What It Does
The platform automates the risk assessment workflow from data intake to final report generation:Data Intake
Analysts can collect business information through three modes:
- Upload: Extract data from business plan PDFs or DOCX files
- Guided Interview: Step-by-step questionnaire for structured data collection
- Manual Entry: Direct input of financial and operational data
Gap Detection
AI-powered validation identifies missing or incomplete data fields across all risk categories, ensuring data completeness before analysis.
Risk Analysis
The system scores the business across 7 risk categories with 35 total indicators (5 subcategories per category), each rated as High, Medium, or Low.
Risk Assessment Model
Every assessment evaluates businesses across 7 risk categories, each containing 5 subcategories for a total of 35 risk indicators:Financial Risk
Revenue stability, cost management, credit access, liquidity, capital structure
Climate-Environmental Risk
Weather exposure, climate adaptation, water access, biodiversity impact, carbon footprint
Behavioral Risk
Management competence, governance practices, compliance, innovation capacity, stakeholder relations
Operational Risk
Supply chain resilience, production capacity, technology adoption, HR management, quality control
Market Risk
Demand volatility, competitive pressure, pricing power, distribution channels, regulatory environment
Governance & Legal Risk
Legal structure, contract management, intellectual property, regulatory compliance, financial reporting
Technology & Data Risk
IT infrastructure, data management, cybersecurity, digital tools adoption, analytics capabilities
Each indicator uses a traffic light scoring system: High (Red), Medium (Yellow), Low (Green). The overall risk score is calculated as a weighted average across all 35 indicators.
Who It’s For
Analysts
Analysts are the primary users who create and manage risk assessments. Key capabilities:- Create new assessments and select intake mode
- Upload business documents (PDF/DOCX) for automated parsing
- Review and correct data gaps identified by the system
- View risk scorecards with subcategory breakdowns
- Edit AI-generated recommendations for clarity and context
- Generate and download PDF reports
- Search and filter assessments on the dashboard
Administrators
Administrators have full system access with additional management privileges:- All analyst capabilities
- User management (create, edit, disable accounts)
- Prompt management for AI agents (parser, gap detector, risk analyzer, report generator)
- Version control and change tracking for prompts
- System configuration and monitoring
User roles are managed through AWS Cognito user groups. Users in the
admin group have administrator privileges.Key Features
Multi-Agent AI Pipeline
The platform uses AWS Bedrock with Claude 3.5 Sonnet v2 across four specialized agents:- Parser Agent: Extracts structured data from unstructured business documents
- Gap Detector Agent: Validates completeness across all 35 risk indicators
- Risk Analysis Agent: Scores each indicator and generates evidence-based narratives
- Report Generator Agent: Creates formatted PDF reports with recommendations
Asynchronous Job Processing
Long-running AI operations use a fire-and-forget pattern:- API creates a Job record with status
PENDING - Worker Lambda processes the job asynchronously
- Frontend polls job status until
COMPLETEDorFAILED
API Endpoints for Job Polling
API Endpoints for Job Polling
Real-Time Collaboration
- Assessment Comments: Add notes and observations to assessments
- Prompt Comments: Threaded discussions on AI prompt improvements (admin only)
- Change History: Track all modifications to prompts with version snapshots
Data Security
Authentication
AWS Cognito with email-based authentication, password policies, and forgot-password flows
Authorization
Role-based access control with JWT tokens, session management, and auto-refresh
Data Encryption
RDS PostgreSQL with encryption at rest, Secrets Manager for credentials
File Storage
S3 with pre-signed URLs for secure upload/download, private bucket with VPC endpoints
Technology Stack
Frontend
- Next.js 15 with App Router and static export for S3 hosting
- React 19 with TypeScript
- Tailwind CSS v4 for styling
- shadcn/ui component library
- React Query for server state management
- React Hook Form for form validation
Backend
- NestJS 10 REST API with TypeScript
- Prisma ORM with PostgreSQL
- AWS SDK for Bedrock, S3, Lambda, Cognito
- AWS Lambda on ARM64 architecture (Node.js 20)
- API Gateway HTTP API with 30-second timeout
Infrastructure
- AWS CloudFormation / CDK for infrastructure as code
- RDS PostgreSQL 15 in private VPC
- CloudFront CDN for web hosting
- Cognito User Pool for authentication
- Bedrock for AI model orchestration
Getting Help
For technical support or questions:- Repository: Internal CGIAR repository
- License: Proprietary - CGIAR / Alliance of Bioversity International and CIAT
- Support: Contact your system administrator for access issues or bug reports