alignment
Once the planning stage is consolidated, the
application of the model consists in each of the four
members of the team making the corresponding
evaluation, as shown in Table 5, in order to obtain the
weighting of each criterion or domain of the proposed
model; i.e., at the end of the model application we
must have four evaluations independent from each
The purpose of this is to have the four
perspectives and be able to objectively define the
diagnosis of maturity for the organization.
The definition stage of the diagnosis arises from the
consolidation of the four evaluations in a single
matrix that allows us to distinguish the level of
maturity per evaluation criterion. This consolidation
is made based on the corresponding formulas for
detecting scores of criteria, domain and model which
helped us detect that the level of maturity of the
organization is currently 2.84, i.e., the organization is
at Level Three Defined. Likewise, in Tables 5 and 6,
we can observe the score on a disaggregated basis by
domain and evaluation criteria.
Finally, once we have the diagnosis of the
organization, we can start the analysis stage of results
that allows to provide feedback about data
management for the micro financial organization.
Analysing the results, we can identify relevant
aspects, as seen in Fig, 5., the domain with the best
performance and what it represents, the greater
positive change compared with the overall score is the
Metadata domain. On the other hand, Information
Technologies is the domain that has the lowest score,
this means that the organization should focus on
improving this aspect.
Also, a higher level of detail can be seen in Fig.
6., the representation of the maturity level score for
all criteria evaluated in the organization, from this
perspective the criteria of organizational culture and
alignment to IT governance are the ones that reflect
less maturity, and conversely, the criteria with the
highest score of maturity are data governance and
data modelling. Finally, given these results, the
organization must choose to establish a management
to start improving the governance of its data, in Fig.
6, it can see the score for each criterion identified,
those with a low level of maturity, which means they
must have a high priority of short-term management.
The data governance maturity model for micro
finance organizations differs from existing models
based on three aspects. First, it offers a
comprehensive panorama regarding environment
domains, i.e., it consolidates the main domains or
general aspects to consider regarding data
governance. Second, it provides the organization with
a consistent standardization of existing concepts for
maturity levels, based on a robust model as CMMI,
but aligned with data governance context. Finally, the
model is aligned to the characteristics governing the
micro finance sector at present. Even though it is true
that there are proposals to evaluate data governance
in an organization, these are general and not aligned
with the particular requirements of a specific category
or segment.
Figure 5: Representation of the score per domain.
ICEIS 2017 - 19th International Conference on Enterprise Information Systems
Figure 6: Representation of the score per assessment criteria.
In this paper, we have analysed the existing data
governance maturity models, identifying its
weaknesses and strengths, and from there, we
proposed a consistent model of data governance
maturity, which is based on the integration of
domains, the standardization of maturity levels, the
consolidation of evaluation criteria, and the
alignment of the micro finance sector.
The data governance maturity model for micro
finance organizations comprises seven domains,
seventeen evaluation criteria and five maturity levels.
Each of these components has been addressed
considering the study case sector. In addition, this
model was complemented with what we call
Assessment, which is defined as the representation at
the level of results of the model application in the
micro finance organization.
The application of the model permitted the micro
finance organization to evaluate its maturity level,
taking into account its sector in an objective and easy
manner since it only requires commitment of its team
in order to know the real state of its management and
thus, subsequently, be able to set priorities to manage
action plans regarding the diagnosis of the maturity
Soares, S. (2010). The IBM Data Governance Unified Process:
Driving Business Value with IBM Software and Best
Practices.1st edition. Ketchum: MC Press.
World Vision (2014). Economic Development. [Online].
Available at:
impact%2Feconomic-development [Accessed 16 July
EY (2014). Big Data Changing the way businesses compete and
operate. [Online]. Available at:
LE/EY-Insights-on-GRC-Big-data.pdf [Accessed 19 July
The Guardian (2014). New Digital Universe Study Reveals Big
Data Gap. [Online]. Available at:
about/news/press/2012/20121211-01.htm [Accessed 20
July 2016].
Ponemon Institute and IBM. (2015). The cost of data breach
study: Global Analysis. [Online]. Available at: http://www-
[Accessed 22 July 2016].
Aiken, P., Allen, D., Parker, B., and Mattia, A. (2007).
Measuring Data Management Practice Maturity. IEEE
Computer Society, 42, pp. 43-50.
Spruit, M. and Pietzka, K. (2015). MD3M: The master data
management maturity model. Computers in Human
Behavior, 51, pp. 1068-1076.
IBM (2007). Data Governance Council Maturity Model:
Building a roadmap for effective data governance. [Online].
Available at:
df [Accessed 24 July 2016].
Informatica (2015). Transforming financial institutions through
data governance. [Online]. Available at:
paper_2882.html#fbid=gt6PYccHzOO [Accessed 26 July
Data Governance Maturity Model for Micro Financial Organizations in Peru
Wende. K. (2007). A model for data governance – organizing
accountabilities for Data Quality Management. ACIS
Proceedings, 19, pp. 417-425.
Weber, K., Otto, B. and Osterle, H. (2009). One size does not fill
all: A contingency approach to data governance. ACM
Journal of Data and Information Quality, 1(4), pp. 1-27.
Vijay K. and Brown, C. (2010). Designing Data Governance.
Communication of the ACM, 53, pp. 148-152.
Malik, P. (2015). Governing Big Data: Principles and practices.
IBM Research Journal, 57(3), pp.1-20.
Zhu, H., Madnick, S., Lee, Y., Wang, R. (2014). Data and
Information Quality Research: Its Evolution and Future.
Computing Han book: Information Systems and
Information Technology, 3, pp. 16.1-16.20.
Gestion (2015). Microfinance and its decentralization role.
[Online]. Available at:
[Accessed 22 July 2016].
Deloitte. (2014). Personal Data Protection Law: Practical
Approach. [Online]. Available at:
[Accessed 20 March 2016].
Arnold, M. (2016). Insurance broker warns on financial groups’
cyber-attack cover. Financial Times. [Online]. Available at:
44094f6d9c46 [Accessed 20 April 2016].
KPMG (2014). Governing Strategies for managing data
lifecycles. [Online]. Available at:
data-lifecicle.pdf [Accessed 18 June 2016]
EY (2011). Data Loss Prevention Keeping your sensitive data
out of public domain. [Online]. Available at:
[Accessed 18 June 2016].
Oracle (2011). Enterprise Information Management: Best
Practices in Data Governance. [Online]. Available at:
best-practices-data-gov-400760.pdf [Accessed 16 June
DataFlux Company (2010). Data Governance Maturity Model.
[Online]. Available at:
[Accessed 10 June 2016].
CMMI Institute (2014). Data Governance Maturity Model.
[Online]. Available at:
[Accessed 9 June 2016].
Kalido (2010). Kalido Data Governance Maturity Model.
[Online]. Available at:
Kalido-data-governance-maturity-model.html [Accessed 15
June 2016].
ECM (2009). Enterprise Content Management Maturity Model
- ECM3. [Online]. Available at: http://mike2.
)#_note-ftn3 [Accessed 12 June 2016].
ICEIS 2017 - 19th International Conference on Enterprise Information Systems