> ## Documentation Index > Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt > Use this file to discover all available pages before exploring further. # Governance & Risk Entity Relationship Diagram > > Version: 0.1.0 > Module: Governance & Risk > Prefix: gr_ > Tables: 49 > Last Updated: 2026-01-11 > **Version:** 0.1.0\ > **Module:** Governance & Risk\ > **Prefix:** `gr_`\ > **Tables:** 49\ > **Last Updated:** 2026-01-11 ## Changelog * **2026-01-11** — v0.1.0 — Initial ERD with 49 tables ## Overview The Governance & Risk module manages organizational policies, compliance audits, risk assessments, incident tracking, and regulatory requirements. ## Policies ERD ```mermaid theme={null} erDiagram gr_policies ||--o{ gr_policy_versions : "has versions" gr_policies ||--o{ gr_policy_acknowledgments : "acknowledged by" gr_policies }o--|| gr_policy_categories : categorized gr_policies ||--o{ gr_policy_reviews : "reviewed in" gr_policies { uuid id PK uuid organization_id FK uuid category_id FK string policy_number string title text summary enum status date effective_date date review_date uuid owner_id FK integer review_frequency_days jsonb custom_fields } gr_policy_versions { uuid id PK uuid policy_id FK integer version_number text content string document_path uuid created_by FK timestamp created_at text change_summary } gr_policy_categories { uuid id PK uuid organization_id FK string name string code text description uuid parent_id FK integer display_order } gr_policy_acknowledgments { uuid id PK uuid policy_id FK uuid policy_version_id FK uuid user_id FK timestamp acknowledged_at string ip_address } gr_policy_reviews { uuid id PK uuid policy_id FK uuid reviewer_id FK date review_date enum outcome text comments uuid next_version_id FK } ``` ## Audits ERD ```mermaid theme={null} erDiagram gr_audits ||--o{ gr_audit_findings : discovers gr_audits ||--o{ gr_audit_evidence : "supported by" gr_audits }o--|| gr_audit_types : "of type" gr_audit_findings ||--o{ gr_corrective_actions : requires gr_audits { uuid id PK uuid organization_id FK uuid audit_type_id FK string audit_number string title date scheduled_date date start_date date end_date enum status uuid lead_auditor_id FK text scope text objectives jsonb custom_fields } gr_audit_types { uuid id PK uuid organization_id FK string name string code text description integer frequency_months jsonb checklist_template } gr_audit_findings { uuid id PK uuid audit_id FK string finding_number string title text description enum severity enum status uuid assigned_to FK date due_date jsonb evidence_refs } gr_audit_evidence { uuid id PK uuid audit_id FK uuid finding_id FK string evidence_type string document_path text description uuid uploaded_by FK timestamp uploaded_at } gr_corrective_actions { uuid id PK uuid finding_id FK string action_number text description uuid assigned_to FK date due_date date completed_date enum status text verification_notes uuid verified_by FK } ``` ## Risk Management ERD ```mermaid theme={null} erDiagram gr_risks ||--o{ gr_risk_assessments : assessed gr_risks ||--o{ gr_risk_mitigations : mitigated gr_risks }o--|| gr_risk_categories : categorized gr_risks ||--o{ gr_risk_incidents : "realized as" gr_risks { uuid id PK uuid organization_id FK uuid category_id FK string risk_number string title text description enum likelihood enum impact integer risk_score enum status uuid owner_id FK date review_date jsonb custom_fields } gr_risk_categories { uuid id PK uuid organization_id FK string name string code text description uuid parent_id FK } gr_risk_assessments { uuid id PK uuid risk_id FK date assessment_date uuid assessor_id FK enum likelihood enum impact integer risk_score text rationale text recommendations } gr_risk_mitigations { uuid id PK uuid risk_id FK string mitigation_number text