Skip to main content

Overview

This guide provides comprehensive sample data for testing Risk Legion end-to-end. All data structures align with the current implementation and can be used for API testing, demonstrations, and development.
For a complete demo scenario using Brazilian banking context, see the DEMO_DATA_INPUT_GUIDE.md in the repository.

Key Data Model Notes

Products are now defined by their attributes only: customer types, geographic operations, distribution channels, and transaction types. The category field has been removed.
Sub-Controls are created in Governance with only name and description. The ToD/ToE effectiveness ratings are assessed separately in Control Assurance. This separates control definition from control assessment.
When a BRA transitions to in_progress, the current risk appetite level is captured as snapshot_appetite_level. This ensures changes to enterprise risk appetite don’t affect assessments already in progress.

Quick Start

1. Create Test Users

Use the provided script to create test users with different roles:

2. Get JWT Tokens

Retrieve JWT tokens for API testing:

Sample Enterprises

Sample Organization Structure

Business Units

Products

Products no longer have a category field. Instead, they are defined by their attributes: customer types, geographic operations, distribution channels, and transaction types.

Valid Enum Values for Products

Sample Risk Library

Risk Scenarios

Risk Scenarios support multiple risk groups and categories (stored as comma-separated values or arrays). Use the valid enum values below.

Valid Enum Values for Risk Scenarios

Key Controls

Sub-Controls

Sub-Controls are created in Governance with only name and description. The ToD/ToE ratings are assessed separately in Control Assurance after the sub-control is created. This separates the control definition from the control assessment workflow.

Step 1: Create Sub-Controls (Governance)

Step 2: Assess Sub-Controls (Control Assurance)

Risk Triggers

Sample Business Risk Assessment

Create BRA

When a BRA transitions from draft to in_progress, the system captures the current risk appetite level as snapshot_appetite_level. This ensures that changes to the enterprise’s risk appetite don’t affect assessments already in progress.

BRA Status Workflow

Add Risk Scenarios to BRA

Create Risk Ratings

Sample Risk Appetite

Risk Appetite is configured at the enterprise level. When a BRA is created and transitions to in_progress, the current appetite level is captured as snapshot_appetite_level on the BRA. This ensures that subsequent changes to the enterprise’s risk appetite don’t affect assessments already in progress.

Risk Appetite Snapshot Behavior

Sample Mitigation Actions

API Testing Examples

Create BRA via API

Add Risk Scenario via API

Create Risk Rating via API

Create Product via API

Update Control Effectiveness via API (Control Assurance)

Create Sub-Control via API (Governance)

Approve BRA via API

Verification Queries

Check Data Counts

Check BRA Status

Check Control Effectiveness

Data Model Reference

ToD Rating Scale

ToE Rating Scale

Risk Matrix

Risk level is determined by the combination of Impact and Likelihood using the following 5×5 matrix:

Risk Level Colors

Next Steps

1

Create Test Users

Use scripts to create users with all roles
2

Seed Enterprise Data

Run SQL scripts to populate organization structure
3

Create Risk Library

Add scenarios, controls, and triggers
4

Create and Complete BRA

Walk through full BRA workflow
5

Test API Endpoints

Verify all endpoints work correctly