Benchmark: where organizations stand on data and AI governance
Drawing on patterns we see across engagements, this benchmark sets out where organizations typically stand across data governance, AI governance, model risk and cloud cost, and what separates the leaders from the rest.
The gap between belief and reality
When organizations assess their own data and AI governance maturity, a striking pattern emerges: almost all of them rate themselves higher than the evidence supports. This is not dishonesty. It is the natural consequence of confusing the existence of a framework with the operation of a capability. An organization that has a governance policy, a committee, and a set of conscientious people genuinely feels governed, and is surprised, sometimes shocked, to discover under scrutiny how little of that felt-governance is actually operating.
This benchmark draws on the patterns we see across engagements to describe where organizations typically stand across four related capabilities, data governance, AI governance, model risk, and cloud cost, and, more usefully, what separates the organizations that are genuinely mature from the majority that believe they are. It is offered not as a league table but as a mirror: a way for an organization to locate itself honestly and to see the specific gap between where it thinks it is and where it actually is.
The consistent finding, across sectors and capabilities, is that the gap is rarely a lack of technology and almost always a lack of operating capability. Organizations have bought tools, written policies, and formed committees. What they have not done, in most cases, is wire governance into the daily work so that it operates continuously and produces evidence automatically. The benchmark below is, in effect, a map of that gap.
The gap between where organizations think they are and where they actually are is rarely technological. It is the gap between having a framework and operating a capability.
Benchmark in one view
The four capabilities, and where most sit
Consider each of the four capabilities in turn, with the typical starting position that most organizations occupy and the specific shortfall that defines it. The pattern across all four is the same, framework present, operation absent, but the details differ, and seeing them concretely helps an organization recognize itself.
Data governance
Most organizations have a data governance framework: ownership defined on paper, a glossary started, quality and lineage aspired to. What most lack is operation: owners who actually exercise ownership, quality rules that actually run and catch problems, lineage that is actually maintained and trusted rather than documented once and left to rot. The typical organization sits at the level where governance exists as structure but has not changed how data is produced, checked, and trusted in daily work.
The gap here is visible the moment someone asks a simple question, can you trust this number, and where did it come from? In a genuinely governed organization, the answer is immediate and evidenced. In the typical one, it triggers an investigation, which is itself the finding: governance that cannot answer the basic question of trust and provenance on demand is governance that exists but does not operate.
AI governance
AI governance is typically the least mature of the four, because it is the newest and the fastest-moving. Most organizations have, at best, a policy and an emerging awareness. Few have a complete inventory of the AI and models actually in use, fewer still have controls embedded in the model lifecycle, and fewer again can produce evidence of those controls on demand. The typical position is AI used but not fully governed, with real exposure sitting in models that no central function fully sees.
The distinguishing question here is coverage: what share of the AI actually in use is inventoried, tiered, and under active control? The typical answer, when honestly determined, is uncomfortably low, because shadow AI proliferates faster than governance extends to cover it. The organizations that stand out are those that have made AI governance operate, with a live inventory maintained by the deployment process itself and controls that produce evidence automatically.
Model risk
Model risk management is more mature in heavily regulated financial institutions, where it has a long history, and much less mature elsewhere, and even where it is established it often has not adapted to AI and machine-learning models. The typical position is that models are validated at points in time, at approval, rather than governed across their whole lives, so that a model which degrades or drifts after approval is not caught until it causes a problem. Continuous monitoring, as opposed to point-in-time validation, is the frontier most organizations have not crossed.
The gap is between validation as an event and model risk as a lifecycle. A model validated once and then left unmonitored is governed only at the moment of approval, and models do not stay static, they drift, degrade, and encounter data they were not built for. The mature organizations govern models across their lives, with monitoring that catches degradation, while the typical organization validates and then looks away.
Cloud cost
Cloud cost governance, or FinOps, follows the same pattern in a different domain. Most organizations can see their total cloud spend but cannot attribute it well to teams, products, or decisions, and have few guardrails that prevent waste before it happens. The typical position is visibility without control, a large number that everyone can see and no one can fully explain or steer, growing faster than anyone intends.
The gap here is between seeing spend and governing it. Attribution, the ability to tie cost to the team or product that incurred it, is what turns a mysterious total into an accountable one. Guardrails, controls that prevent waste before it happens rather than reporting it after, are what turn visibility into control. The mature organizations have both; the typical one has a dashboard showing a number that keeps rising.
