Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

Module: Governance, Risk & Compliance
Prefix: gr_
Table Count: 49
Last Updated: 2026-01-10

Overview

The GR module provides comprehensive governance, risk management, and compliance capabilities including policy management, risk assessment, compliance tracking, contract management, audits, accreditation, training, and quality improvement.

Table Categories

1. Policy Management (5 tables)

TableColumnsDescription
gr_policies28Policy definitions
gr_policy_versions16Version history
gr_policy_acknowledgments12Employee acknowledgments
gr_policy_assignments10Policy distribution
gr_policy_regulatory_links8Regulatory mappings
Policy Lifecycle: 
draft → review → approved → published → archived

              acknowledgments required
Policy Fields:
  • title, description, content
  • category, department_id
  • effective_date, review_date, expiration_date
  • owner_id, approver_id
  • requires_acknowledgment

2. Risk Management (4 tables)

TableColumnsDescription
gr_risks30Risk register
gr_risk_assessments22Risk evaluations
gr_risk_mitigations18Mitigation plans
gr_risk_links8Risk relationships
Risk Matrix: 
           Impact
           Low  Med  High  Critical
Likelihood ┌────┬────┬────┬────────┐
  Rare     │ 1  │ 2  │ 3  │   4    │
  Unlikely │ 2  │ 4  │ 6  │   8    │
  Possible │ 3  │ 6  │ 9  │  12    │
  Likely   │ 4  │ 8  │ 12 │  16    │
  Almost   │ 5  │ 10 │ 15 │  20    │
           └────┴────┴────┴────────┘
Risk Categories:
  • strategic - Strategic risks
  • operational - Operational risks
  • financial - Financial risks
  • compliance - Compliance risks
  • reputational - Reputational risks
  • technology - Technology/cyber risks

3. Compliance Management (4 tables)

TableColumnsDescription
gr_compliance_checks20Compliance assessments
gr_compliance_evidence14Evidence attachments
gr_compliance_submissions16Regulatory submissions
gr_compliance_remediation18Remediation tracking
Compliance Status:
  • compliant - Meets requirements
  • non_compliant - Does not meet requirements
  • partial - Partially compliant
  • not_applicable - N/A for organization
  • under_review - Assessment in progress

4. Regulatory Framework (2 tables)

TableColumnsDescription
gr_regulatory_bodies16Regulatory agencies
gr_regulatory_requirements22Requirement catalog
Common Regulatory Bodies:
  • HIPAA (Healthcare)
  • OSHA (Workplace Safety)
  • State Licensing Boards
  • CARF/Joint Commission (Accreditation)
  • CMS (Medicare/Medicaid)

5. Contract Management (6 tables)

TableColumnsDescription
gr_contracts32Contract records
gr_contract_types12Contract type catalog
gr_contract_amendments16Amendment tracking
gr_contract_obligations18Obligation tracking
gr_contract_milestones14Milestone tracking
gr_contract_alerts14Renewal/expiry alerts
Contract Status:
  • draftnegotiationpending_approvalactive
  • expired, terminated, renewed
Contract Types:
  • Vendor/Supplier Agreements
  • Client Service Agreements
  • Employment Contracts
  • Lease Agreements
  • Insurance Policies
  • Grant Agreements

6. Audit Management (6 tables)

TableColumnsDescription
gr_audits26Audit records
gr_audit_checklists16Audit checklists
gr_audit_findings20Finding records
gr_audit_evidence14Evidence attachments
gr_audit_corrective_actions18CAP tracking
gr_audit_team_assignments10Auditor assignments
Audit Types:
  • internal - Internal audit
  • external - External audit
  • regulatory - Regulatory inspection
  • accreditation - Accreditation survey
  • financial - Financial audit
Finding Severity:
  • observation - Minor observation
  • minor - Minor finding
  • major - Major finding
  • critical - Critical finding

