Data Governance Maturity Model for Micro Financial

Organizations in Peru

Stephanie Rivera

, Nataly Loarte

, Carlos Raymundo

and Francisco Dominguez

Escuela de Ingeniería de Sistemas y Computación, Universidad Peruana de Ciencias Aplicadas (UPC), Lima, Peru

Facultad de Facultad, Universidad Rey Juan Carlos, Madrid, Spain

Keywords: Data Governance, Micro Finance, Maturity Model, Data Management.

Abstract: Micro finance organizations play an important role since they facilitate integration of all social classes to

sustained economic growth. Against this background, exponential growth of data, resulting from transactions

and operations carried out with these companies on a daily basis, becomes imminent. Appropriate

management of this data is therefore necessary because, otherwise, it will result in a competitive disadvantage

due to the lack of valuable and quality information for decision-making and process improvement. Data

Governance provides a different approach to data management, as seen from the perspective of business

assets. In this regard, it is necessary that the organization have the ability to assess the extent to which that

management is correct or is generating expected results. This paper proposes a data governance maturity

model for micro finance organizations, which frames a series of formal requirements and criteria providing

an objective diagnosis. This model was implemented based on the information of a Peruvian micro finance

organization. Four domains, out of the seven listed in the model, were evaluated. Finally, after validation of

the proposed model, it was evidenced that it serves as a means for identifying the gap between data

management and objectives set.

1 INTRODUCTION

Data governance is a trend that allows for

proper data management in the organization since

information is at present a company asset which

offers benefits when used strategically; thus, offering

a competitive advantage (Soares, 2010).

On the other hand, organizations play a key role

in a country’s economic development. In particular,

micro finance organizations are the means through

which entrepreneurs can access financial services

(World Vision, 2014), thereby promoting self-

improvement and development pathways for

different countries, especially economics low sector,

using the concept of micro finance in its financial

system (Gestion, 2015).

Given this, as the data volume and complexity

grows, organizations have two options: they can

succumb to information overload or they can

implement data governance in order to take advantage

of the organization data huge potential (EY, 2014).

It is vital that these organizations are able to

manage their data properly in order to be able to

exploit them. According to some Digital Universe

studies, only 1% of the global data is analysed and

over 80% of the data is not protected (The Guardian,

2014). In addition, IBM studies show that one of the

most affected sectors in this gap of data governance

is the financial sector, as the cost of each record of

lost or stolen data is USD 215, which translates into a

loss of USD 3.79 million a year (Ponemon Institute

and IBM, 2015). Given this scenario, organizations

must be able to assess their data management to

prevent such threats and meet the gap be-tween the

desired data governance level and its current level.

There are solutions proposed that consist in the

development of a maturity model focused on data

management. In 2007, Peter, David, Burt and Angela

proposed a maturity model of data management

consisting of six governance processes and five levels

of maturity (Aiken et al., 2007). On the other hand,

Marco and Katharina, in 2015, proposed a maturity

model for master data management called the master

data management maturity model (MD3M), which is

characterized by addressing various aspects of

governance through five thematic or flexible domains

and five levels of maturity (Spruit and Pietzka, 2015).

Rivera, S., Loarte, N., Raymundo, C. and Dominguez, F.

Data Governance Maturity Model for Micro Financial Organizations in Peru.

DOI: 10.5220/0006149202030214

In Proceedings of the 19th International Conference on Enterprise Information Systems (ICEIS 2017) - Volume 3, pages 203-214

ISBN: 978-989-758-249-3

203

Likewise, the Governing Council Data of IBM

also addresses the issue of data governance based on

best practices and methods used by its members after

their performance in various organizations

worldwide. As a result, they pose a flexible scheme

consisting of five levels of maturity (based on CMM)

and eleven domains, which enable organizations to

assess current deficiencies in data governance

practice and identify opportunities for improvement

(IBM, 2007). While there are data governance

maturity models, these are generic and do not align to

the requirements of the micro finance sector, which

has its own characteristics such as the exponential

growth of data volume, the criticality of data and

regulations and standards to which it is subject

(Informatica, 2015).

Given this, the objective of this research study is

to demonstrate the advantages and benefits that

entails the ability to objectively measure and assess

the management carried out in relation to a micro

finance sector organization data, in such a way that it

ensures integrity, availability and confidentiality of

data through a flexible proposal. In this sense, the

proposal that arises is the development of a data

governance maturity model for micro finance

organizations, consisting of fundamental domains

covering the most important fronts of data

management in the organization. This model serves

as a tool to carry out the abovementioned assessment.

This paper is divided into five sections. Section 2

contains information subject matter of the research

study, and reviews the literature related to the topic

presented in this document. Section 3 discusses the

proposal developed during the research period. On

the other hand, the result of the validation of the

model applied in a study case is in Section 4. Finally,

the research conclusions and the conclusions of the

model application are presented in Section 5.