What separates the leaders
Across all four capabilities, the organizations that are genuinely mature share a small set of characteristics, and these characteristics, rather than any specific tool or framework, are what distinguish them. Understanding them tells an organization not just where it stands but what it must do to advance.
First, leaders have made governance operate rather than merely exist. Their controls run in daily workflows and produce evidence automatically, so that governance is a continuous property of how work is done rather than a periodic activity performed alongside it. This is the single largest differentiator, and it is available to any organization willing to do the unglamorous work of embedding controls where the work actually happens.
Second, leaders treat evidence as a by-product rather than a project. Because their controls emit artifacts when they run, they can answer the question of demonstrable control at any moment without a scramble. This is what lets them pass scrutiny calmly while the typical organization assembles evidence under pressure. Third, leaders track coverage honestly, knowing what share of their estate is actually governed and treating the ungoverned remainder as a known risk rather than an invisible one. And fourth, leaders connect their four capabilities rather than running them in silos, recognizing that data governance underlies AI governance, that model risk depends on data quality, and that cloud cost governance shares the same operating discipline as the rest.
Locating yourself honestly
The value of a benchmark is in the honest self-location it enables, and honesty here requires resisting the natural tendency to credit intention as achievement. The right test for each capability is not whether a framework exists but whether the capability operates and can be evidenced. Ask, for each: can we produce, on demand, the evidence that this capability is running? For data governance, can we show trust and provenance for a number? For AI governance, can we show the inventory and the controls? For model risk, can we show continuous monitoring, not just approval? For cloud cost, can we show attribution and guardrails, not just a total?
An organization that answers these honestly will usually find itself lower than it believed, and that discovery, uncomfortable as it is, is the beginning of genuine progress. The organizations that advance are the ones that face the gap between belief and reality squarely, rather than the ones that maintain a comfortable self-assessment that scrutiny would puncture.
Governance maturity self-assessment
Score each capability honestly on whether it exists, operates, and is evidenced. Most organizations land lower than they believe.
Most organizations score lower than they expect, because they credit having a framework as maturity. Move each capability from framework to operating to evidenced, in that order.
The self-assessment above is deliberately simple, scoring each capability on whether it exists, operates, and is evidenced. Its purpose is not precision but honesty: to make visible the gap between the framework an organization has and the operating, evidenced capability it needs. Wherever the score lands, the path forward is the same, move each capability from existing to operating to evidenced, in that order, because a capability that operates but is not evidenced still fails scrutiny, and a capability that is evidenced but does not really operate is a fiction that will eventually be exposed.
From benchmark to progress
A benchmark is only useful if it drives action, and the action it should drive is specific: identify the capability with the largest gap between belief and reality, and make it operate before improving anything that already does. Most organizations spread governance effort thinly across all four capabilities and advance none of them decisively. The leaders concentrate, taking one capability from existing to genuinely operating and evidenced before moving to the next, because a single capability that truly operates is worth more than four that merely exist.
The consistent lesson of the benchmark is that the constraint is almost never technology and almost always the discipline of operation. The tools exist; the frameworks are well understood; the path is known. What is scarce is the will to do the unglamorous work of embedding controls into daily workflows so that governance operates continuously and produces evidence automatically. The organizations that supply that will are the ones that show up, in benchmark after benchmark, as the leaders, not because they bought better tools but because they did the harder, less visible work of making governance real.
Wherever your organization sits, the gap between where you think you are and where you actually are is worth closing honestly, because it is precisely in that gap that the risk you believe you are governing actually lives. The benchmark's final invitation is to look into that gap without flinching, and to begin the specific, unglamorous work of closing it.
Concentrate. One capability that genuinely operates and is evidenced is worth more than four that merely exist.
Why self-assessment misleads
The gap between belief and reality in governance maturity is not random; it follows a predictable psychology, and understanding that psychology helps an organization correct for it. Self-assessment misleads in consistent ways, and an organization aware of these ways can adjust its own judgment toward honesty.
The first distortion is that organizations credit intention as achievement. Having decided to govern data well, having written the policy and formed the committee, feels like having governed data well, even when nothing in daily work has changed. The intention is real and the effort is real, so the sense of progress is real, but the operating capability that would actually reduce risk may not exist. Correcting for this requires testing for operation and evidence, not intention: not have we decided to govern this, but does the governance run and can we prove it.
