Entities are one of the most fundamental and crucial elements for using Governance, Risk, and Compliance. Entities can be people, processes, departments, applications, or objects that are examined for risks.

To effectively maintain the risk and compliance universe of your organization, you have to define entity types, entity classes, and entity tiers. A risk universe refers to a list of risks that your organization either faces or might face in the future. The list contains a description of each risk's criticality and frequency.

Entities are used within all offerings of GRC such as GRC: Policy and Compliance Management, Audit Management, GRC: Privacy Management and GRC: Regulatory Change Management.