> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Governance & Risk Database Tables

> The GR module provides comprehensive governance, risk management, and compliance capabilities including policy management, risk assessment, compliance tracking…

**Prefix:** `gr_`\
**Table Count:** 49\
**Last Updated:** 2026-01-10

***

## Overview

The GR module provides comprehensive governance, risk management, and compliance capabilities including policy management, risk assessment, compliance tracking, contract management, audits, accreditation, training, and quality improvement.

***

## Table Categories

### 1. Policy Management (5 tables)

| Table                        | Columns | Description              |
| ---------------------------- | ------- | ------------------------ |
| `gr_policies`                | 28      | Policy definitions       |
| `gr_policy_versions`         | 16      | Version history          |
| `gr_policy_acknowledgments`  | 12      | Employee acknowledgments |
| `gr_policy_assignments`      | 10      | Policy distribution      |
| `gr_policy_regulatory_links` | 8       | Regulatory mappings      |

**Policy Lifecycle:**

```
draft → review → approved → published → archived
                    ↓
              acknowledgments required
```

**Policy Fields:**

* `title`, `description`, `content`
* `category`, `department_id`
* `effective_date`, `review_date`, `expiration_date`
* `owner_id`, `approver_id`
* `requires_acknowledgment`

### 2. Risk Management (4 tables)

| Table                 | Columns | Description        |
| --------------------- | ------- | ------------------ |
| `gr_risks`            | 30      | Risk register      |
| `gr_risk_assessments` | 22      | Risk evaluations   |
| `gr_risk_mitigations` | 18      | Mitigation plans   |
| `gr_risk_links`       | 8       | Risk relationships |

**Risk Matrix:**

```
           Impact
           Low  Med  High  Critical
Likelihood ┌────┬────┬────┬────────┐
  Rare     │ 1  │ 2  │ 3  │   4    │
  Unlikely │ 2  │ 4  │ 6  │   8    │
  Possible │ 3  │ 6  │ 9  │  12    │
  Likely   │ 4  │ 8  │ 12 │  16    │
  Almost   │ 5  │ 10 │ 15 │  20    │
           └────┴────┴────┴────────┘
```

**Risk Categories:**

* `strategic` - Strategic risks
* `operational` - Operational risks
* `financial` - Financial risks
* `compliance` - Compliance risks
* `reputational` - Reputational risks
* `technology` - Technology/cyber risks

### 3. Compliance Management (4 tables)

| Table                       | Columns | Description            |
| --------------------------- | ------- | ---------------------- |
| `gr_compliance_checks`      | 20      | Compliance assessments |
| `gr_compliance_evidence`    | 14      | Evidence attachments   |
| `gr_compliance_submissions` | 16      | Regulatory submissions |
| `gr_compliance_remediation` | 18      | Remediation tracking   |

**Compliance Status:**

* `compliant` - Meets requirements
* `non_compliant` - Does not meet requirements
* `partial` - Partially compliant
* `not_applicable` - N/A for organization
* `under_review` - Assessment in progress

### 4. Regulatory Framework (2 tables)

| Table                        | Columns | Description         |
| ---------------------------- | ------- | ------------------- |
| `gr_regulatory_bodies`       | 16      | Regulatory agencies |
| `gr_regulatory_requirements` | 22      | Requirement catalog |

**Common Regulatory Bodies:**

* HIPAA (Healthcare)
* OSHA (Workplace Safety)
* State Licensing Boards
* CARF/Joint Commission (Accreditation)
* CMS (Medicare/Medicaid)

### 5. Contract Management (6 tables)

| Table                     | Columns | Description           |
| ------------------------- | ------- | --------------------- |
| `gr_contracts`            | 32      | Contract records      |
| `gr_contract_types`       | 12      | Contract type catalog |
| `gr_contract_amendments`  | 16      | Amendment tracking    |
| `gr_contract_obligations` | 18      | Obligation tracking   |
| `gr_contract_milestones`  | 14      | Milestone tracking    |
| `gr_contract_alerts`      | 14      | Renewal/expiry alerts |

**Contract Status:**

* `draft` → `negotiation` → `pending_approval` → `active`
* `expired`, `terminated`, `renewed`

**Contract Types:**

* Vendor/Supplier Agreements
* Client Service Agreements
* Employment Contracts
* Lease Agreements
* Insurance Policies
* Grant Agreements

### 6. Audit Management (6 tables)

| Table                         | Columns | Description          |
| ----------------------------- | ------- | -------------------- |
| `gr_audits`                   | 26      | Audit records        |
| `gr_audit_checklists`         | 16      | Audit checklists     |
| `gr_audit_findings`           | 20      | Finding records      |
| `gr_audit_evidence`           | 14      | Evidence attachments |
| `gr_audit_corrective_actions` | 18      | CAP tracking         |
| `gr_audit_team_assignments`   | 10      | Auditor assignments  |

**Audit Types:**

* `internal` - Internal audit
* `external` - External audit
* `regulatory` - Regulatory inspection
* `accreditation` - Accreditation survey
* `financial` - Financial audit

**Finding Severity:**

* `observation` - Minor observation
* `minor` - Minor finding
* `major` - Major finding
* `critical` - Critical finding

### 7. Accreditation (6 tables)

| Table                               | Columns | Description           |
| ----------------------------------- | ------- | --------------------- |
| `gr_accreditations`                 | 24      | Accreditation records |
| `gr_accreditation_standards`        | 18      | Standard requirements |
| `gr_accreditation_evidence`         | 14      | Evidence tracking     |
| `gr_accreditation_surveys`          | 20      | Survey tracking       |
| `gr_accreditation_audit_links`      | 8       | Audit linkages        |
| `gr_accreditation_compliance_links` | 8       | Compliance linkages   |