description enum mitigation_type enum status uuid owner_id FK date target_date date completed_date decimal cost } ``` ## Incidents ERD ```mermaid theme={null} erDiagram gr_incidents ||--o{ gr_incident_updates : "has updates" gr_incidents ||--o{ gr_incident_actions : requires gr_incidents }o--|| gr_incident_types : "of type" gr_incidents }o--|| gr_risks : "related to" gr_incidents { uuid id PK uuid organization_id FK uuid incident_type_id FK uuid risk_id FK string incident_number string title text description timestamp occurred_at timestamp reported_at uuid reported_by FK enum severity enum status uuid assigned_to FK text root_cause text lessons_learned jsonb custom_fields } gr_incident_types { uuid id PK uuid organization_id FK string name string code text description boolean requires_notification jsonb notification_recipients } gr_incident_updates { uuid id PK uuid incident_id FK text update_text uuid created_by FK timestamp created_at enum status_change } gr_incident_actions { uuid id PK uuid incident_id FK string action_type text description uuid assigned_to FK date due_date date completed_date enum status } ``` ## Compliance ERD ```mermaid theme={null} erDiagram gr_compliance_requirements ||--o{ gr_compliance_assessments : assessed gr_compliance_requirements }o--|| gr_regulatory_frameworks : "from framework" gr_compliance_requirements ||--o{ gr_compliance_evidence : "evidenced by" gr_regulatory_frameworks { uuid id PK uuid organization_id FK string name string abbreviation text description string version date effective_date boolean is_active } gr_compliance_requirements { uuid id PK uuid framework_id FK string requirement_number string title text description enum priority uuid owner_id FK date review_date jsonb control_mapping } gr_compliance_assessments { uuid id PK uuid requirement_id FK date assessment_date uuid assessor_id FK enum compliance_status text findings text recommendations date next_review_date } gr_compliance_evidence { uuid id PK uuid requirement_id FK string evidence_type text description string document_path date collected_date uuid collected_by FK } ``` ## RLS Policy Coverage | Table | SELECT | INSERT | UPDATE | DELETE | WITH CHECK | Status | | ---------------------------- | ------ | ------ | ------ | ------ | ---------- | ------------- | | gr\_policies | ✅ | ✅ | ✅ | ✅ | ✅ | Complete | | gr\_policy\_versions | ✅ | ✅ | - | - | - | Version table | | gr\_policy\_acknowledgments | ✅ | ✅ | ✅ | ✅ | ✅ | Complete | | gr\_audits | ✅ | ✅ | ✅ | ✅ | ✅ | Complete | | gr\_audit\_findings | ✅ | ✅ | ✅ | ✅ | ✅ | Complete | | gr\_risks | ✅ | ✅ | ✅ | ✅ | ✅ | Complete | | gr\_risk\_assessments | ✅ | ✅ | ✅ | ✅ | ✅ | Complete | | gr\_incidents | ✅ | ✅ | ✅ | ✅ | ✅ | Complete | | gr\_compliance\_requirements | ✅ | ✅ | ✅ | ✅ | ✅ | Complete | ## Key Tables ### gr\_policies Organizational policies with version control and acknowledgment tracking. ### gr\_audits Internal and external audit records with findings and evidence. ### gr\_risks Risk register with scoring, ownership, and mitigation tracking. ### gr\_incidents Incident reports with investigation and corrective action workflow. ### gr\_compliance\_requirements Regulatory compliance requirements mapped to frameworks. ## Helper Functions | Function | Purpose | | --------------------------------------------- | ----------------------------- | | `gr_has_org_access(org_id, user_id)` | Check GR module access | | `gr_get_policies_due_review(org_id)` | Get policies needing review | | `gr_calculate_risk_score(likelihood, impact)` | Calculate risk score | | `gr_get_open_findings(org_id)` | Get unresolved audit findings | ## Cross-Module Dependencies * **PF:** Organizations, profiles, documents * **FW:** Policy approval workflows, incident workflows * **HR:** Training compliance, employee acknowledgments