Skip to main content

Overview

Client Admins are enterprise-level administrators who manage all aspects of their organization’s Risk Legion instance. They have full access within their enterprise, including user management, configuration, and BRA approval.

Key Responsibilities

ResponsibilityDescription
User ManagementCreate and manage Assessors and Reviewers
Organization SetupConfigure Legal Entities and Business Units
Risk LibraryManage Products, Scenarios, Controls, Triggers
Risk AppetiteDefine and update risk appetite thresholds
BRA ApprovalReview and approve submitted BRAs
Audit ReviewAccess and review audit logs

Permissions Matrix

FeatureClient AdminAssessorReviewer
View Dashboard
Create BRA
Edit BRA
Approve BRA
Cancel BRA
Manage Risk Library
Configure Risk Appetite
Manage Organization
Manage Users
View Audit Logs
Create Actions
Manage Actions

Client Admin Workflows

User Management

Creating Users

  1. Navigate to Settings → Users
  2. Click Add User
  3. Enter user details:
    • Email address
    • Full name
    • Role (Assessor or Reviewer)
  4. Assign entity access (for Assessors/Reviewers)
  5. Click Create User
New users receive an email invitation to set up their account. They must complete registration before accessing the platform.

Assigning Entity Access

Assessors and Reviewers need entity assignments:
  1. Go to Settings → Users → [User Name]
  2. Click Manage Assignments
  3. Select Legal Entities and/or Business Units
  4. Click Save
Users can only see data for their assigned entities. Client Admins see all entities.

Deactivating Users

  1. Go to Settings → Users
  2. Find the user
  3. Click Deactivate
  4. Confirm the action
Deactivated users:
  • Cannot log in
  • Retain historical assignments
  • Can be reactivated later
  • Historical audit entries preserved

Organization Setup

Legal Entities represent your organizational structure:
  1. Navigate to Governance → Organisation Structure
  2. Click Add Legal Entity
  3. Enter details:
    • Name
    • Legal Name
    • Entity Type (Bank, Insurance, Investment Firm, etc.)
    • Country of Incorporation
    • Registration Number
    • Parent Entity (for subsidiaries)
  4. Click Create
Hierarchy Example: 
ACME Bank Brasil S.A. (Parent)
├── ACME Seguros Ltda. (Insurance Subsidiary)
└── ACME Investimentos DTVM (Investment Subsidiary)

Business Units

Business Units are operational divisions within Legal Entities:
  1. Navigate to Governance → Organisation Structure → Business Units
  2. Click Add Business Unit
  3. Select parent Legal Entity
  4. Enter Business Unit name and description
  5. Click Create

Risk Library Management

Products

Products drive risk scenario relevance:
  1. Go to Governance → Risk Library → Products
  2. Click Add Product
  3. Enter:
    • Product Name
    • Category
    • Description
    • Customer Types
    • Geographic Operations
    • Distribution Channels
    • Transaction Types
  4. Click Create
Link products to Legal Entities/Business Units to determine which risk scenarios appear during BRA creation.

Risk Scenarios

Configure your risk scenario library:
  1. Go to Governance → Risk Library → Risk Scenarios
  2. Click Add Scenario
  3. Enter:
    • Name
    • Category (Credit, Operational, Compliance, etc.)
    • Description
    • Risk Group (optional)
  4. Link to relevant Products
  5. Link suggested Controls
  6. Link Risk Triggers
  7. Click Create

Key Controls and Sub-Controls

Build your control library:
  1. Go to Governance → Risk Library → Key Controls
  2. Click Add Key Control
  3. Enter control details
  4. Add Sub-Controls under the Key Control
  5. Link controls to relevant Risk Scenarios

Risk Appetite Configuration

  1. Navigate to Governance → Risk Appetite
  2. Set enterprise-wide default:
    • Select maximum acceptable risk level
    • Add description/rationale
  3. Optionally add entity-level overrides
  4. Review history of changes
See Risk Appetite Framework for detailed guidance.

BRA Approval

Client Admins approve submitted BRAs:
  1. Navigate to BRAs → Pending Approval
  2. Click on a BRA to review
  3. Review:
    • Risk scenario assessments
    • Control linkages
    • Risk ratings and justifications
    • Mitigation recommendations
  4. Either:
    • Approve - Creates immutable snapshot
    • Request Changes - Returns to Assessor with comments
Approved BRAs become immutable. Ensure thorough review before approval.

Audit Log Review

Access comprehensive audit trails:
  1. Navigate to Settings → Audit Logs
  2. Filter by:
    • User
    • Action Type
    • Entity Type
    • Date Range
  3. Export logs as needed

Dashboard Access

Client Admins see the full enterprise dashboard:

Visible Metrics

  • Total risks across all entities
  • Risks above appetite (enterprise-wide)
  • Control effectiveness summary
  • Overdue actions count
  • Risk heat maps
  • Trend indicators

Filtering

  • Filter by any Legal Entity
  • Filter by any Business Unit
  • Date range filtering
  • All data accessible

Best Practices

  • Review user access quarterly
  • Remove access promptly when roles change
  • Use specific entity assignments
  • Document user responsibilities
  • Mirror legal structure accurately
  • Keep business units aligned with operations
  • Update when organizational changes occur
  • Archive rather than delete
  • Start with core scenarios and controls
  • Expand based on business needs
  • Review annually for relevance
  • Link all relationships properly
  • Review all scenarios thoroughly
  • Verify justifications are adequate
  • Check control linkages make sense
  • Ensure risk appetite is applied correctly

API Access

Client Admins can access all enterprise-level APIs:
API GroupAccess Level
BRAsFull CRUD + Approve/Cancel
GovernanceFull CRUD
Risk LibraryFull CRUD
ControlsFull CRUD
Mitigation ActionsFull CRUD
DashboardFull Read
UsersRead + Create (Assessor/Reviewer)
Audit LogsRead
See API Reference for complete documentation.