2 RELATED WORK

First, Research has been approached from two

perspectives: Data Governance Models that provide a

frame-work for holistic integration on data

management and control in the organization; and

Data Governance Maturity Models, which establish

evaluation criteria to diagnose data

management.

Regarding the Data Governance Models, in 2007,

in order to offer the organization, the possibility to

unify in one single model the technical and business

approach, Kristin (Wende, 2007) proposed a data

governance model consisting of 4 domains. The main

feature of this model is that it was specifically

designed to contribute to the decision-making process

of everyday life in organizations. In 2009, Kristin,

Boris and Hubert (Weber et al., 2009) observed that

organizations failed to address the critical aspects for

successful quality data management, limiting to only

associating it to IT. Thus, they propose a data

governance model that consists of seven parameters

with a strategic focus on three decision areas called

Strategy, Organization and Information Systems. Its

main objective is to obtain an optimal quality data

management for the organization, based on the

establishment of at least eight major activities for

each decision area of the model. In addition, in 2010,

Vijay and Carol (Vijay and Brown, 2010) state that

organizations manage information technology

considering them as corporate assets; however, data

is not valued and therefore it is managed in the same

way despite the criticality of its importance. In this

sense, the authors state that both IT governance and

data governance revolve around decision making,

which is why in 2010 they proposed a framework for

data governance consisting of five domains called

DDG, taking the IT governance framework as the

main reference. Peter (Malik, 2013), in 2013,

proposed a model for data governance based on Big

Data due to the exponential growth of information

volume experienced by organizations. The proposal

includes five key factors and ten principles or best

practices for optimum results in data management.

On the other hand, in 2014, with the aim of converting

the organization data in significant inputs that

generate value, Hongwei, Stuart, Yang and Richard

(Zhu et al., 2014) propose a data governance model

that addresses six categories and five criteria

including assessment methods. The latter, unlike

other models, allows the organization to anticipate the

various ways in which the model can affect while

being implemented.

Data governance models analysed have different

perspectives; Kristin, Vijay and Carol, and Hongwei,

Stuart, Yang and Richard models are approached

from a strategic point of view prioritizing decision-

making, while the Kristin, Boris and Hubert, and

Peter Model focuses on specific features such as Data

Quality and Big Data trend.

On the other hand, regarding Data governance

maturity models, in 2007, Peter, David, Burt and

Angela (Aiken et al., 2007) stated that a data

governance assessment within an organization can

draw a roadmap for improvement of data

management; however, they pointed a lack of a

framework to guide such management from an

achievement-oriented approach. This drives the

ICEIS 2017 - 19th International Conference on Enterprise Information Systems

204

authors to propose a data management maturity

model consisting of six governance processes and

five maturity levels based on CMMI. In 2007 as well,

based on the experience of IBM data governance

council members and after understanding the needs of

various international organizations with which they

worked on data management, they posed a maturity

model whose levels are based on the ones proposed

by the CMMI. Likewise, they defined eleven

categories grouped in four key domains with which

all fronts of the organization involved in data

governance are covered. This model was applied in

the fifty organizations that make up the IBM council

revealing their state of maturity (Aiken et al., 2007).

In 2009, based on the objective of providing the

organization with a roadmap to organize their efforts

around critical factors in data management, the

Enterprise Content Management Maturity Model

(ECM) (ECM, 2009) was proposed, a model

consisting of three domains and 5 levels of maturity

that have an approach based on the organization

management action. A year later, in 2010, DataFlux

Company points out that organizations only focus on

entering and monitoring data to meet specific needs,

however, this leads to the storage of redundant and

obsolete data; therefore, they proposed a model that

addresses four domains and four levels of maturity

(Dataflux Company, 2010). In the same year, Kalido

Company (Kalido, 2010) made research on over forty

companies with various maturity levels, detecting that

the ratio of data-related problems growth is outpacing

our ability to detect them. Thus, they pro-posed a

model based on three domains, whose maturity levels

are based on the evolution of information assets in the

organization approach. One year later, in 2011, with

the aim to promote and support organizations on how

to focus their efforts on data management and

materialize them through benefits Oracle Insight

Team (Oracle, 2011) proposed a maturity model

based on five domains and six maturity levels adapted

to CMMI. In 2014, after analysing the behaviour of

organizations, the CMMI Institute (CMMI Institute,

2014) said that it is necessary a model that aligns data

management with business needs; therefore, it

proposes a model with six domains and five maturity

levels. On the other hand, after investigating and

concluding that quality data assurance arises from the

integration of master data, and in the absence of a

framework that supports this approach, in 2015,

Marco and Katharina (Spruit and Pietzka, 2015)

proposed a maturity model called MD3M, which

addresses master data management through five

flexible themes and five maturity levels also based on

CMMI.

Each data governance maturity model studied

poses a different approach for its models and maturity

levels; however, all of them have the same objective:

help the organization identify its real maturity level.

