My comment
In a nutshell:
Data Governance Management starts as a Project with the purpose to set up roles / responsibilities, procedures and technology to ensure regulatory compliance, data quality and data security.
It turns into a Program where operational units practice - as agreed in the initial Data Governance Project - their responsibilities and use the defined procedures and technology on a daily basis. Operational units should report issues with the Program to a Data Governance Committee which may trigger follow-up Projects to adjust responsibilities, procedures and technology to improve the existing Program.
It is the task of the Internal Audit to check on a regular (and/or random) basis that operational units follow their obligations as defined in the Program.