7. Accreditation (6 tables)

TableColumnsDescription
gr_accreditations24Accreditation records
gr_accreditation_standards18Standard requirements
gr_accreditation_evidence14Evidence tracking
gr_accreditation_surveys20Survey tracking
gr_accreditation_audit_links8Audit linkages
gr_accreditation_compliance_links8Compliance linkages
Common Accreditations:
  • CARF (Commission on Accreditation of Rehabilitation Facilities)
  • Joint Commission
  • NCQA (National Committee for Quality Assurance)
  • State Certification Programs

8. Training Management (5 tables)

TableColumnsDescription
gr_training_courses22Course definitions
gr_training_enrollments14Enrollment records
gr_training_completions16Completion records
gr_training_policy_links8Policy linkages
gr_ceu_credits14CEU tracking
Training Types:
  • required - Mandatory compliance training
  • role_based - Role-specific training
  • optional - Professional development
  • remedial - Corrective training

9. Quality Improvement (6 tables)

TableColumnsDescription
gr_qi_projects24QI project records
gr_qi_project_templates16Project templates
gr_qi_metrics18Quality metrics
gr_qi_metric_measurements14Measurement data
gr_qi_improvements16Improvement actions
gr_qi_pdsa_cycles18PDSA cycle tracking
PDSA Cycle: 
Plan → Do → Study → Act → (repeat)

10. AI Assistance (4 tables)

TableColumnsDescription
gr_ai_audit_prep16AI audit preparation
gr_ai_compliance_suggestions14AI compliance help
gr_ai_gap_analyses16AI gap analysis
gr_ai_risk_assessments16AI risk analysis

11. Module Settings (1 table)

TableColumnsDescription
gr_module_settings37GR configuration
Key Settings:
SettingTypeDefault
policy_review_interval_daysinteger365
contract_alert_daysinteger[][30,60,90]
training_grace_period_daysinteger14
risk_assessment_frequencytext’quarterly’
audit_response_deadline_daysinteger30

Common Query Patterns

Get Risk Register

const { data } = await supabase
  .from('gr_risks')
  .select(`
    *,
    assessments:gr_risk_assessments(
      likelihood,
      impact,
      risk_score,
      assessed_at
    ),
    mitigations:gr_risk_mitigations(
      title,
      status,
      due_date
    )
  `)
  .eq('organization_id', orgId)
  .eq('status', 'active')
  .order('risk_score', { ascending: false });

Get Policies Requiring Acknowledgment

const { data } = await supabase
  .from('gr_policies')
  .select(`
    *,
    acknowledged:gr_policy_acknowledgments(
      acknowledged_at
    )
  `)
  .eq('status', 'published')
  .eq('requires_acknowledgment', true)
  .is('acknowledged.user_id', userId);

Get Upcoming Contract Renewals

const { data } = await supabase
  .from('gr_contracts')
  .select(`
    *,
    type:gr_contract_types(name),
    alerts:gr_contract_alerts(alert_type, alert_date)
  `)
  .eq('organization_id', orgId)
  .eq('status', 'active')
  .lte('end_date', addDays(new Date(), 90));

Get Audit Findings Summary

const { data } = await supabase
  .from('gr_audit_findings')
  .select(`
    severity,
    status,
    audit:gr_audits(title, audit_type)
  `)
  .eq('organization_id', orgId)
  .neq('status', 'closed');

Get Training Compliance

const { data } = await supabase
  .from('gr_training_courses')
  .select(`
    *,
    completions:gr_training_completions(
      employee_id,
      completed_at,
      expiration_date
    )
  `)
  .eq('organization_id', orgId)
  .eq('is_required', true);

RLS Policies

GR uses department-based RLS:
  • Policy access based on assignments
  • Risk visibility by department/role
  • Audit access for audit team members
Helper Functions:
  • gr_user_can_view_policy() - Policy access check
  • gr_user_can_manage_risk() - Risk management access
  • gr_user_is_audit_team_member() - Audit access check

Cross-Module Integration

GR → HR Integration: 
gr_training_completions → hr_employee_credentials
gr_policy_acknowledgments → hr_employees
GR → FA Integration: 
gr_contracts → fa_vendors (vendor contracts)
gr_contracts → fa_purchase_orders (contract-based POs)

See Also