Entity Scoping Flashcards

1
Q

What are Entity Types?

A

Dynamic categories, used to scope an organization, containing one or more entities. They are associated to policies, control objectives, risk frameworks, and risk statements.

Entity types dynamically create new entities, which automatically inherit necessary controls and risks.

Entities can belong to more than one Entity type

Example: Aglow Travel Co. operates in multiple locations at their eight global travel branches. The Los Angeles travel branch entity is mapped to two entity types, All travel branches and Americas travel branches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an Entity Class?

A

Top-level organizational structure used to tag entities across different entity types.

Entity classes allow GRC managers another way to organize entities for aggregation. They are frequently created based on organizational structure. Entity classes are not related to entity types; they are only related to entities.

For example, business service entities, business applications entities, department/business unit entities, project entities, and the like. Entity classes are used to tag entities across different entity types. Reports can be filtered to show relationships between the different entity classes.

An entity can belong to many entity types, but it can have only one entity class. One entity type can have entities that belong to different entity classes.

Entity classes can roll up to each other, leading to the development of the Dependency Model.

Although entity class assignment is optional, it is highly recommended and required when using advanced risk assessments or regulatory change management, which will be discussed in a later modules.

An entity class can belong to one tier, and the tier value applies to all the entities in that class.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an Entity tier?

A

Entity tiers are a way for an organization to logically group entity classes and then filter reports by those groupings. They are used for building entity hierarchy between various entity classes. For example, the database and server entity classes can be grouped together under the IT Asset entity tier.

An entity class can belong to one tier, and the tier value applies to all the entities in that class.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an Entity?

A

Assets, objects, departments, etc. that should be monitored for risk and compliance.

Entity scoping is when an organization defines what people, places, objects or things, such as processes, vendors, departments, should be monitored for compliance and included in risk management. Then, these entities are mapped to a set of controls, maintained in the control objectives table, and to a set of risks, maintained in the risk statement table. A mature entity framework helps an organization create an integrated risk management program with automatic workflows and informed, data driven decision-making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Aglow Travel Co. wants to generate controls to ensure each of its travel branches complete required training for site cleaning and sanitization. How can they do this most efficiently?

A

Associate the entity type with the control objective. Entities can be individually related to a control objective. However, when an entity type is created and associated to a control objective, controls are created for all entities defined within that entity type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or false: New entities can be automatically generated and necessary controls and risks will be created.

A

This is true. Since entities are generated for an entity type from a defined entity filter, new entities are created when records meet the entity filter criteria. The reverse is true too. If a record no longer meets an entity filter condition, it is deactivated, and associated risks and controls retire.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly