The ActiveNav team always looks forward to ARMA International's annual Information Governance (IG) Maturity Index Report; this year's 2023 report was no different. The report provides a "point-in-time measurement of the maturity of organizations' IG programs" derived from survey responses from across the IG community and usually provides some interesting data points for consideration.


It's a Matter of Leadership

My most significant finding this year was the declining maturity in Information Governance (IG) leadership. There was a 10% decrease from 53% compared to the previous year and a substantial 19.3% decrease from the initial report in 2019. This decline reflects the reduced number of organizations that have established an IG Steering Committee function:

"Individuals and/or a group are identified and tasked with making IG decisions, and they have enough authority or influence to guide the organization's basic IG decisions. The IG governing body may be informal, with key stakeholders consulted as needed or reactively."

As with any maturity model, it's easy to lose perspective on what the levels look like in real life. Generally, I think of level 3 as 'normal.' That is the level that one might reasonably expect to meet without some exceptional concerted effort to acknowledge the demands of a real-life organization. In this case, the sad reality is that standards for leadership appear to be falling, and you could perhaps consider yourself lucky to be in an organization with even informal IG leadership. This begs the question, "Who is looking after the data?" at an organizational level, and "How can stakeholders be assured about the risk or liability hidden in that data?" let alone its potential value.

I've written before about the key role of leadership, but frankly, it's not rocket science to know that anything without leadership is unsustainable.

IT and Technology Still Holds the Biscuit?

Maybe this is a bit of a stretch directly from the report, but if I add my own experience, I can infer that the domains where IT has a strong contribution are established at a far higher rate (capabilities 66.4%, authorities 61.5%, architecture 59% and infrastructure 72.1%). These areas cover significant technology elements, from APIs and security through IT architecture to information access and protection, suggesting that reported maturity is perhaps disproportionately influenced by activities outside of IG. That's not to say that their inclusion is inappropriate; rather, I'm highlighting the continued preference for organizations to favor technology over the people and process aspects of governance.

What Gets Measured Gets Done

RAFBack in my military days, we used the saying "what gets measured gets done", referring to the fact that metrics grab attention and tended to drive action. The saying was used with some cynicism back then (some 25 years ago). Still, it speaks to the merit of data-driven action, and, these days, it strikes me as an important component of any undertaking, especially in a business environment. Working through this year's report (it always takes me a while to get reacquainted), I can see that benchmarking falls under the Procedural Framework domain but doesn't appear in the maturity scale until level five "Metrics and benchmarking results are being used to inform decision-making". As I suggested earlier, level three is what one might reasonably expect, and, by contrast, level five represents an exceptional position where one would expect to find very few organizations.

This is the part that challenges me most of all. When I first got involved with information compliance and governance in the Royal Air Force's command headquarters, my first thought was to determine how to measure what was happening across our bases and deployments. This strikes me as good common sense and a key component for addressing leadership challenges. In short, why should any effort expect significant leadership buy-in unless it can present some evidence of the problem it solves or the value it might create?

Maybe this presents the IG community with its biggest challenge. How does it become more relevant and make the case for leadership? After all, if the benefits are clear, then leadership should follow.

With this in mind, we strive every day to help our customers move toward a state of Zero Dark Data. This is the epitome of information measurement and benchmarking when an organization understands its data assets so that it can direct its governance efforts, mitigate issues, and exploit opportunities as part of a sustained effort over time. With that in mind, we'll be taking this report to heart and asking ourselves, "How can we help IG teams improve on this position?"

Congrats to the ARMA International Team for this effort over the past five years. It's reached an impressive level of professionalism, which speaks to the diligence of everyone involved.