Thus, they base themselves on domains, which are the

main aspects that must be considered to measure data

management and maturity levels, as well as their level

of management of each aspect or domain.

3 DATA GOVERNANCE

MATURITY MODEL FOR

MICRO FINANCIAL

ORGANIZATIONS

3.1 Basis

From the literature reviewed, we have selected eight

models of data governance maturity, each model

provides a context of the aspects considered

necessary to be addressed in order to improve data

management. These aspects are called domains. Each

model defines the level of granularity of their

domains, so with the aim of identifying fundamental

aspects to implement data governance in an

organization, the following common domains are

identified from the selected models:

 Principles of data: Focus on data policies,

strategies and regulations (Oracle, 2011)

(Dataflux Company, 2010) (Kalido, 2010)

(ECM, 2009) that determine the desired

organizational behaviour (IBM, 2007) (Vijay

and Brown, 2010). The overview for setting

policies is preventive and requires a high

commitment from senior management (CMMI

Institute, 2014);

 Data lifecycle: Systematic policy for data

collection, retention and disposal (IBM, 2007),

supported by analysis and continuous

measurement (CMMI Institute, 2014). In

addition, it is essential that there is a tool for

optimal data storing in the organization (Vijay

and Brown, 2010) (Spruit and Pietzka, 2015);

 Data quality: The organization adopts

guidelines to maintain the data integrity and

define the impact of data categories in the

business (Oracle, 2011) (Spruit and Pietzka,

2015). Measurement improvement and quality

certification data (IBM, 2007) to pre-vent

damage to operational and reputational levels

(CMMI Institute, 2014) (Vijay and Brown,

2010);

Data Governance Maturity Model for Micro Financial Organizations in Peru

205

 Metadata: It describes what data is about and

provides a common, single and consistent

semantic definition that provides an

understanding at a technical and business level

(IBM, 2007) (ECM, 2009) (Vijay and Brown,

2010) (Spruit and Pietzka, 2015). Data

integration architecture to improve operational

efficiency (Oracle, 2011);

 Information Technologies: Technology of

organization supports and monitors data, it is

also aligned to the business strategy (Kalido,

2010) (ECM, 2009). Infrastructure technology

to support BI strategy (Oracle, 2011) (Dataflux

Company, 2010);

 Information Security: Enterprise-scale data

security architecture to support the integrity,

reliability and availability of data (Oracle,

2011). Policies, practices and controls to

mitigate the risks (IBM, 2007) (Dataflux

Company, 2010) (Spruit and Pietzka, 2015). It

addresses the guidelines for assigning value to

different data categories and, on that basis; it

sets the information access limits (ECM, 2009)

(Vijay and Brown, 2010).

Regarding the page layout, authors should set the

Section Start to Continuous with the vertical

alignment to the top and the following header and

footer:

 None: There is no initiative to improve

processes. Data is not valued (Oracle, 2011);

 Initial: Unpredictable process, poorly

controlled and reactive (IBM, 2007) (Dataflux

Company, 2010). Data management only by IT

(Spruit and Pietzka, 2015) (Oracle, 2011);

 Managed: Process characterized for being

manageable (IBM, 2007) (Dataflux Company,

2010). There is data management only of

certain business units (Spruit and Pietzka,

2015) (Oracle, 2011) (CMMI Institute, 2014);

 Defined: Process characterized for its

organization and for being proactive (IBM,

2007) (Dataflux Company, 2010). Business

committed to data management (Spruit and

Pietzka, 2015) (Oracle, 2011);

 Quantitatively Managed: Process that can be

measured quantitatively (IBM, 2007) (Dataflux

Company, 2010). Metrics to evaluate data

governance (Spruit and Pietzka, 2015) (Oracle,

2011);

 Optimized: It is focused on continuous

improvement of processes (IBM, 2007)

(Dataflux Company, 2010). Data governance is

a process of main business (Spruit and

Pietzka, 2015) (Oracle, 2011).

Table 1 show a comparison matrix between of

models of data governance maturity and the domains

they address. The six previously explained domains

address the associated data management basic

aspects; however, not all the models refer to them.

The MD3M (Spruit and Pietzka, 2015) and DDG

(Vijay and Brown, 2010) models have limited

approach on data and data management, but they do

not address a key aspect like IT strategies for data

support. On the other hand, Oracle (Oracle, 2011) and

DataFlux (Dataflux Company, 2010) present a more

technological approach that starts from the premise of

using technological tools to govern data properly

without addressing in detail the strategic aspects.

With regard to maturity levels, we can classify

models into two groups: those models that have made

an adaptation of CMMI levels and others which have

chosen to propose their own levels of maturity.

