The changes make it into the database in more or less real time and there are condensed feeds providing the changes for the last minute, hour, or day.
So the delays are on the data consumer side. A lot of that ends up being QA, because big companies don't want to publish vandalism. Of course, when they accidentally do publish vandalism, their slower update pace becomes a weakness.
Does that happen? One would assume that the slower update pace is just a matter of policy, so with vandalism they would be able to apply fixes much faster.
OSM had the vandalism removed in a couple hours. A few weeks later, the QA mistakenly let the vandalism through and it wasn't corrected until it got quite a lot of attention.
So the delays are on the data consumer side. A lot of that ends up being QA, because big companies don't want to publish vandalism. Of course, when they accidentally do publish vandalism, their slower update pace becomes a weakness.