Information Management Maturity Assessment

These survey questions should be completed with your first estimate probably being accurate. High impact questions
are confirmed with alternative wording. Answer each question using the drop-down list to select an answer from
0 (never) through to 5 (always). Where there is a clear "yes" across the organisation score 5 and where there is a clear
"no" score 0. Comments are not required and should only be used by exception to clarify your answer.
More information about the survey is available at www.openmethodology.org

Organisation Name

# Questions Response
1 Do Internal Audit functions adhere to documented Data Management 0 - Never
principles?
2 Is the Information Management capability of the organisation 0 - Never
regularly compared to any industry or best practice measures (such
as this one)?
3 Does the organisation participate in (and value) industry or 0 - Never
professional Information Management forums and training?
4 Are people assigned to review and manage common data interfaces 0 - Never
or services (such as enterprise metadata, definitions and APIs)

5 Is compliance with enterprise data standards valued as part of 0 - Never

project performance reviews?
6 When information is communicated, does it include references for 0 - Never
the source of information?
7 Is the importance of information, standards and quality 0 - Never
communicated by senior executives?
8 Do metrics roll-up through the organisation? 0 - Never
9 Are executive KPIs reviewed in the context of the quality of the 0 - Never
information used to support them?
10 Are executive KPIs populated from strategic data sources? 0 - Never
11 Are executive decisions based on data rather than intuition? 0 - Never
12 Is published analysis referenced back to source? 0 - Never
13 Are front-line staff rewarded for collecting high quality data? 0 - Never
14 Is the transaction time required to collect quality data recognised in 0 - Never
KPIs for call centre or other customer staff?
15 Are people allowed sufficient time and authority to take ownership of 0 - Never
data?
16 Do executives understand what it means to be assigned as a "data 0 - Never
owner"?
17 When wrong information is communicated in critical forums, is there 0 - Never
a consequence for executives who have data ownership
responsibilities?
18 Is the quality of information published in reports (internal and 0 - Never
external) explicitly measured and included in the report?
19 Does a senior executive have responsibility for the organisation's 0 - Never
Information Management and Quality strategy?
20 Does the board have visibility of the Information Management and 0 - Never
Quality strategy?
21 Is there an enterprise approach to data standards? 0 - Never
22 Are data stewards allocated resources and authority? 0 - Never
23 Have the majority of ‘data managers’ have undertaken some form of 0 - Never
formal data management training or certification
24 Are point of entry validations in place? 0 - Never
25 Is critical data confirmed through peer review? For instance, when 0 - Never
an investment business case is presented with supporting data, is
that data independently verified by independent analysts (internal or
external)?
26 Are automated reconciliations or triangulation in place for critical 0 - Never
data?
27 Are good data practices rewarded? 0 - Never
28 Are managers who follow good data practices recognised by the 0 - Never
leadership team?
29 When a manager achieves a good business outcome at the expense 0 - Never
of good data (by taking shortcuts or otherwise) is this penalised by
the executive team?
30 Are data issues reviewed in-line with audit principles? When a 0 - Never
problem is discovered in data from a non-ledger source is this
handled in the same or similar way to a problem with data in the
financial systems? Is there a documented audit process for the
review of non-ledger data issues?
31 When the organisation interacts with multiple people from the same 0 - Never
household, is the relationship within the household consistently
understood?
32 Is Master Data identified as an organisational priority? 0 - Never
33 Is data privacy given priority in staff training? 0 - Never
34 Are staff clear on their obligations to protect personal information? 0 - Never