Regarding the models with adapted levels, the

DMM and IBM models have chosen not to modify

the definition proposed by CMMI established for

each level of maturity. While Oracle and MD3M have

made an adaptation of CMMI levels adding certain

concepts specifically associated with data

management. These four models support their choice

in that such levels of maturity belong to an already

robust and validated international model. There are

models that have proposed their own maturity levels

such as Kalido, DataFlux, ECM and DDG. The last

two are similar because they have approached

maturity levels from the initial stage where data

governance does not exist yet or is barely known, to

a level where initiative data management is based on

proactive management. While the first two, DDG and

Kalido, differ markedly from those discussed above

since they address their maturity levels with

approaches based on data management from

information centralization. Therefore, as seen in

Table 2, maturity levels each model addresses have

been standardized in order to compare these

approaches and unify the concepts per level.

After studying each model, we have finally

detected three points in which each model has

decided to address maturity levels: general approach

proposed by CMMI; an approach proposed by CMMI

adapted to the context of data governance and an

approach strictly linked to data management. No

model combines these three perspectives, which

would enrich the proposal. Finally, each model

addresses intervention assessments in different ways.

ICEIS 2017 - 19th International Conference on Enterprise Information Systems

206

Table 1: Comparative matrix of models and domains.

Table 2: Comparative matrix of maturity levels.

First, IBM, DataFlux and Kalido models are based

solely on the proposed domains and maturity levels;

they do not need to disaggregate each domain to

perform the assessment. While the other models

establish a mechanism of differentiated and detailed

assessment.

However, not all the models coincide with the

assessment mechanisms at a content level, that is

why, based on the different aspects each model

addresses, it is considered fundamental to consolidate

said key areas, components or ideas in a unique

concept called assessment criteria, which facilitates

maturity assessment for organizations. This can be

seen in Table 3.

3.2 Model

The micro finance environment presents peculiarities

that have a direct impact on data management,

starting from the personalized customer service

sought, the very strict regulatory regime to which they

are subjected, and the dynamic financial system to

which they must adapt. There is a critical issue that

characterizes the data manipulated by these

organizations, the protection of personal data

(Deloitte, 2014), and whose consideration as a

separate domain from the Information Security

domain is crucial given the context of the proposal

(Arnold, 2016).

After analyzing the existing proposals, a model is

proposed, as shown in Fig. 1. It allows integration of

the seven domains, including the domain of data

protection as a separate domain in a single frame of

reference aligned to the characteristics of the micro

financial sector and whose maturity assessment

through level standardization, results simple and

objective for micro finance organizations.

In this sense, MMGD offers the organization the

ability to be assessed in the financial sector in which

it is governed, allowing it to use it as benchmark to

learn about their deficiencies regarding competition.

In addition, this model is flexible and the organization

not only has the possibility to know its overall

maturity, but also, according to needs and / or

Models

Domains

Data

Principles

Data

Lifecycle

Data

Quality

Metadata

Information

Technology

Information

Security

Oracle (Oracle, 2011)

    

ECM3 (ECM, 2009)

   

DataFlux (Dataflux Company, 2010)

  

Kalido (Kalido, 2010)

  

DDG (Vijay and Brown, 2010)

    

IBM (IBM, 2007)

    

DMM (CMMI Institute, 2014)

  

MD3M (Spruit and Pietzka, 2015)

   

Models Maturity Levels

Oracle

(Oracle, 2011)

None Initial Managed Standardized Advanced Optimized

ECM3

(ECM, 2009)

Not

managed

Incipient Formative Operational Proactive

DataFlux

(Dataflux Company, 2010)

Undisciplined Reactive Proactive Governed

Kalido

(Kalido, 2010)

Focused on

application

Focused on

organizational

repositories

Focused on

policies

Totally governed

DDG

(Vijay and Brown, 2010)

Decentralized

Semi

centralized

Centralized Governed

IBM

(IBM, 2007)

Initial Managed Defined

Quantitatively

Managed

Optimized

DMM

(CMMI Institute, 2014)

Realized Managed Defined Measured Optimized

MD3M

(Spruit and Pietzka, 2015)

Initial Repetitive

Defined

Process

Managed and

Measured

Optimized

Data Governance Maturity Model for Micro Financial Organizations in Peru

207

circumstances, it can measure the maturity level of a

given domain independently.

Table 3: Assessment Criteria.

Domain Criteria

Data

Principles

Data Governance Objectives (Vijay and

Brown, 2010) (Oracle, 2011) (Kalido, 2010)

Roles and Responsibilities (Spruit and

Pietzka, 2015) (Oracle, 2011) (Dataflux

Company, 2010)

Policies, Principles and Guideline (Vijay and

Brown, 2010) (Oracle, 2011) (Dataflux

Company, 2010)

Organizational Culture (Vijay and Brown,

2010) (Dataflux Company, 2010)

Regulatory Compliance (Vijay and Brown,

2010) (Oracle, 2011)

Data

Lifecycle

Data planning (Vijay and Brown, 2010)

(Dataflux Company, 2010)

Data processing (Vijay and Brown, 2010)

(Spruit and Pietzka, 2015)

Data analysis (Vijay and Brown, 2010)

(Kalido, 2010)

