Overview
This guide provides comprehensive sample data for testing Risk Legion end-to-end. All data structures align with the current implementation and can be used for API testing, demonstrations, and development.For a complete demo scenario using Brazilian banking context, see the DEMO_DATA_INPUT_GUIDE.md in the repository.
Key Data Model Notes
Products no longer have Category field
Products no longer have Category field
Products are now defined by their attributes only: customer types, geographic operations, distribution channels, and transaction types. The category field has been removed.
Sub-Controls: Creation vs Assessment
Sub-Controls: Creation vs Assessment
Sub-Controls are created in Governance with only name and description. The ToD/ToE effectiveness ratings are assessed separately in Control Assurance. This separates control definition from control assessment.
Risk Appetite Snapshot
Risk Appetite Snapshot
When a BRA transitions to
in_progress, the current risk appetite level is captured as snapshot_appetite_level. This ensures changes to enterprise risk appetite don’t affect assessments already in progress.Quick Start
1. Create Test Users
Use the provided script to create test users with different roles:2. Get JWT Tokens
Retrieve JWT tokens for API testing:Sample Enterprises
Sample Organization Structure
Legal Entities
Business Units
Products
Products no longer have a
category field. Instead, they are defined by their attributes: customer types, geographic operations, distribution channels, and transaction types.Valid Enum Values for Products
Sample Risk Library
Risk Scenarios
Risk Scenarios support multiple risk groups and categories (stored as comma-separated values or arrays). Use the valid enum values below.
Valid Enum Values for Risk Scenarios
Key Controls
Sub-Controls
Sub-Controls are created in Governance with only name and description. The ToD/ToE ratings are assessed separately in Control Assurance after the sub-control is created. This separates the control definition from the control assessment workflow.
Step 1: Create Sub-Controls (Governance)
Step 2: Assess Sub-Controls (Control Assurance)
Risk Triggers
Sample Business Risk Assessment
Create BRA
When a BRA transitions from
draft to in_progress, the system captures the current risk appetite level as snapshot_appetite_level. This ensures that changes to the enterprise’s risk appetite don’t affect assessments already in progress.BRA Status Workflow
Add Risk Scenarios to BRA
Create Risk Ratings
Sample Risk Appetite
Risk Appetite is configured at the enterprise level. When a BRA is created and transitions to
in_progress, the current appetite level is captured as snapshot_appetite_level on the BRA. This ensures that subsequent changes to the enterprise’s risk appetite don’t affect assessments already in progress.Risk Appetite Snapshot Behavior
Sample Mitigation Actions
API Testing Examples
Create BRA via API
Add Risk Scenario via API
Create Risk Rating via API
Create Product via API
Update Control Effectiveness via API (Control Assurance)
Create Sub-Control via API (Governance)
Approve BRA via API
Verification Queries
Check Data Counts
Check BRA Status
Check Control Effectiveness
Data Model Reference
ToD Rating Scale
ToE Rating Scale
Risk Matrix
Risk level is determined by the combination of Impact and Likelihood using the following 5×5 matrix:Risk Level Colors
Next Steps
1
Create Test Users
Use scripts to create users with all roles
2
Seed Enterprise Data
Run SQL scripts to populate organization structure
3
Create Risk Library
Add scenarios, controls, and triggers
4
Create and Complete BRA
Walk through full BRA workflow
5
Test API Endpoints
Verify all endpoints work correctly