"The Zachman Framework IS NOT a methodology for creating the implementation... It clearly has no methodological implications... is an ontology — or the complete set of all the 'elements' that exist in the Enterprise."
— John A. Zachman (2008), The Concise Definition of the Zachman Framework
The Inquiry: Can organizational governance knowledge — authority structures, decision processes, commitment states, constraint boundaries — be extracted from narrative organizational documents into structured, machine-queryable representations using a standardized cross-domain methodology, and do existing traditions provide this capability?
The most important synthesis across CTA and audit traditions is the level distinction. CTA operates at the domain level — extracting what experts know and do in their specific domain. The audit tradition operates at the governance level — extracting organizational structure (authority, accountability, constraints, evidence requirements) that is invariant across domains. These levels are not in tension; they address different kinds of organizational knowledge.
CommonKADS provides a structural parallel: its context-level worksheets (OM-1 through AM-1) ARE standardized across domains. It is the Knowledge model's Domain layer that requires customization. This maps to the governance extraction pattern: structural questions about governance (who has authority? what evidence is required? what constraints apply?) work across domains because governance structure is domain-invariant. Deeper probes about domain-specific governance patterns may require domain sensitivity — analogous to CommonKADS requiring domain customization at the Knowledge model level.
The audit tradition validates this with a century of practice: AU-C 315 and ISA 315 require the same organizational understanding dimensions (entity nature, objectives, internal control, risk assessment) across every industry — from manufacturing to healthcare to technology. The standardized framework, customized application pattern is exactly what governance extraction requires.
The convergence table (F16) reveals a systematic pattern: governance-specific constructs are absent across all seven traditions except audit methodology. Authority, evidence, decision provenance, and accountability state are not "nice to have" additions to existing frameworks — they are the governance surface that existing frameworks were not designed to model. EA models organizational structure for architecture. KE models knowledge for expert systems. CTA models cognition for training. Business ontologies model value creation for accounting. None models governance for accountability.
The audit tradition achieves full coverage because auditors must understand governance in order to assess risk. But audit produces risk assessments, not populated governance representations. The gap is not in understanding governance (auditors do this) but in representing governance computationally (no tradition does this). The contribution space is the computational representation, not the understanding methodology.
Bell et al.'s (1997) reframing of auditing as organizational modeling creates a direct bridge to Sprint 8 (World Models). The auditor constructs a systemic model of the client organization — strategy, economic web, business processes, performance measurement — and uses this model to predict expected financial statements, against which actual outcomes are measured. This IS the prediction formalism: predict(organizational_state, strategy) → expected_outcomes, with deviation measurement when actual results differ from expectations.
The connection to the Conant-Ashby theorem (RA-008, F5) is immediate: the auditor MUST be a model of the audited organization to regulate effectively (assess risk accurately). Bell et al. arrived at this independently from audit practice. The governance extraction methodology is the tool that populates this model — converting narrative organizational documents into the structured representation the auditor's model requires.
The BX consistency problem (F13, F14) resolves through an architectural decision: the structured governance representation is canonical; narrative documents are derived views. This is not a compromise — it is the architecturally correct choice. Foster's lens theory shows that well-behaved round-trip consistency requires information preservation, which narrative-to-structure transformation cannot provide (rhetorical structure is discarded). Stevens shows even QVT fails for non-bijective cases. The asymmetric lens pattern (canonical source + derived views) is standard in both BX theory and structured authoring (DITA). The consequence: modifying a generated document and parsing it back is not a supported operation. Updates flow through the structured representation, not through document editing.
Davenport & Prusak (1998) define organizational knowledge as "a fluid mix of framed experience, values, contextual information, and expert insight" that "often becomes embedded not only in documents or repositories but also in organizational routines, processes, practices, and norms." They identify narrative as the primary transfer mechanism: "Knowledge communicated most effectively through a convincing narrative." The codification challenge is "more art than science." Technology is "the pipeline and storage system" but "does not create knowledge and cannot guarantee or even promote knowledge generation or knowledge sharing."
Daft & Lengel (1986) demonstrate that communication media vary in "information richness" — the capacity to change understanding within a time interval. Business plans and capability statements are rich precisely because they accommodate equivocality. For human readers, this is a feature. For computational governance, it means the same organizational knowledge is scattered across multiple documents in incompatible formats, each drifting from the others.