The second distortion is that organizations judge themselves by their best examples rather than their typical ones. Asked about data governance maturity, an organization thinks of its best-governed data domain, its most conscientious team, its one well-controlled model, and generalizes from the exception. But governance maturity is determined by the typical case, not the best one, because the risk lives in the ungoverned majority, not the well-governed showcase. Correcting for this requires assessing coverage honestly: not can we point to a well-governed example, but what share of the estate is actually governed.
The third distortion is that organizations do not know what they cannot see. Shadow AI, ungoverned data, unattributed cloud spend, these are invisible precisely because they are ungoverned, so an organization assessing its maturity from what it can see systematically overestimates, because the ungoverned remainder does not appear in the assessment. Correcting for this requires actively looking for the unseen: the models no central function knows about, the data with no owner, the cloud spend no one can attribute. The benchmark's value is partly in prompting this uncomfortable but necessary search for what the organization's own view conveniently omits.
The connective tissue between the four capabilities
A subtle but important finding of the benchmark is that the four capabilities are not independent; they are connected, and the leaders exploit the connections while the majority run them in silos. Understanding the connections shows why concentrating on making them operate individually is necessary but not sufficient, and why the mature organizations gain a compounding advantage.
Data governance underlies AI governance, because an AI system is only as trustworthy as the data beneath it, and governing a model fed by ungoverned data is governing the visible half of the problem. Model risk depends on data quality, because monitoring a model for drift and degradation requires trustworthy data about its inputs and outputs. Cloud cost governance shares an operating discipline with the others and is increasingly driven by AI and data workloads, so governing the AI and data well governs a large part of the cloud spend too. The capabilities are facets of a single underlying capability, the capability to operate controls continuously and produce evidence, applied to different domains.
This is why the leaders, who connect the capabilities, gain more than the sum of the parts. Their strong data governance makes their AI governance easier and more trustworthy. Their AI governance and data quality make their model risk management effective. Their operating discipline, honed across all of these, makes their cloud cost governance natural. Each capability reinforces the others, and the organization's overall maturity compounds. The majority, running the capabilities in silos, get the opposite: weakness in one undercuts the others, ungoverned data undermines AI governance, poor data quality defeats model monitoring, and the effort spread thinly across silos advances none of them decisively. The connective tissue between the capabilities is where the leaders' compounding advantage is built.
A realistic path to maturity
The benchmark would be dispiriting if it only diagnosed the gap without pointing to a realistic way across it. Fortunately, the path is well understood, even if it demands discipline most organizations struggle to sustain. It has a small number of principles, each drawn from what distinguishes the leaders, and following them reliably moves an organization from the typical position toward genuine maturity.
The first principle is to concentrate rather than spread. Most organizations dilute their governance effort across all four capabilities and advance none of them decisively. The leaders concentrate, taking one capability from framework to genuinely operating and evidenced before moving to the next. A single capability that truly operates is worth more than four that merely exist, both because it reduces real risk and because it teaches the organization what operating governance actually takes, which makes the next capability easier.
The second principle is to sequence by dependency. Because data governance underlies the others, it comes first; an organization that builds AI governance on ungoverned data is building on sand. The leaders respect this dependency, establishing the data foundation before the capabilities that depend on it, so that each capability is built on solid ground rather than undermined by weakness beneath it. The third principle is to test relentlessly for operation and evidence rather than intention, correcting continuously for the self-assessment distortions that flatter, so that the organization's sense of its own maturity stays honest and its effort stays directed at the real gap.
Following these principles, concentrate, sequence by dependency, and test for operation and evidence, an organization can move steadily from the typical position, where frameworks exist but governance does not operate, toward the leading edge, where governance operates continuously, produces evidence automatically, and connects across the capabilities into a compounding whole. The path is not easy, because it demands sustained discipline rather than one-time effort, but it is well-marked, and it is the same path the leaders walked. The benchmark's final message is that the leading position is not reserved for organizations with better tools or bigger budgets; it is available to any organization willing to walk the path with discipline.
The leading position is not reserved for bigger budgets or better tools. It is available to any organization willing to walk the path with discipline.
Turning the mirror on your own organization
The benchmark's ultimate purpose is not to describe organizations in general but to help a specific organization, yours, see itself honestly and act. To that end, it is worth walking through how to turn the mirror on your own organization, capability by capability, with the honesty that the self-assessment distortions make difficult but essential. The exercise is uncomfortable, which is precisely why it is valuable: the comfortable self-assessment is the one that misleads.