Data preservation (Vijay and Brown, 2010)

(Kalido, 2010) (Dataflux Company, 2010)

Data Publication (Vijay and Brown, 2010)

(Spruit and Pietzka, 2015)

Metadata

Definition of metadata (Vijay and Brown,

2010) (Spruit and Pietzka, 2015)

Scope of metadata (Spruit and Pietzka, 2015)

(Kalido, 2010)

Inventory of metadata (Vijay and Brown,

2010) (Oracle, 2011) (Kalido, 2010)

(Dataflux Company, 2010)

Modelling of metadata (Vijay and Brown,

2010) (Spruit and Pietzka, 2015) (Dataflux

Company, 2010)

Information

Technology

Data Integration and Interoperability (Oracle,

2011)

Data Warehousing & Business Intelligence

(BI) (Oracle, 2011) (Kalido, 2010) (Dataflux

Company, 2010)

Information Technology Governance

alignment (Oracle, 2011) (Kalido, 2010)

Information

Security

Risk Identification and Information Security

planning (Vijay and Brown, 2010) (Oracle,

2011) (Kalido, 2010) (Dataflux Company,

2010)

Domain Criteria

Information Security responsibilities (Vijay

and Brown, 2010) (Spruit and Pietzka, 2015)

(Oracle, 2011)

Access to network management (Spruit and

Pietzka, 2015) (Oracle, 2011) (Dataflux

Company, 2010) (Kalido, 2010)

Internal Audit (Vijay and Brown, 2010)

Data

Quality

Definition of data quality (Vijay and Brown,

2010) (Spruit and Pietzka, 2015) (Oracle,

2011)

Impact on business (Spruit and Pietzka, 2015)

(Dataflux Company, 2010)

Data quality gap (Spruit and Pietzka, 2015)

(Oracle, 2011)

Data quality improvement (Vijay and Brown,

2010) (Spruit and Pietzka, 2015) (Dataflux

Company, 2010)

3.2.1 Domains

The data governance maturity model aligned to the

micro financial sector comprises seven domains, as

shown in Fig. 1. which in turn comprises seventeen

assessment criteria.

 Data Principles: The focus of this domain lies

in the general guidelines of data that exist in the

micro finance organization, which will be

greatly influenced by the regulatory framework

for establishing policy guidelines, standards

and strategies under which data management is

governed. There are five criteria to consider in

assessing this domain: Data Governance

Objectives, Organizational Culture, Roles and

Responsibilities, Regulatory Compliance,

Policies, Principles and Guideline;

 Data Quality: The definition of this domain

within the maturity model results from the

importance of accuracy, consistency and data

integrity for the organization. In a dynamic

financial sector, which in order to develop

business strategies based on analytics, poor

quality data have an impact on the organization

both operationally and strategically.

Assessment of this domain revolves around

four criteria: Definition of data quality, Impact

on business, Data quality gap and Data quality

improvement;

ICEIS 2017 - 19th International Conference on Enterprise Information Systems

208

Figure 1: Data Governance Maturity Model for Micro Finance Organizations.

 Metadata: This domain focuses on defining

data characteristics within the organization

context. In other words, the importance of this

domain in the model lies in the ability given to

the organization to enable the translation of

data content, from the repositories of storage to

a business concept up to establishing a

language and standard understanding. The

evaluation of the domain addresses four

criteria: Definition of metadata, Scope of

metadata, Inventory of metadata and Modelling

of metadata;

 Information Security: Its approach is focused

on data accessibility and control according to

the needs of use at different levels of the

organization. The importance of this lies in the

mechanisms and controls in order to ensure

confidentiality, integrity and availability of

data. This includes both the physical and

logical security of information, with which a

comprehensive framework of assessment of

this domain is provided. According to the

regulatory regime, a micro financial

organization must comply with regulations

associated with risk management and business

continuity management. Therefore, four

assessment criteria are contemplated: Risk

Identification and Information Security

planning, Information Security responsibilities,

Access to network management and Internal

Audit;

 Data Protection: Given the nature of the micro

finance sector and as mentioned above, it is

necessary to be aligned to specific regulatory

compliance for data protection (Law on

Protection of Personal Data), which allows you

to convert this in a domain apart from the

Information Security Domain. In this sense, the

assessment of this domain revolves around

three fundamental criteria: Data consent,

Recording and Data Processing and Regulation

setting;

 Information Technology: The domain

approach revolves around IT since they support

business processes and the information

produced during these. In this sense, being a

critical resource that supports data volume of

micro finance organizations, both at customers’

data and transaction level― in its various

stages such as collection, processing, storage

and distribution―it is necessary to consider it

as a key aspect in data management. Three

fundamental criteria are considered for each

domain assessment: Data Integration and

Interoperability, Data Warehousing &

Business Intelligence and Information

Technology Governance alignment;

 Data Lifecycle: The domain approach

focuses on the various stages data goes

through. The importance is that this domain

addresses a number of processes and

mechanisms to optimize the management of

data throughout its lifecycle, making it

efficient. A micro finance organization stores

historical data for analytical or other purposes;

Data Governance Maturity Model for Micro Financial Organizations in Peru

209

Figure 2: Assessment Matrix Example.

however, this domain must define when data is

outdated for business and debug redundancies

at all levels. The assessment criteria considered

are five: Data planning, Data processing, Data

analysis, Data preservation and Data

Publication.

