Roles & Permissions
LOQI uses role-based access control to determine what each user can see and do. Roles are hierarchical — higher roles inherit all permissions from lower roles.
Role hierarchy
| Role | Level | Description |
|---|---|---|
| Staff | 1 | Entry-level auditor. Can execute tests, document findings, use the AI assistant. |
| Senior Auditor | 2 | Experienced auditor. Can assign procedures, score risks, mentor staff. |
| Supervisor | 3 | Oversight role. Can approve audit programs, review workpapers, manage prompts. |
| Manager | 4 | Management. Can finalize reports, delete engagements, access organization settings. |
| CAE | 5 | Chief Audit Executive. Full access — archive engagements, organization-wide oversight. |
Permission matrix
| Capability | Staff | Senior | Supervisor | Manager | CAE |
|---|---|---|---|---|---|
| Create engagements | Yes | Yes | Yes | Yes | Yes |
| Execute testing | Yes | Yes | Yes | Yes | Yes |
| Document findings | Yes | Yes | Yes | Yes | Yes |
| Assign procedures | — | Yes | Yes | Yes | Yes |
| Score risks | — | Yes | Yes | Yes | Yes |
| Approve audit programs | — | — | Yes | Yes | Yes |
| Edit approved programs | — | — | Yes | Yes | Yes |
| Manage AI prompts | — | — | Yes | Yes | Yes |
| Finalize reports | — | — | — | Yes | Yes |
| Delete engagements | — | — | — | Yes | Yes |
| Archive engagements | — | — | — | — | Yes |
| Organization settings | — | — | — | Yes | Yes |
| View audit log | — | — | — | Yes | Yes |
Stakeholder role
The Stakeholder role is for non-audit users (management, board members) who need read-only access to finalized reports and dashboards. Stakeholders cannot access audit-specific features.
Changing roles
Roles are managed by users with Manager or CAE permissions:
- Go to Settings → Organization
- Find the user in the member list
- Change their role from the dropdown
- Changes take effect immediately
Role changes are recorded in the Audit Log.