Begin with data governance, and resist the temptation to think of your best-governed data domain. Ask instead, across the whole estate, whether owners actually exercise ownership, whether quality rules actually run and catch problems, whether lineage is actually maintained and trusted. Test it concretely: pick a number the business relies on and ask whether you can show, on demand, that it is trustworthy and where it came from. If that triggers an investigation rather than an immediate evidenced answer, your data governance exists but does not operate, whatever your framework says.
Then move through AI governance, model risk, and cloud cost with the same honesty. For AI governance, ask what share of the AI actually in use, including shadow and procured AI, is inventoried, tiered, and controlled, and whether you can evidence the controls. For model risk, ask whether models are monitored across their lives or only validated at approval. For cloud cost, ask whether you can attribute spend to accountable owners and prevent waste with guardrails, or only watch a rising total. In each case, test for operation and evidence, assess coverage honestly, and search actively for what you cannot currently see. The picture that emerges will usually be lower than your comfortable self-assessment, and that gap, faced squarely, is the beginning of genuine progress.
Having located yourself honestly, apply the path: concentrate on the capability with the largest gap, sequence by dependency so the data foundation comes first, and drive that one capability from framework to genuinely operating and evidenced before moving on. Repeat, capability by capability, testing relentlessly for operation and evidence and correcting continuously for the distortions that flatter. This is the same path the leaders walked, and it is available to you, not because you have better tools or a bigger budget, but because you are willing to face the gap between belief and reality and to do the unglamorous, disciplined work of closing it. The mirror shows where you are; the path shows the way forward; and both are within your reach the moment you choose honesty over comfort.
The comfortable self-assessment is the one that misleads. Face the gap between belief and reality squarely, and it becomes the beginning of genuine progress.
The benchmark's closing challenge
Every benchmark ends with an implicit challenge to the reader, and this one is no exception. The challenge is not to accept a flattering self-assessment but to face the gap between where the organization believes it stands and where it actually stands, and then to do the disciplined, unglamorous work of closing that gap. This is harder than it sounds, because the gap is comfortable to ignore and uncomfortable to face, and most organizations choose comfort, which is precisely why most organizations stay in the typical position rather than joining the leaders.
The organizations that rise to the challenge share a willingness that the others lack: the willingness to be honest about their own maturity even when honesty is unflattering, to test for operation and evidence rather than crediting intention, to assess coverage across the whole estate rather than pointing to showcases, and to search actively for the ungoverned remainder they cannot currently see. This willingness to face reality is the true differentiator, more fundamental even than the operating discipline that follows from it, because the discipline is only applied by organizations honest enough to see that they need it.
The benchmark, in the end, is a mirror and a map. The mirror shows where the organization actually stands, if it has the courage to look honestly. The map shows the path forward: concentrate on the largest gap, sequence by dependency, drive each capability from framework to operating to evidenced, and correct continuously for the distortions that flatter. Both the mirror and the map are available to any organization, and neither requires better tools or a bigger budget than the organization already has. What they require is the willingness to face the gap and the discipline to close it, and those are choices, available now, that determine whether an organization stays in the comfortable, misleading self-assessment of the majority or joins the leaders who made governance genuinely operate.
The closing challenge, then, is simply this: look in the mirror honestly, and then walk the map with discipline. The organizations that accept the challenge will find, benchmark after benchmark, that they have moved from the typical position toward the leading edge, not because they acquired anything they did not have, but because they chose honesty over comfort and discipline over drift. That choice, available to every organization, is the whole of what separates the leaders from the rest.
Look in the mirror honestly, then walk the map with discipline. That choice, not better tools or bigger budgets, is what separates the leaders from the rest.
What the leaders do differently, in detail
It is worth setting out, in more detail than a summary allows, the specific practices that distinguish the genuinely mature organizations across each of the four capabilities, because these practices are concrete and transferable, and an organization can adopt them deliberately rather than hoping maturity will somehow arrive. The leaders are not mysteriously better; they do specific, describable things that the majority do not.
In data governance, the leaders make ownership real by giving owners both accountability and the authority and tools to exercise it, so that ownership is a live responsibility rather than a name on a chart. They make quality operate by running quality rules automatically in the data pipelines, so that problems are caught as data flows rather than discovered later by a confused consumer. And they make lineage trustworthy by maintaining it as an operating part of the data platform rather than a documentation exercise, so that the provenance of any number can be shown on demand. The majority, by contrast, have owners without authority, quality aspirations without running rules, and lineage documented once and left to decay.
