The GRC: Profiles application is used in the following ways:

Policy and compliance managers use entity types and entities to create a system of internal controls and monitor compliance.
Risk managers use entity types and entities to monitor risk exposure and perform risk assessments.
Audit managers use entity types and entities to scope audit engagements.
Compliance managers, risk managers, and audit managers manage issues to drive remediation more efficiently.
Compliance managers and risk managers monitor compliance effects and risk exposure on entities by setting key compliance and risk indicators.