The greatest challenge in identifying and managing enterprise risk is understanding the actual business access that the technical entitlements granted to users enable. The IGA system must bridge the divide between the technical “system” world and the business “process” world by providing a common language or “Intelligibility Layer” that connects both. EmpowerID uncovers the real-world impact of technical entitlements with a concept known as Functions. Functions are the business user recognizable terms for the activities performed by users with the access they are granted. Traditional examples of Functions which would represent a risk are “Create Purchase Order” and “Approve Purchase Order”. Functions define the system-specific permissions or roles that grant someone the ability to perform these type of business actions. EmpowerID ships with a large library of Function definitions for common systems. Process owners and application owners may also use the Function mapping tools in EmpowerID to define which application permissions or roles equate to which Functions. Risk policies then use Functions as building blocks to uncover who has access to perform which Functions and which users are in violation of risk policies.