No. Access to each menu of possible risks defined and the permissions to make changes should be set by the systems administrator. The administrator will assign roles and determine who in the organisation will have access to which modules.