Studer, Benjamins & Fensel (1998) document the paradigm shift: "The modeling approach emphasizes the creation of computer models mimicking experts' problem-solving capabilities, countering the transfer approach's focus on simply encoding existing knowledge." Under the Modeling View, knowledge acquisition is model construction — building explicit models using reusable problem-solving methods and ontologies. The definition of ontology as "a formal, explicit specification of a shared conceptualization" (Studer et al., 1998) is one of the most cited in the field. Extracting organizational governance knowledge is a modeling activity: each answer to a structured question contributes to a model of organizational governance state, not a recording of domain knowledge.
The original 1987 IBM Systems Journal paper contained only three columns: Data (What), Function (How), and Network (Where). Who, When, and Why were added in the 1992 Sowa-Zachman paper "Extending and Formalizing the Framework." The full 6×6 matrix (six interrogatives × six reification transformations) makes an explicit completeness claim: "This matrix would necessarily constitute the total set of descriptive representations that are relevant for describing something...anything — in particular an enterprise." The completeness is justified by two independent classification systems deemed exhaustive. Critically, Zachman states: "The Zachman Framework IS NOT a methodology for creating the implementation...It clearly has no methodological implications...is an ontology — or the complete set of all the 'elements' that exist in the Enterprise." No extraction process, interview protocols, or discovery procedures are provided.
ArchiMate's business layer contains 13 element types: 4 active structure (Business Actor, Role, Collaboration, Interface), 5 behavior (Process, Function, Interaction, Event, Service), 3 passive structure (Object, Contract, Representation), and 1 composite (Product). The motivation layer adds elements including Stakeholder, Goal, Constraint, and Requirement. Across all layers, ArchiMate has approximately 57 element types, designed "to model the proverbial 80% of practical cases." Authority must be inferred through Role assignments. Decision requires Business Event with custom extension. Evidence has no native representation. Account (accountability state) has no native representation. This confirms a systematic gap: EA frameworks model organizational structure but not governance-specific dynamics.
CommonKADS's six models (Organization, Task, Agent, Knowledge, Communication, Design) include standardized context-level worksheets that work across domains: OM-1 (Problems, solutions, context), OM-2 (Organization focus area), OM-3 (Process breakdown), OM-4 (Knowledge assets), OM-5 (Feasibility), TM-1 (Task analysis), TM-2 (Knowledge item analysis), AM-1 (Agent model). These worksheets "act as checklist and information archive and should be used flexibly." At the knowledge model level, reusable templates exist for Classification, Assessment, Diagnosis, Monitoring, Synthesis, Configuration Design, Assignment, Planning, and Scheduling — "patterns of knowledge-intensive tasks." However, the Domain layer content within these templates requires domain-specific customization: "Modelling is a constructive activity, and there exists no single correct solution." The distinction matters: the structural method is standardized; the content requires domain expertise.
Klein et al.'s (1989) Critical Decision Method uses a four-sweep structure: (1) incident identification and unstructured recall, (2) timeline construction, (3) deepening probes with cognitive probes, (4) "what-if" queries. The probes target cues, goals, expectations, courses of action, experience/analogues, and information used — categories derived from Klein's Recognition-Primed Decision model. These probe categories are standardized across domains; the same RPD-derived questions apply to fireground commanders, surgeons, and software debuggers. What varies is the incident content, not the probe structure. Applied across "urban and wildland fireground commanders, tank platoon leaders, structural engineers, design engineers, paramedics, computer programmers" and many more domains. Inter-coder reliability for identifying decision points: 81-100%.
CTA extracts what experts actually do, perceive, and decide — inherently domain-specific because expert cognition varies by domain. A weather forecaster's cues differ from a critical care nurse's. But governance-level questions ("What types of work do you do?", "Who has authority to make this decision?", "What evidence would show this was done correctly?") extract structural knowledge that is the same regardless of domain. The audit tradition (F9) provides a century of empirical validation for this level distinction: auditors use standardized frameworks across every industry because governance structure — not domain content — is what they must understand.
ISA 315 (Revised 2019) requires understanding of: (1) industry, regulatory, and external factors, (2) nature of the entity (operations, ownership, governance, financing), (3) accounting policies, (4) entity objectives and strategies, (5) performance measurement, (6) applicable reporting framework, (7) the entity's system of internal control (all five COSO components), and (8) inherent risk factors. The COSO five-component model (control environment, risk assessment process, information system and communication, control activities, monitoring of controls) applies identically across all industries. The framework is "standardized in structure but scalable in application" — smaller entities satisfy requirements through informal processes. This is two-tier standardization: standardized framework, customized application.
