An entity is an organizational unit or element subject to governance and compliance oversight. Entities take various forms, and the term is often used to encompass different levels of organizational structure. Here is what an entity can represent in GRC:
Organizational Entities:
In a GRC framework, an entity might refer to different levels of the organizational hierarchy, such as business units, departments, subsidiaries, or divisions.
For example, if a company has multiple business units, each business unit could be considered an entity with its own set of risks, controls, and compliance requirements.
Processes or Functions:
Entities can also represent specific business processes, functions, or activities within an organization. This perspective focuses on the identification and management of risks associated with particular operational aspects.
For instance, an entity might be a specific financial process, like order-to-cash, which has its own set of risks, controls, and compliance considerations.
Third-Party Entities:
In the context of GRC, entities can extend beyond the organization itself to include third parties, such as vendors, suppliers, or partners.
Managing risks associated with third-party entities involves assessing and monitoring the compliance and performance of these external entities in the context of the organization’s risk appetite.
Data Entities:
In certain GRC implementations, entities might be associated with data objects or records, particularly in the realm of data governance. This involves managing risks related to data quality, privacy, and security.
For instance, customer data, financial records, or sensitive information could be considered entities within a data governance framework.
Projects or Initiatives:
Entities can also be temporary or project-based, representing specific initiatives or projects within the organization.
Managing risks and compliance during project execution ensures that organizational goals are met without compromising on governance standards.
GRC (or IRM, Integrated Risk Management) platforms like ServiceNow provide tools to define, categorize, and link various entities to associated risks, controls, policies, and other GRC elements. This helps organizations establish a comprehensive view of their risk landscape and compliance requirements across different facets of their operations.
https://docs.servicenow.com/csh?topicname=what-is-an-entity.html&version=latest
To create an entity in ServiceNow, here’s the documentation. You’ll need one of the following roles: sn_grc.manager, sn_risk_workspace.IT_risk_manager, and sn_risk_workspace.operational_risk_manager
https://docs.servicenow.com/csh?topicname=create-new-entity-ws.html&version=latest