Skip to main content

What is Risk Legion?

Risk Legion is a modern, cloud-based Business Risk Assessment (BRA) platform designed to help enterprises identify, assess, and manage business risks through a structured control framework.

Quick Start

Get up and running with Risk Legion in minutes

Architecture Overview

Understand the system architecture and design

API Reference

Explore the RESTful API endpoints

Deployment Guide

Deploy Risk Legion to production

Key Features

Comprehensive risk assessment workflow with:
  • Structured risk identification and categorization
  • Impact and likelihood analysis
  • Inherent and residual risk calculations
  • Heat map visualization
  • Multi-stage review and approval process
Enterprise control framework management:
  • Key control library with 80+ pre-built controls
  • Test of Design (ToD) and Test of Effectiveness (ToE) assessment
  • Control effectiveness scoring (Strong, Effective, Moderate, Weak, Failing)
  • Custom control creation and categorization
  • Control-to-risk mapping
Define organizational risk tolerance:
  • Risk category-level appetite configuration
  • Impact and likelihood thresholds
  • Visual risk appetite boundaries
  • Real-time compliance monitoring
Track risk mitigation activities:
  • Action item creation and assignment
  • Progress tracking with status updates
  • Due date management
  • Completion workflow
Super admin dashboard with:
  • Health score calculation (0-100 scale)
  • Health status classification (Healthy/At Risk/Critical)
  • Intelligent alert system (8 alert types)
  • Historical health tracking
  • MRR and subscription tier tracking
Four-tier permission system:
  • Super Admin: Platform-wide management
  • Client Admin: Enterprise management
  • Assessor: Risk assessment creation
  • Reviewer: Assessment review and approval

Technology Stack

Frontend

  • React 18 with TypeScript
  • Vite build tool
  • TanStack Query v5
  • shadcn/ui components
  • Recharts for visualizations

Backend

  • FastAPI (Python)
  • Supabase PostgreSQL
  • Row-Level Security (RLS)
  • JWT authentication
  • Pydantic validation

Infrastructure

  • Supabase (Database + Auth)
  • AWS EC2 (Backend hosting)
  • Vercel (Frontend hosting)
  • Docker support

Core Concepts

Business Risk Assessment (BRA)

A BRA is a structured assessment that identifies and evaluates business risks across multiple categories:
  • Strategic Risks: Market competition, mergers & acquisitions
  • Operational Risks: Business continuity, supply chain
  • Financial Risks: Fraud, cash flow, budget management
  • Compliance Risks: Regulatory compliance, data privacy
  • Technology Risks: Cybersecurity, system availability
  • Reputational Risks: Brand damage, customer trust
Each risk is assessed for:
  • Impact: Severity of consequences (1-5 scale)
  • Likelihood: Probability of occurrence (1-5 scale)
  • Inherent Risk: Risk level without controls
  • Residual Risk: Risk level after control application

Control Effectiveness

Controls are evaluated using two dimensions:
  1. Test of Design (ToD): How well the control is designed
    • Optimized, Defined, Ad-Hoc, Not Documented
  2. Test of Effectiveness (ToE): How well the control operates
    • Always Effective, Usually Effective, Sometimes Effective, Rarely Effective, Not Tested
Combined scoring produces overall effectiveness:
  • Strong (90-100): Optimal design and execution
  • Effective (70-89): Well-designed and mostly effective
  • Moderate (50-69): Adequate but room for improvement
  • Weak (30-49): Significant gaps in design or execution
  • Failing (0-29): Critical deficiencies

User Workflows

Assessor Workflow

  1. Create new BRA
  2. Identify and categorize risks
  3. Assess impact and likelihood
  4. Map controls to risks
  5. Submit for review

Reviewer Workflow

  1. Review submitted BRAs
  2. Validate risk assessments
  3. Request changes if needed
  4. Approve final assessment

Client Admin Workflow

  1. Manage enterprise users
  2. Configure risk appetite
  3. Create custom controls
  4. Monitor action plans
  5. View enterprise dashboards

Super Admin Workflow

  1. Manage all enterprises
  2. Monitor enterprise health
  3. Handle alerts (churn risk, adoption gaps)
  4. Track platform metrics
  5. Manage super admin users

Getting Help

Support

Contact our support team

GitHub Issues

Report bugs and request features

Next Steps

1

Review Architecture

Understand the system architecture and design patterns

2

Set Up Development Environment

Install dependencies and configure your local environment

3

Explore API

Learn about available endpoints and authentication

4

Deploy to Production

Configure production environment and deploy