Strategic-systems auditing (SSA) is "an evidence-driven, belief-based risk assessment process where the auditor develops an understanding of a company's business to form expectations about future financial statements." Three analytical stages: (1) strategic analysis (strategic risks from external forces, "the economic web"), (2) business process analysis (process risks — whether processes execute strategy), (3) business measurement (measurement risks — whether metrics capture reality). SSA treats the audit as a top-down, systems-level organizational modeling exercise — the auditor builds a model of organizational dynamics before examining any specific transaction. This is organizationally-scoped world modeling applied to governance assessment.
McCarthy (1982) formalized double-entry bookkeeping into three primitives: Economic Resources (goods, services, rights under control), Economic Events (occurrences that increment or decrement resources), and Economic Agents (persons accountable for or participating in events). The duality principle links paired events in exchange relationships — one increment, one decrement, representing economic reciprocity. Extended REA (Geerts & McCarthy, 2002) adds Commitments (promises of future events), Economic Contracts (commitment bundles), and Type Images (policy layer — budgets, pricing, bills of material). Even Extended REA does not natively model authority (who authorized a decision), evidence (what supported it), decision provenance (how choices were traced), or governance accountability (account of what happened and why).
Zachman's full 6×6 framework (Sowa & Zachman 1992; Zachman 2008) claims 36-cell completeness (classification, not governance). Osterwalder's BMC claims 9 building blocks sufficient for business model description (value creation, not governance). McCarthy's REA claims 3 concepts sufficient for accounting (economic exchange, not governance). Each tradition attempts to reduce organizational complexity to a sufficient set. Governance-specific constructs — authority, evidence, decision provenance, accountability state — are absent across all surveyed business ontologies. The gap is not in the formalization impulse but in the target domain.
Foster et al. (2007) define a lens as get : S → V (source to view, may discard information) and put : V × S → S (view plus original source back to source). Three laws: GetPut (no view change → no source change), PutGet (view change fully reflected in source), PutPut (sequential updates collapse). Well-behaved = GetPut + PutGet. The put function needs the original source because get typically discards information. For governance extraction, the "get" direction (narrative → structured representation) necessarily discards rhetorical structure, argumentative form, and stylistic choices. The "put" direction (structured representation → narrative) generates new rhetorical structure. GetPut is violated by design: extracting from a document and projecting back does not produce the original document. PutGet is approximately satisfied: projecting and re-extracting should recover the structured content.
QVT's limitations for non-bijective BX apply directly to governance knowledge extraction: narrative-to-structured-representation transformations are inherently non-bijective (many narratives can express the same governance content; one narrative can contain governance content for multiple structured elements). The resolution: asymmetric architecture where the structured representation is canonical and documents are derived views. This is a standard asymmetric lens pattern and aligns with DITA's single-source publishing paradigm (Rockley & Cooper, 2012) where source content is canonical and outputs are generated views.
In any content management system, the design decisions about what categories exist, what relationships hold, and what projection templates look like ARE the rhetorical acts. The decision that "organizational purpose" is a first-class governance concept — not a subsidiary of "business strategy" or "mission statement" — is a rhetorical act with consequences for every document projected from the structured representation. This connects to Studer et al.'s (1998) Modeling View: governance extraction is not neutral recording but model construction with built-in ontological commitments.
Enterprise Architecture. Provides organizational modeling ambition, multi-perspective decomposition, 57+ element types. Lacks extraction methodology; no governance-specific constructs (authority, evidence, decision, account absent).
Knowledge Engineering. Provides structured acquisition (templates, worksheets), Modeling View, competency questions. Targets knowledge-based systems, not governance; domain-specific content.
Cognitive Task Analysis. Provides expert methodology elicitation, structured interviews, progressive depth. Domain-specific probe design; no governance construct target.
Business Model Ontology. Provides formal element decomposition, sufficiency claims from minimal sets. Value creation or accounting scope; misses governance-specific constructs.
Bidirectional Transformation. Provides formal consistency framework (lenses, TGGs), correspondence models. Cannot achieve round-trip consistency for non-bijective transformations.