**Common Accreditations:**

* CARF (Commission on Accreditation of Rehabilitation Facilities)
* Joint Commission
* NCQA (National Committee for Quality Assurance)
* State Certification Programs

### 8. Training Management (5 tables)

| Table                      | Columns | Description        |
| -------------------------- | ------- | ------------------ |
| `gr_training_courses`      | 22      | Course definitions |
| `gr_training_enrollments`  | 14      | Enrollment records |
| `gr_training_completions`  | 16      | Completion records |
| `gr_training_policy_links` | 8       | Policy linkages    |
| `gr_ceu_credits`           | 14      | CEU tracking       |

**Training Types:**

* `required` - Mandatory compliance training
* `role_based` - Role-specific training
* `optional` - Professional development
* `remedial` - Corrective training

### 9. Quality Improvement (6 tables)

| Table                       | Columns | Description         |
| --------------------------- | ------- | ------------------- |
| `gr_qi_projects`            | 24      | QI project records  |
| `gr_qi_project_templates`   | 16      | Project templates   |
| `gr_qi_metrics`             | 18      | Quality metrics     |
| `gr_qi_metric_measurements` | 14      | Measurement data    |
| `gr_qi_improvements`        | 16      | Improvement actions |
| `gr_qi_pdsa_cycles`         | 18      | PDSA cycle tracking |

**PDSA Cycle:**

```
Plan → Do → Study → Act → (repeat)
```

### 10. AI Assistance (4 tables)

| Table                          | Columns | Description          |
| ------------------------------ | ------- | -------------------- |
| `gr_ai_audit_prep`             | 16      | AI audit preparation |
| `gr_ai_compliance_suggestions` | 14      | AI compliance help   |
| `gr_ai_gap_analyses`           | 16      | AI gap analysis      |
| `gr_ai_risk_assessments`       | 16      | AI risk analysis     |

### 11. Module Settings (1 table)

| Table                | Columns | Description      |
| -------------------- | ------- | ---------------- |
| `gr_module_settings` | 37      | GR configuration |

**Key Settings:**

| Setting                        | Type       | Default     |
| ------------------------------ | ---------- | ----------- |
| `policy_review_interval_days`  | integer    | 365         |
| `contract_alert_days`          | integer\[] | \[30,60,90] |
| `training_grace_period_days`   | integer    | 14          |
| `risk_assessment_frequency`    | text       | 'quarterly' |
| `audit_response_deadline_days` | integer    | 30          |

***

## Common Query Patterns

### Get Risk Register

```typescript theme={null}
const { data } = await supabase
  .from('gr_risks')
  .select(`
    *,
    assessments:gr_risk_assessments(
      likelihood,
      impact,
      risk_score,
      assessed_at
    ),
    mitigations:gr_risk_mitigations(
      title,
      status,
      due_date
    )
  `)
  .eq('organization_id', orgId)
  .eq('status', 'active')
  .order('risk_score', { ascending: false });
```

### Get Policies Requiring Acknowledgment

```typescript theme={null}
const { data } = await supabase
  .from('gr_policies')
  .select(`
    *,
    acknowledged:gr_policy_acknowledgments(
      acknowledged_at
    )
  `)
  .eq('status', 'published')
  .eq('requires_acknowledgment', true)
  .is('acknowledged.user_id', userId);
```

### Get Upcoming Contract Renewals

```typescript theme={null}
const { data } = await supabase
  .from('gr_contracts')
  .select(`
    *,
    type:gr_contract_types(name),
    alerts:gr_contract_alerts(alert_type, alert_date)
  `)
  .eq('organization_id', orgId)
  .eq('status', 'active')
  .lte('end_date', addDays(new Date(), 90));
```

### Get Audit Findings Summary

```typescript theme={null}
const { data } = await supabase
  .from('gr_audit_findings')
  .select(`
    severity,
    status,
    audit:gr_audits(title, audit_type)
  `)
  .eq('organization_id', orgId)
  .neq('status', 'closed');
```

### Get Training Compliance

```typescript theme={null}
const { data } = await supabase
  .from('gr_training_courses')
  .select(`
    *,
    completions:gr_training_completions(
      employee_id,
      completed_at,
      expiration_date
    )
  `)
  .eq('organization_id', orgId)
  .eq('is_required', true);
```

***

## RLS Policies

GR uses department-based RLS:

* Policy access based on assignments
* Risk visibility by department/role
* Audit access for audit team members

**Helper Functions:**

* `gr_user_can_view_policy()` - Policy access check
* `gr_user_can_manage_risk()` - Risk management access
* `gr_user_is_audit_team_member()` - Audit access check

***

## Cross-Module Integration

**GR → HR Integration:**

```
gr_training_completions → hr_employee_credentials
gr_policy_acknowledgments → hr_employees
```

**GR → FA Integration:**

```
gr_contracts → fa_vendors (vendor contracts)
gr_contracts → fa_purchase_orders (contract-based POs)
```

***

## See Also

* [GR Module Specs](https://github.com/Encore-OS/encoreos/tree/development/specs/gr)
* [Compliance Tracking Spec](https://github.com/Encore-OS/encoreos/blob/development/specs/gr/specs/GR-03-compliance-tracking.md)
* [Database Schema Overview](/architecture/DATABASE_SCHEMA)
