Select language:

Procedure documentationMonitoring and Reviewing Risk


After a risk assessment is completed, you can continue to monitor and review the identified risk at your organization to verify that risk data remains valid, and that risk treatment is effective. While your organization must initiate and perform most monitoring and reviewing activities outside of the application, the results of these activities can be reflected in the system. This means, you can review risk assessment data and reassess risk based on the results of your monitoring activities. For example, if you monitor changes to internal or external objectives or regulations, you can update the corresponding information in the application and use this information to reanalyze all affected risks. You can also use the application data to provide input for your monitoring activities. Regular reviews of the available risk information and evaluations of the effectiveness of controls can help you identify trends and improve your risk treatment over time.

In the risk assessment application, you can do the following to support your monitoring and reviewing activities:

  • Create a follow-up risk assessment

    You can create follow-up assessments to reassess risks that have been identified in a previous risk assessment. You can also reevaluate the effectiveness of controls per risk and define additional controls based on your assessment results.

  • Evaluate the effectiveness of controls

    You can evaluate the effectiveness of controls that have been implemented to reduce risk at a specific location.

  • Identify risks affected by OEL revisions

    If there are changes to occupational exposure limits (OEL), you can identify which existing risks may be affected by the revisions. The system displays the possible effects of the revisions on previous risk analysis results.

  • Display different versions of risk assessments, risks, and control effectiveness

    If different versions exist for a risk assessment or a risk, you can access these versions from the risk assessment application. You can also display an effectiveness history for controls.

  • Display change documents

    You can display change documents for risk assessments, risks, and tasks.


  • If you want to create a follow-up assessment, the following prerequisites must be met:

    • The status of the previous risk assessment is not Void.

    • All nonrecurring actions have been completed for the current risk assessment.

  • If you want to evaluate the effectiveness of controls, the prerequisites for control effectiveness evaluations must be met. For more information, see Evaluating Controls.


Creating a Follow-up Risk Assessment
  1. Open a risk assessment and choose the Create Follow-Up Assessment pushbutton

    The system sets the status of the risk assessment to Closed and creates a new revision of each risk that is assigned to the risk assessment. The information from the previous risk assessment is copied to the new assessment according to the settings defined in the Business Add-In (BAdI) Data Transfer to Follow-Up Assessment (BADI_EHHSS_COPY_ASSESSMENT).

  2. Check the identified risks. If a risk no longer exists in your organization, you can remove it from the risk assessment.

  3. Reanalyze and reevaluate each risk by using the available assessment steps and analysis methods.

  4. Check the available control information and adapt it as required. You can manually enter an effectiveness or use automatic control evaluation according to your system settings.

  5. If necessary, specify additional controls to improve risk treatment.

Evaluating the Effectiveness of Existing Controls

If you want to evaluate the effectiveness of specific controls without creating a follow-up assessment, you can directly search for the controls and send an evaluation request to the responsible person. If you accept the evaluation results, the system automatically changes the effectiveness of the relevant controls. The evaluation of controls involved in an incident can also be triggered by an incident investigation. For more information, see Evaluating Controls.

Identifying Risks Affected by OEL Revisions
  1. On the Agents and OELs menu, choose the service Identify Risks Affected by OEL Revisions.

  2. Search for the agent whose OELs have been revised.

    The system displays all risks with exposure ratings that were calculated using the old OEL values. The system also displays possible new exposure ratings based on the new OEL values.

  3. If necessary, reanalyze and reevaluate affected risks by using the available assessment steps and analysis methods.

Displaying Different Versions of Risk Assessments, Risks, and Control Effectiveness
  1. Open a risk assessment.

  2. To access the previous or follow-up version of a risk assessment, select the relevant entry from the You can also link.

  3. To display the revisions of a risk, select the risk and choose the Revisions pushbutton. You can directly navigate to the related risk assessments from the revision overview.

  4. To display the version history of control effectiveness values, select the control for a specific risk and choose the Edit Effectiveness/View History pushbutton

Displaying Change Documents

To display the change documents for a risk assessment, risk, or task, open the risk assessment and select the relevant entry from the You can also link.

More Information

For more information about evaluating the effectiveness of controls, see Evaluating Controls.

For more information about change documents, see Creation of Change Documents.

Was this page helpful to you?

Related Content

The following content is not part of SAP product documentation. For more information, see the following disclaimer Information published on SAP site .