Cloud Financial Controls Maturity Model
A 5-level maturity framework evaluating 42 controls across six domains. Designed for benchmarking, board reporting, and FinOps improvement roadmaps.
The Cloud Financial Controls Maturity Model (CFCMM) is finops.qa’s proprietary framework for assessing the maturity of cloud financial management programs. It evaluates 42 controls across six domains, producing a level score (1–5) and a domain-by-domain gap analysis.
The Five Maturity Levels
| Level | Name | Definition |
|---|---|---|
| 1 — Ad Hoc | No formal process | Cloud costs reviewed reactively after invoice arrives. No tag strategy. No budget owners. Alerts configured once, never validated. |
| 2 — Defined | Documented but untested | Tag strategy exists in a wiki. Monthly cost review meetings happen. Basic alerts configured. No one has tested whether any of it works correctly. |
| 3 — Measured | Tested and scored | Showback implemented and validated. Budget owners assigned and confirmed. Tagging accuracy tested quarterly. FinOps Defect Score calculated. |
| 4 — Governed | Automated and enforced | Chargeback live with <±2% accuracy. Shift-left cost gates in CI/CD. FinOps function established with defined SLAs. Automated anomaly detection with validated thresholds. |
| 5 — Optimised | Self-improving | Unit economics tracked per product line. Automated rightsizing with performance validation. Continuous FinOps QA retainer. FinOps Defect Score ≥ 85 maintained. |
Benchmark: Most Series B companies score at Level 2–3 on their first CFCMM assessment.
The Six Domains
| Domain | Controls | Key Metric |
|---|---|---|
| Cost Visibility | 8 | Dashboard accuracy vs. provider invoice |
| Budget Governance | 7 | Alert coverage × latency × routing accuracy |
| Allocation Accuracy | 9 | Spend-weighted tagging coverage |
| Optimisation Cadence | 6 | Rightsizing recommendation age × implementation rate |
| Tooling Completeness | 7 | Tool accuracy scorecard (12 dimensions) |
| Accountability Structure | 5 | Budget owner assignment × response SLA |
Using the CFCMM
The CFCMM is used in every finops.qa engagement as the baseline assessment, gap analysis, roadmap input, and progress tracking tool. The full 42-control assessment is conducted as part of the FinOps QA Assessment.
Contact us to discuss a CFCMM baseline for your organisation.
Get Your FinOps Defect Score
Book a free 30-minute cloud cost review. We will identify your top three FinOps gaps and give you a preliminary Defect Score — no pitch, no obligation.
Talk to an Expert