Regardless of how good your governance policies may be, exceptions happen, and things get forgotten.
Emergency changes to allow quick access, after all your business is dynamic and wants to facilitate an import project, promptly. The odd firewall rule change or port opening up some Network Access Controls (NAC).
We may not be following the best of practices, but that's ok, its only for a short period of time, right? You have a nightmare scenario; your go live date is a few days away and your systems are still not functioning as expected. An emergency change is approved to allow all ports and services to be opened on the firewall. In aid of testing and diagnosing the fault. Changes will be reverted once the testing has been completed anyway, wont they...?