In order to be effective, it is best to combine the Governance and the cognitive models together. The results look something like Figure 1. Each cell in the overlaid models represents a single Role or area of consistent governance providing some context for the requirements. For example, at the Data x Regulation cell, there is specific data that is required to be collected according to the regulations. There is a regulation that requires a bank to collect taxpayer IDs for each account. During the Execution aspect (i.e., the Bank's Policies and Procedures(P&P)) the taxpayer ID is collected, the specific bank actually collects and records the taxpayer ID. During the Compliance aspect, there is a requirement to verify that each Bank actually has a taxpayer id with each account. This consistency in governance can be repeated for each row (i.e., Wisdom, Understanding, Knowledge, Information and Data) and for each column (i.e., Regulation, Execution and Compliance).
If any of the Roles (i.e., cells have no requirements, the governance is incongruent and can lead to a potential flaw or hole in the governance which is vulnerable to exploitation.