In AI governance, the leaders maintain a live inventory through the deployment process itself, which cannot promote a model without registering it, so the inventory is always current rather than a periodic and immediately-stale survey. They embed controls, documentation, validation, monitoring, review, into the model lifecycle as gates, so the controls run automatically and produce evidence. And they report on coverage honestly, treating the ungoverned remainder as a known risk to close rather than an invisible one to ignore. The majority have, at best, a policy, a partial and stale inventory, controls that depend on memory, and no honest measure of coverage.
In model risk, the leaders govern models across their whole lives, monitoring them continuously for drift and degradation rather than validating them once at approval and looking away. And in cloud cost, the leaders attribute spend to accountable owners and prevent waste with guardrails that act before the spend happens, rather than watching a rising total they cannot explain. Across all four, the pattern is identical: the leaders make governance operate continuously and produce evidence automatically, through specific, describable practices that any organization can adopt. The maturity gap is not a mystery; it is the sum of these concrete practices, present in the leaders and absent in the majority, and closing the gap is a matter of adopting them deliberately, capability by capability, with the discipline the path requires.
The detail matters because it makes maturity actionable. An organization that understands the leaders only in the abstract, as somehow more mature, has nothing concrete to do. An organization that understands the specific practices, quality rules running in pipelines, inventory maintained by deployment, controls as lifecycle gates, continuous model monitoring, cloud spend attributed with guardrails, has a concrete agenda: adopt these practices, capability by capability, sequenced by dependency and driven to genuine operation before moving on. That agenda, pursued with discipline, is the path from the typical position to the leading edge, and it is available to any organization willing to walk it. The leaders are not ahead by luck or budget; they are ahead by practice, and the practices are there for any organization to adopt.
The benchmark applied across sectors
Although the four capabilities, data governance, AI governance, model risk, and cloud cost, are common across sectors, the specific pressures and starting points differ by industry, and it is worth noting how the benchmark applies across a few representative sectors, because the differences shape where an organization should concentrate first. The underlying pattern, framework present and operation absent, is universal, but its expression varies, and understanding the variation helps an organization apply the benchmark to its own context.
In banking and financial services, model risk management is typically the most mature of the four, because these institutions have governed models for decades under regulatory pressure, but even here the maturity often has not extended to AI and machine-learning models, which drift and degrade in ways traditional models did not. The concentration for these institutions is usually to extend their established model risk discipline to AI models and to close the gap in AI governance, which tends to lag their model risk maturity, while building on their comparatively strong regulatory culture. Their advantage is a governance culture; their gap is usually AI governance specifically and the adaptation of model risk to AI.
In energy and commodity trading, the pressures are different: the value of a governed, real-time data foundation is acute because of market volatility and entanglement, and data governance in the trading context, trusted positions, validated curves, is often where the pressure and the opportunity concentrate. These organizations frequently have strong domain expertise but underdeveloped enterprise data governance, so the concentration is often on making data governance operate in the trading context, which in turn strengthens everything built on it. In healthcare and other highly regulated but less financially-modeled sectors, data governance under privacy pressure and AI governance for clinical and operational models tend to be the pressing capabilities, while cloud cost governance is often the least developed.
Across all these sectors, the benchmark's core lesson holds unchanged: the gap is rarely technology and almost always operation, the leaders make governance operate and produce evidence automatically, and the path is to concentrate, sequence by dependency, and drive each capability to genuine operation. What the sector differences change is only the starting point and the order of concentration, not the nature of the gap or the path across it. An organization applying the benchmark to its own context should therefore identify, in light of its sector's particular pressures, which capability represents its largest gap between belief and reality, and concentrate there first, while following the same universal path that leads, in every sector, from the typical position to the leading edge.
The sector view completes the benchmark's usefulness by connecting its universal pattern to an organization's particular context. Wherever an organization sits, in whatever sector, the pattern of framework-present and operation-absent will be recognizable, the leaders will be distinguished by having made governance operate, and the path forward will be to concentrate, sequence by dependency, and drive each capability to genuine, evidenced operation. The organization's task is to apply this universal benchmark honestly to its own situation, identify its largest gap in light of its sector's pressures, and walk the path with discipline, which is, in every sector, what separates the leaders from the majority who mistake having a framework for operating a capability.
The one question that matters most
If the entire benchmark had to be reduced to a single question an organization should ask itself, it would be this: for each of our governance capabilities, can we produce, on demand and without a special project, the evidence that the capability is genuinely operating? This question cuts through every self-assessment distortion at once, because it cannot be answered by pointing to a framework, a committee, or a conscientious team; it can be answered only by producing the evidence, and the ability to produce it is exactly what distinguishes operating governance from the theatrical kind.