35 Are good security practices monitored? 0 - Never

36 Do audit policies include the review of non-ledger data? 0 - Never
37 Do all reports claiming to provide information in support of key 0 - Never
business decisions require reference back to their source data
definitions?
38 Does the organisation strictly adhere to the concept of one data term 0 - Never
having one meaning across the enterprise?
39 Is a communication strategy in place for a security breach? 0 - Never
40 Is a communication strategy in place for a privacy breach? 0 - Never
41 Are new data policies effectively publicised and communicated 0 - Never
throughout the organisation?
42 Are ETL or EAI policies defined? (For instance, when data should be 0 - Never
moved with particular technologies and what standards should be
met.)
43 If ETL/EAI policies exist, are they put into practice and periodically 0 - Never
reviewed?
44 Have policies been created to require data items to have an 0 - Never
executive owner?
45 Are policies followed requiring data items to have an executive 0 - Never
owner?
46 Are policies in place for data quality metrics and accountability? 0 - Never
47 Is accountability for data quality assigned? 0 - Never
48 Is data quality monitored as a matter of policy? 0 - Never
49 Are data quality standards defined as part of wider business 0 - Never
policies? (For instance, do policies requiring decisions based on
reporting metrics make reference to data quality or confidence?)
50 Are data standardisation policies defined? (Note, the data 0 - Never
standardisation refers to the processing of inconsistent capitalisation,
fragmentation or other formatting issues. For example one system
might refer to "JOHN X SMITH" while another has three fields
"John", "X", "Smith")
51 Are data standardisation policies implemented? (Note, the data 0 - Never
standardisation refers to the processing of inconsistent capitalisation,
fragmentation or other formatting issues. For example one system
might refer to "JOHN X SMITH" while another has three fields
"John", "X", "Smith")
52 Are there any IM security procedures and/or policies defined? 0 - Never
53 Are company executives aware of the importance of Information 0 - Never
Management?
54 How much support and/or sponsorship do company executives 0 - Never
provide for IM?
55 Is there a defined IM issue and risk identification process? 0 - Never
56 Are information issues and risks appropriately managed? 0 - Never
57 Are data definitions required to be consistent between business 0 - Never
divisions?
58 Is business accountability defined for Master Data? 0 - Never
59 Is there a standard application/tool/platform policy defined for 0 - Never
technologies that affect the use of information? For instance, have
standard data integration, database and Business Intelligence tools
been defined?
60 Are IM privacy standards maintained and defined? 0 - Never
61 Are privacy policies regularly reviewed and redefined as information 0 - Never
grows/expands within the organisation?
62 Are there defined data profiling/measurement standards? 0 - Never
63 Are data profiling/measurement standards constantly reviewed and 0 - Never
redefined?
64 Are there standards and definitions to assist staff responsible for 0 - Never
Information Management to identify gaps in datasets (for instance
definition, data coverage or integration)?
65 How often are IM security policies reviewed? 0 - Never
66 Are common interface data definitions used to describe data 0 - Never
standards to business partners?
67 Are accepted data standards used for B2B interfaces? 0 - Never
68 Are third-party maintained technology interfaces used for B2B 0 - Never
interfaces?
69 Is standard data validation or error detection technology deployed? 0 - Never

70 Does the organisation have an enterprise standard data cleansing 0 - Never

technology?
71 Do technology systems utilise or subscribe to common data models? 0 - Never

72 Are common data modelling tools used throughout the organisation? 0 - Never

73 Are common data model standards imbedded in data modelling tool 0 - Never
usage instructions?
74 Has the organisation published technology standards for interfacing 0 - Never
systems?
75 Is a common "data bus" or middleware implemented throughout the 0 - Never
organisation?
76 Are the technology interfaces such that business stakeholders can 0 - Never
easily apply data analysis tools to common data repositories?

77 Are business users able to implement specialist data analysis tools 0 - Never
as needed without excessive technology redevelopment?
78 Does the organisation use formal technology design patterns for data 0 - Never
capture and data management? (Note, a design pattern is a formal
way of documenting a solution option for a design problem.
Generally organisations define one or more acceptable solutions to
specific technology and business problems.)
79 Does the organisation have formal design patterns for data quality 0 - Never
and data cleansing? (Note, a design pattern is a formal way of
documenting a solution option for a design problem. Generally
organisations define one or more acceptable solutions to specific
technology and business problems.)
80 Are there formal technology standards for storing, indexing and 0 - Never
cataloguing data?
81 Are data movements between systems executed by either ETL (for 0 - Never
batch) or EAI (for real-time) technology?
82 Are data quality metrics calculated using consistent data quality 0 - Never
software?
83 Are common data standardisation technologies used across the 0 - Never
organisation? (Note, the data standardisation refers to the
processing of inconsistent capitalisation, fragmentation or other
formatting issues. For example one system might refer to "JOHN X
SMITH" while another has three fields "John", "X", "Smith". The
technology used might consistently reformat names to remove
unnecessary capitalisation and identify different fields.)

84 Is there a common data standardisation architecture in place? (For 0 - Never

instance, is the common handling of names defined such that it can
be imbedded in every data capture and movement?)
85 Do you equip business executives with common dashboards to 0 - Never
review data quality or other data issues?
86 Is a common Business Rules Engine used for data validation or other 0 - Never
checks?
87 Is the organisation enabled to have a single view of the customer 0 - Never
across the business?
88 Is there an enterprise metadata management technology in place? 0 - Never

89 To what extend does your organisation utilise formal (recognised?) 0 - Never

data standards - for data entry, data cleansing, data integration?