3.2.2 Maturity Levels

The proposal regarding maturity levels is based on the

standardization of the previously studied model

levels, keeping the focus of the levels established by

CMMI and considering as a fundamental aspect the

adaptation of each of these levels to the context of

data governance in micro finance organizations.

 Initial: There is no formal governance process;

data is merely seen as a sub product of

applications and processes. The organization

has no stable environment that offers support to

processes.

 Managed: Standardized processes are in an

early stage of business. However, data

ownership and administration are defined only

in certain business units.

 Defined: It comprises standards, procedures,

tools and methods that offer consistency to the

whole organization, achieving a good

characterization and under-standing of data use

in processes.

 Quantitatively managed: Quantitative targets

are set in terms of process quality performance

and used as criteria during data management,

i.e., a statistical analysis is performed on

effective data management in the organization.

 Optimized: Process performance continuous

improvement based on quantitative

understanding of the common causes of

process variation and its impact on data,

through incremental and innovative

improvements both to processes and to the

level of technology supporting data.

3.2.3 Assessment

Reflects the level of maturity regarding data

governance in the micro finance organization, i.e., it

relates the two first components mentioned through a

matrix that serves for assessing, as seen in Fig. 2. This

assessment, by the scores obtained, shows the

representation at a results level of the application of

the model in the organization. It allows for

interpretation and identification of those results to

establish a roadmap for improvement in the micro

finance organization. Assessment takes into account

evaluation, considering the premise that each of the

domains presents a significant impact on the

sector―according to the analysis of two important

and prestigious consulting firms like KPMG and EY,

which address themes of each of the domains of the

model as critical factors and high impact for data

governance in the financial sector (KPMG, 2014)

(EY, 2011).To carry out this evaluation, in the first

place, it is fundamental to have a teamwork of four to

six people who we will call evaluators, and who must

have at least one of the following profiles in the

organization: Business architect of data, data

architect, data modeler or Information security

official.

After defining the evaluation team, the organization

is eligible to apply the data governance model, using

the respective equations seen in Fig 3., in two ways.

The first option is that the organization applies the

maturity model considering the seven domains. This

means that the final assessment, i.e., the model score

is the average of the score of each of the existing

criteria for each of the seven domains.

This is the common scenario in which a micro finance

organization is interested in knowing its real

condition and thus, it requires to be assessed

ICEIS 2017 - 19th International Conference on Enterprise Information Systems

210

Figure 3: Equations of Maturity Score.

holistically to identify the different aspects of

improvement. The second option is that the

assessment is performed only at a specific domain(s)

level; for instance, in a scenario where the

organization had suffered multiple cyberattacks and

is only interested in focusing on the Information

Security domain. If that is the case, the model

presents flexibility in its application and the

Assessment permits reflecting only the score of

maturity for such domain, which is called domain

score.

Finally, in both model application cases, the

organization is able to interpret the scores of each

result based on Table 4, which permits concluding at

what maturity level it is regarding its data governance

and management.

Table 4: Score Equivalences

Score Maturity Level

0 > Score <= 1 Level 1: Inicial

1 > Score <= 2 Level 2: Managed

2 > Score <= 3 Level 3: Defined

3 > Score <= 4 Level 4: Quantitavely Managed

4 > Score <= 5 Level 5: Optimized

4 VALIDATION

In this stage, the validation process has four steps:

Planning, Application Model, Diagnostic and the

Analysis of the Results. In planning the validation

process, we address two fundamental aspects: scope

of validation and micro finance and work team for the

case study. With regard to the scope of validation,

only 4 of the model domains have been considered:

Data Principles, Metadata, Data Quality and

Information Technology due to the limitations in

terms of time and resources. On the other hand, as per

the case study, we worked with a micro-finance we

will call ABC micro finance organization to protect

its information. ABC micro finance organization aims

to promote sustainable and inclusive economic and

social development for economically disadvantaged

people through the use of responsible finance. The

organization is as a leader in the sector in Peru and

has over half a million customers in its portfolio,

about three thousand employees and approximately

153 offices in the country.

In addition, for this validation process, we worked

collaboratively with the micro finance organization,

which offered us a team of four people with the

following profiles: Data Architect, Information

Security Analyst, Data Manager and Quality Data

Analyst to support us with data collection for the

corresponding evaluation.

Table 5: Maturity Score of Domains.

Domain Score

Data Principles 2.86

Data Lifecycle 2.55

Metadata 3.46

Information Technologies 2.47

Table 6: Maturity Score of Evaluation Criteria.