An organization that can answer this question affirmatively across its capabilities is genuinely mature, whatever its size or budget, because it has made governance operate and produce evidence, which is the whole of what maturity means. An organization that cannot, however handsome its frameworks and however conscientious its people, is in the typical position, with governance that exists but does not operate, and the honest recognition of that gap is the beginning of the path across it. The single question, asked honestly and answered by the attempt to produce evidence rather than by assertion, is the most useful diagnostic in the whole benchmark, because it is the one that cannot be answered by the intentions and frameworks that flatter every other self-assessment.
So the benchmark ends where a useful benchmark should, with a question an organization can carry away and act on immediately. Ask it of each capability, honestly, and let the attempt to produce evidence rather than the comfort of assertion supply the answer. Wherever the honest answer falls short, there is the work: to make that capability genuinely operate and produce evidence automatically, through the concrete practices the leaders use and the disciplined path of concentration and dependency-sequencing that this benchmark has described. The organizations that ask the question honestly and act on the answer will move, capability by capability, from the typical position to the leading edge, and they will do so not because they acquired better tools or bigger budgets but because they chose to face the one question that matters most and to do the work its honest answer demands.
Can we produce, on demand and without a special project, the evidence that this capability is genuinely operating? That single question cuts through every self-assessment distortion at once.
In the end, the benchmark is an invitation to honesty, and honesty, in the governance of data and AI, is itself a competitive advantage. The organizations that see themselves clearly, that resist the comfortable self-assessment and face the gap between where they believe they stand and where they actually stand, are the organizations positioned to close that gap, because they alone are looking at it. The organizations that maintain a flattering self-image are, by that very comfort, prevented from improving, because they do not see the gap that improvement would close. The willingness to be honest about one's own maturity, unflattering as the honesty often is, is therefore not merely a virtue but the practical precondition for progress, and it is the first thing the benchmark asks of any organization that uses it. Look honestly, concentrate on the largest gap, sequence by dependency, drive each capability to genuine operating and evidenced maturity through the concrete practices the leaders use, and correct continuously for the distortions that flatter. That is the whole of the path from the typical position to the leading edge, and it is available to any organization with the honesty to see where it stands and the discipline to do the unglamorous work of moving forward.
Where most organizations should begin
For an organization persuaded by the benchmark and asking where to begin, the answer follows directly from the pattern the benchmark describes. Begin by locating yourself honestly across the four capabilities, using the single question that cuts through the distortions: for each capability, can you produce, on demand, the evidence that it genuinely operates? Wherever the honest answer is weakest, and for most organizations it is weakest in AI governance, the newest and fastest-moving of the four, is where the largest gap between belief and reality usually lies, and therefore where concentration will pay off most.
But respect the dependency: because data governance underlies AI governance, an organization whose data governance does not operate should strengthen that foundation even as it addresses the AI governance gap above it, because AI governance built on ungoverned data will not hold. The sequencing principle, foundation first, resolves the apparent tension: concentrate on the largest gap, but not at the expense of the foundation it depends on, so that each capability is built on solid ground. For most organizations this means a coordinated push on data governance and AI governance together, with data governance establishing the trustworthy foundation and AI governance building the inventory, controls, and evidence on top of it.
From there, extend to model risk and cloud cost, applying the same discipline of driving each capability from framework to genuine operating and evidenced maturity before considering it done. Throughout, correct continuously for the self-assessment distortions that flatter, test relentlessly for operation and evidence rather than intention, and treat coverage across the whole estate as the measure that matters rather than the showcase examples that comfort. This is where most organizations should begin, and it is a beginning available now, requiring not better tools or bigger budgets but the honesty to locate oneself truthfully and the discipline to walk the well-marked path from the typical position toward the leading edge that this benchmark has described.
Begin by locating yourself honestly, concentrate on the largest gap while respecting the data-governance foundation beneath it, and drive each capability to genuine, evidenced operation.
Get the PDF of this insight
Enter your name and corporate email and we will send the download link to your inbox. We send the link to the address you provide, so it must be a real, corporate email. Free providers are not accepted.
Check your inbox
If the address is valid, the download link is on its way. It can take a minute to arrive.
Your next step, whatever your role
If this benchmark has shown you a gap between where you believe you stand and where you actually stand, here is how to close it, whether through an independent assessment, a platform, or capability building.
Get an independent assessment
See it operationalized in a product
Build the capability in your teams
Bring this thinking to your organization
Scope an engagement with a senior practitioner.