90 Are there appropriate data management process and technological 0 - Never

infrastructure in place to enable metadata management practices
across the business?
91 Is there a standard metadata model used across the business? 0 - Never
92 Are data standards embedded in enterprise technology decisions? 0 - Never

93 Is a standard data profiling toolset deployed across the organisation? 0 - Never

94 Are data security and logs managed centrally? 0 - Never

95 Are data feeds and reports timely and accurate enough to address 0 - Never
auditing and regulatory compliance rules?
 96 Does the organisation regularly examine business rules and data 0 - Never
definitions to conform to compliance regulations?
97 In meeting audit, regulatory, privacy and other compliance reporting 0 - Never
are data quality metrics consistently reviewed?
98 Is compliance (regulatory, audit, privacy and other) data easily 0 - Never
accessible, timely and fit for purpose?
99 Is data which is used for compliance reporting also consistently 0 - Never
analysed for trends and other insights?
100 Compliance data has a disproportionate business impact, is 0 - Never
adequate focus put on security and controls for these datasets?
101 Is there a formal process in place to address compliance, risks and 0 - Never
issues?
102 Are formal Information Management Service Levels defined for 0 - Never
critical compliance related data (audit, regulatory, privacy and other)?

103 Does Information Management governance have sufficient data 0 - Never

subject breadth and depth to adequately meet the organisation's
regulatory, financial, privacy and other compliance obligations?
104 Does the organisation use industry data to benchmark data quality 0 - Never
measures?
105 Are data quality metrics consistently reported and benchmarked? 0 - Never

106 Does the data quality strategy of the organisation encourage 0 - Never
quantitative measures to be reported?
107 Is there executive level support/input in managing and updating 0 - Never
performance metrics across the organisation?
108 Does the organisation put adequate focus on measuring data trends 0 - Never
and performance?
109 Does the business have adequate data profiling capability? 0 - Never
110 Are these tools easily accessible to the organisation and how often 0 - Never
are they used?
111 Do metadata definitions adequately describe the quantities and 0 - Never
subtle business rules that affect the values held within fields? (For
example, the inclusion or exclusion of taxes.)
112 Are there documented rules and processes regarding the frequency 0 - Never
and standard of data cleansing?
113 Are data interfaces with external parties monitored and reported? 0 - Never
(For instance, recording of new reference data entries received,
transaction volumes etc.)
114 Are data validation and audits completed for critical datasets? 0 - Never
115 Is a formal methodology utilised to assess how well data is managed 0 - Never
within the organisation?
116 Are any processes, methods or best practices embedded to help 0 - Never
cleanse data?
117 Are common data models consistently governed and managed within 0 - Never
the organisation?
118 Is a common approach used to communicate issues, processes and 0 - Never
updates regarding data and its governance?
119 Are dashboard or other common publication channels utilised to 0 - Never
distribute data analysis and metrics throughout the organisation?
120 Are there formal processes or methods for analysing data? 0 - Never
121 To what extent does the organisation use formal processes to 0 - Never
manage data capture and management?
122 Are standard methods, processes or procedures used to develop 0 - Never
data interfaces (both ETL and EAI)?
123 Are processes and practices are deployed to define executive 0 - Never
accountability for data?
124 Are Data Quality measures consistently recorded and compared? 0 - Never

125 Does the organisation deploy data standardisation practices in a 0 - Never

consistent way?
126 Are methods are defined and utilised to help drive stewardship as 0 - Never
the organisation matures around data within the organisation?
127 Do the group or divisional leadership teams consider data 0 - Never
management process changes (rather than delegate to lower line
levels)?
128 Does the organisation consistently identify and manage data issues? 0 - Never

129 Is a Master Data Management process or method employed in the 0 - Never

organisation?

130 To what extent are enterprise metadata management governance 0 - Never

processes embedded into the organisation?
131 Are privacy practices and processes consistently adopted within the 0 - Never
organisation?
132 To what extent are processes embedded into the organisation to 0 - Never
measure and profile data?
133 Are data risks and issues consistently managed within the 0 - Never
organisation?
ssessment
accurate. High impact questions
ist to select an answer from
score 5 and where there is a clear
larify your answer.

Dummy Ltd

Comment