Entities are one of the most fundamental and crucial elements for using Governance, Risk, and Compliance. Entities can be people, processes, departments, applications or objects that are examined for risks.

To effectively maintain the risk universe of your organization, we recommend that you define entity types, entity classes, and entity tiers. A risk universe refers to a list of risks that your organization either faces or might face in the future. The list contains a description of each risk's criticality and frequency. Entities are used within all offerings of GRC such as GRC: Policy and Compliance Management, Audit Management, and GRC: Regulatory Change Management.