Carnegie Mellon Tackles Data Management Maturity Model for Finance

The institution known for trying to make the world's organizational processes more effective through its introduction of the Capability Maturity Model Integration (CMMI) is at it again--this time specifically to improve the processes behind financial management. The Carnegie Mellon Software Engineering Institute (SEI) and the Enterprise Data Management (EDM) Council are teaming up to create a new data management maturity model for the financial industry. The new model will be designed to define the components of data management at the specific business-process level so that financial organizations can assess themselves against documented best practices.

The SEI and EDM Council will collaborate on development of this new model to help the financial industry become more proficient in its management of data and to provide a consistent and comparable benchmark for regulatory authorities in their efforts to control operational risk. Using the process areas found in CMMI and the CERT Resiliency Management Model, the entities will collaborate to develop the framework and accompanying assessment methodology that can be adopted by financial organizations worldwide.

"While many executive managers conceptually understand the importance of data management, there are very little practical experiences and no proven operational route map to guide them on their journey," said Mike Phillips, manager of CMMI initiatives at the SEI. "With our experience in developing capability models and EDM Council's extensive knowledge of data management, we are confident that the new model will serve as the much needed roadmap for financial institutions."

"The Data Management Maturity Model initiative will provide a measurable benchmark for evaluating the efficiency of data management practices, the maturity of operational integration, and the establishment of essential standards and data definitions," said John Muholland, global head of reference data for RBC Financial Group and a director of the EDM Council. "The DMM will not only help guide and measure a firm's providence over their own data quality processes and governance structures, it will provide consistent criteria to measure the services of external providers."

Michael Atkin, managing director of the EDM Council, agreed that efficient business operations and effective oversight are compromised when data management processes are managed on a manual and reactive basis. "All too often, data exists in unconnected spreadsheets using multiple formats and inconsistent definitions--and integration is frequently done tactically in response to immediate business requirements," said Atkin. "As a result, data quality varies widely among business units, data failures occur with regularity, and cross-functional views of risk are difficult to obtain."

To assist in their research, development and piloting efforts, the SEI and EDM Council are seeking input from financial organizations so that the research can be applied to real-world situations.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • university building with classical architecture is partially overlaid by a glowing digital brain graphic

    NSF Invests $100 Million in National AI Research Institutes

    The National Science Foundation has announced a $100 million investment in National Artificial Intelligence Research Institutes, part of a broader White House strategy to maintain American leadership as competition with China intensifies.

  • black analog alarm clock sits in front of a digital background featuring a glowing padlock symbol and cybersecurity icons

    The Clock Is Ticking: Higher Education's Big Push Toward CMMC Compliance

    With the United States Department of Defense's Cybersecurity Maturity Model Certification 2.0 framework entering Phase II on Dec. 16, 2025, institutions must develop a cybersecurity posture that's resilient, defensible, and flexible enough to keep up with an evolving threat landscape.

  • blue AI cloud connected to circuit lines, a server stack, and a shield with a padlock icon

    AI Security Controls Lag Behind Adoption of AI Cloud Services

    Nearly nine out of 10 organizations are already using AI services in the cloud — but fewer than one in seven have implemented AI-specific security controls, according to a recent report from cybersecurity firm Wiz.

  • Training the Next Generation of Space Cybersecurity Experts

    CT asked Scott Shackelford, Indiana University professor of law and director of the Ostrom Workshop Program on Cybersecurity and Internet Governance, about the possible emergence of space cybersecurity as a separate field that would support changing practices and foster future space cybersecurity leaders.