Structured Authoring. Provides single-source, multi-format publishing, content-presentation separation. Content is document topics, not governance state.
Audit Methodology. Provides standardized cross-domain organizational understanding, full governance dimension coverage. Output is risk assessment, not populated governance representation.
Noy & McGuinness establish competency questions as scope-defining instruments: questions that "a knowledge base based on the ontology should be able to answer." They serve as a "litmus test" for ontology coverage. The methodology (using competency questions to define scope) is standardizable across domains, but the content of the questions "necessarily varies by domain." The governance-level distinction (F8) resolves this: questions targeting governance structure rather than domain knowledge can be standardized because governance structure is invariant across organizational domains — as the audit tradition (F9) demonstrates empirically.
Each tradition addresses part of the problem: EA classifies, KE acquires, CTA elicits, BX transforms, DITA publishes, business ontologies formalize, audit understands. None integrates these functions with governance-specific constructs as the target representation. The gap is in integration and governance specificity, not in individual tradition capability.
The level distinction (domain-specific cognitive knowledge vs. governance-level structural knowledge) is the key resolution. CTA would reject standardized cross-domain extraction because it targets domain-specific knowledge. The audit tradition validates it because it targets governance structure. Both are correct — they operate at different levels.
GetPut is violated by design. PutGet is approximately satisfied. The resolution is not to pursue round-trip consistency but to declare the structured representation as canonical. Documents become derived views, regenerated when the canonical representation changes.
The connection between governance extraction (this sprint) and organizational world models (S8) runs through the audit tradition: auditors construct models, make predictions (expected financial statements), and measure deviations. The governance extraction methodology is the tool that populates the model.
Andersen's (2014) insight about rhetorical work relocation confirms: the design of the governance construct schema (what categories exist, what relationships hold) is where the intellectual work resides, not in the individual extraction or projection operations.
Smith, C. (2026). Knowledge Engineering, Methodology Extraction & Organizational Translation (Research Report RR-013, WMI Thesis). GrytLabs Research Institute. https://doi.org/10.5281/zenodo.20224933
© 2026 GrytLabs Dynamics Inc. Licensed under CC-BY 4.0.
This research is conducted under the GrytLabs Research Code of Ethics, derived from the IIA Code of Ethics and the GAO Yellow Book ethical framework, adapted for a research-institute context.
Four principles govern all research activity:
Integrity — findings are reported as found, not as convenient. Unfavorable results are published with the same rigor as favorable ones.
Objectivity — research questions are framed to be falsifiable. Conflicts of interest (including the founder's dual role as researcher and patent holder) are disclosed, not resolved by assertion.
Confidentiality — disclosure levels (L0–L3) govern what appears in public research. Embargoed findings, IP-critical details, and pre-publication material are withheld per the Disclosure Discipline (GOV-PS-006), not suppressed.
Competency — claims are bounded by the evidence that supports them. Architectural claims cite spec sections. Empirical claims cite research artifacts. Claims that exceed available evidence are flagged as open questions, not presented as conclusions.
The Executive Director is a Certified Internal Auditor (CIA), Institute of Internal Auditors, personally bound by the IIA Code of Ethics as a condition of that credential. This is a personal attestation, not an institutional conformance claim — GrytLabs has not undergone an IIA Quality Assessment Review and does not claim IPPF conformance.
The governing traditions (IIA, GAO, AICPA, COSO) are formally mapped to the operating model in GOV-PS-001. This research applies the principles those traditions codify; it does not claim endorsement, review, or certification by any standards body.
This publication is provided for research and informational purposes. GrytLabs makes reasonable efforts to ensure accuracy but does not warrant that this publication is free of errors or omissions.
If you believe this publication contains errors, omissions, or misattributions, please contact the lab at research@grytlabs.ai. Corrections will be acknowledged in subsequent versions.
This work was produced through AI-assistive collaboration under GrytLabs' AI-assistive collaboration disclosure protocol. Claude (Anthropic) participated in literature synthesis, cross-domain pattern identification, and argumentation structuring. OpenAI Codex participated in citation and accuracy verification. AI actors participate with delegated authority, never inherent authority. Responsibility for all findings, claims, and conclusions rests with the named author.
Full workpaper with attestation and provenance chain available at research.grytlabs.ai/docs. DOI: 10.5281/zenodo.20224933