You need a machine or several machines running 24/7 modelling the risks that would have been introduced by those who had been claiming to be doing risk management.
If some competent engineer/analyst has done a FMECA or FMEA, an FTA, and other safety analyses. AND, these analyses have been peer-reviewed and corrected (if necessary), then I see no need for further modelling.
If the system in question is dynamic (changing part types, changing design, changing configuration), then yes, an ongoing model with a full-time or most-time risk manager may be necessary.
Even if the risk manager is not doing his/her job, a continuing model wouldn’t be necessary. A simple peer review of the existing models and analyses would be all that is necessary.