You need a machine or several machines running 24/7 modelling the risks that would have been introduced by those who had been claiming to be doing risk management.
To tibs:
Terrific. Thanks.

If some competent engineer/analyst has done a FMECA or FMEA, an FTA, and other safety analyses. AND, these analyses have been peer-reviewed and corrected (if necessary), then I see no need for further modelling.

If the system in question is dynamic (changing part types, changing design, changing configuration), then yes, an ongoing model with a full-time or most-time risk manager may be necessary.

Even if the risk manager is not doing his/her job, a continuing model wouldn’t be necessary. A simple peer review of the existing models and analyses would be all that is necessary.