Domain Criteria Score

Data

Principles

Data Governance Objectives 4.45

Roles and Responsibilities 3.25

Policies, Principles and

Guideline

2.45

Organizational Culture 1.45

Regulatory Compliance 2.70

Data

Lifecycle

Data planning 3.25

Data processing 1.70

Data analysis 1.45

Data preservation 4.10

Data Publication 2.25

Metadata

Definition of metadata 2.25

Scope of metadata 3.45

Inventory of metadata 3.70

Modelling of metadata 4.45

Data Governance Maturity Model for Micro Financial Organizations in Peru

211

Table 6: Maturity Score of Evaluation Criteria (Cont.).

Domain Criteria Score

Information

Technology

Data Integration and

Interoperability

2.45

Data Warehousing & Business

Intelligence (BI)

3.25

Information Technology

Governance alignment

1.70

Once the planning stage is consolidated, the

application of the model consists in each of the four

members of the team making the corresponding

evaluation, as shown in Table 5, in order to obtain the

weighting of each criterion or domain of the proposed

model; i.e., at the end of the model application we

must have four evaluations independent from each

other.

The purpose of this is to have the four

perspectives and be able to objectively define the

diagnosis of maturity for the organization.

The definition stage of the diagnosis arises from the

consolidation of the four evaluations in a single

matrix that allows us to distinguish the level of

maturity per evaluation criterion. This consolidation

is made based on the corresponding formulas for

detecting scores of criteria, domain and model which

helped us detect that the level of maturity of the

organization is currently 2.84, i.e., the organization is

at Level Three Defined. Likewise, in Tables 5 and 6,

we can observe the score on a disaggregated basis by

domain and evaluation criteria.

Finally, once we have the diagnosis of the

organization, we can start the analysis stage of results

that allows to provide feedback about data

management for the micro financial organization.

Analysing the results, we can identify relevant

aspects, as seen in Fig, 5., the domain with the best

performance and what it represents, the greater

positive change compared with the overall score is the

Metadata domain. On the other hand, Information

Technologies is the domain that has the lowest score,

this means that the organization should focus on

improving this aspect.

Also, a higher level of detail can be seen in Fig.

6., the representation of the maturity level score for

all criteria evaluated in the organization, from this

perspective the criteria of organizational culture and

alignment to IT governance are the ones that reflect

less maturity, and conversely, the criteria with the

highest score of maturity are data governance and

data modelling. Finally, given these results, the

organization must choose to establish a management

to start improving the governance of its data, in Fig.

6, it can see the score for each criterion identified,

those with a low level of maturity, which means they

must have a high priority of short-term management.

The data governance maturity model for micro

finance organizations differs from existing models

based on three aspects. First, it offers a

comprehensive panorama regarding environment

domains, i.e., it consolidates the main domains or

general aspects to consider regarding data

governance. Second, it provides the organization with

a consistent standardization of existing concepts for

maturity levels, based on a robust model as CMMI,

but aligned with data governance context. Finally, the

model is aligned to the characteristics governing the

micro finance sector at present. Even though it is true

that there are proposals to evaluate data governance

in an organization, these are general and not aligned

with the particular requirements of a specific category

or segment.

Figure 5: Representation of the score per domain.

ICEIS 2017 - 19th International Conference on Enterprise Information Systems

212

Figure 6: Representation of the score per assessment criteria.

5 CONCLUSIONS

In this paper, we have analysed the existing data

governance maturity models, identifying its

weaknesses and strengths, and from there, we

proposed a consistent model of data governance

maturity, which is based on the integration of

domains, the standardization of maturity levels, the

consolidation of evaluation criteria, and the

alignment of the micro finance sector.

The data governance maturity model for micro

finance organizations comprises seven domains,

seventeen evaluation criteria and five maturity levels.

Each of these components has been addressed

considering the study case sector. In addition, this

model was complemented with what we call

Assessment, which is defined as the representation at

the level of results of the model application in the

micro finance organization.

The application of the model permitted the micro

finance organization to evaluate its maturity level,

taking into account its sector in an objective and easy

manner since it only requires commitment of its team

in order to know the real state of its management and

thus, subsequently, be able to set priorities to manage

action plans regarding the diagnosis of the maturity

obtained.

REFERENCES

Soares, S. (2010). The IBM Data Governance Unified Process:

Driving Business Value with IBM Software and Best

Practices.1st edition. Ketchum: MC Press.

World Vision (2014). Economic Development. [Online].

Available at: http://m.worldvision.org/content/economic-

development?&origin=www.worldvision.org%2Four-

impact%2Feconomic-development [Accessed 16 July

2016].

EY (2014). Big Data Changing the way businesses compete and

operate. [Online]. Available at: http://www.ey.com/

Publication/vwLUAssets/EY_-

_Big_data:_changing_the_way_businesses_operate/%24FI

LE/EY-Insights-on-GRC-Big-data.pdf [Accessed 19 July

2016].

The Guardian (2014). New Digital Universe Study Reveals Big

Data Gap. [Online]. Available at: http://www.emc.com/

about/news/press/2012/20121211-01.htm [Accessed 20

July 2016].

Ponemon Institute and IBM. (2015). The cost of data breach

study: Global Analysis. [Online]. Available at: http://www-

01.ibm.com/common/ssi/cgi-

bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03

053WWEN&attachment=SEW03053WWEN.PDF

[Accessed 22 July 2016].

Aiken, P., Allen, D., Parker, B., and Mattia, A. (2007).

Measuring Data Management Practice Maturity. IEEE

Computer Society, 42, pp. 43-50.

Spruit, M. and Pietzka, K. (2015). MD3M: The master data

management maturity model. Computers in Human

Behavior, 51, pp. 1068-1076.

IBM (2007). Data Governance Council Maturity Model:

Building a roadmap for effective data governance. [Online].

Available at: https://www-935.ibm.com/services/uk/

cio/pdf/leverage_wp_data_gov_council_maturity_model.p

df [Accessed 24 July 2016].

Informatica (2015). Transforming financial institutions through

data governance. [Online]. Available at:

https://now.informatica.com/en_transforming-financial-

institutions-through-data-governance_white-

paper_2882.html#fbid=gt6PYccHzOO [Accessed 26 July

2016].

Data Governance Maturity Model for Micro Financial Organizations in Peru

213

Wende. K. (2007). A model for data governance – organizing

accountabilities for Data Quality Management. ACIS

Proceedings, 19, pp. 417-425.

Weber, K., Otto, B. and Osterle, H. (2009). One size does not fill

all: A contingency approach to data governance. ACM

Journal of Data and Information Quality, 1(4), pp. 1-27.

Vijay K. and Brown, C. (2010). Designing Data Governance.

Communication of the ACM, 53, pp. 148-152.

Malik, P. (2015). Governing Big Data: Principles and practices.

IBM Research Journal, 57(3), pp.1-20.

Zhu, H., Madnick, S., Lee, Y., Wang, R. (2014). Data and

Information Quality Research: Its Evolution and Future.

Computing Han book: Information Systems and

Information Technology, 3, pp. 16.1-16.20.

Gestion (2015). Microfinance and its decentralization role.

[Online]. Available at: http://gestion.pe/mercados/

microfinancieras-y-su-rol-descentralizador-2138997

[Accessed 22 July 2016].

Deloitte. (2014). Personal Data Protection Law: Practical

Approach. [Online]. Available at:

https://www2.deloitte.com/content/dam/Deloitte/pe/Docum

ents/risk/ley_n29733_la_experiencia_implementacion.pdf

[Accessed 20 March 2016].

Arnold, M. (2016). Insurance broker warns on financial groups’

cyber-attack cover. Financial Times. [Online]. Available at:

https://www.ft.com/content/93b7eabc-1bb4-11e6-8fa5-

44094f6d9c46 [Accessed 20 April 2016].

KPMG (2014). Governing Strategies for managing data

lifecycles. [Online]. Available at: https://www.kpmg.com/

ES/es/ActualidadyNovedades/ArticulosyPublicaciones/Do

cuments/frontiers-finance-governance-strategies-managing-

data-lifecicle.pdf [Accessed 18 June 2016]

EY (2011). Data Loss Prevention Keeping your sensitive data

out of public domain. [Online]. Available at:

http://www.ey.com/Publication/vwLUAssets/EY_Data_Lo

ss_Prevention/$FILE/EY_Data_Loss_Prevention.pdf

[Accessed 18 June 2016].

Oracle (2011). Enterprise Information Management: Best

Practices in Data Governance. [Online]. Available at:

http://www.oracle.com/technetwork/articles/entarch/oea-

best-practices-data-gov-400760.pdf [Accessed 16 June

2016].

DataFlux Company (2010). Data Governance Maturity Model.

[Online]. Available at: http://www.fstech.co.uk/fst/

whitepapers/The_Data_Governance_Maturity_Model.pdf

[Accessed 10 June 2016].

CMMI Institute (2014). Data Governance Maturity Model.

[Online]. Available at: http://www.fstech.co.uk/fst/

whitepapers/The_Data_Governance_Maturity_Model.pdf

[Accessed 9 June 2016].

Kalido (2010). Kalido Data Governance Maturity Model.

[Online]. Available at: http://docplayer.net/2788287-

Kalido-data-governance-maturity-model.html [Accessed 15

June 2016].

ECM (2009). Enterprise Content Management Maturity Model

- ECM3. [Online]. Available at: http://mike2.

openmethodology.org/wiki/ECM_Maturity_Model_(ecm3

)#_note-ftn3 [Accessed 12 June 2016].

ICEIS 2017 - 19th International Conference on Enterprise Information Systems

214