

The Operational Risk Assessment is the framework that guides both specific risk assessment projects and the general risk assessment process in the Environment, Health, and Safety system.
You can use Operational Risk Assessment to identify sources of risk, areas of impact, events as well as their causes and potential consequences, that could exist and impact your organization and its objectives.
You can also perform the subsequent steps of analyzing, evaluating, treating, and monitoring those specific risks.
*Occupational health is delivered as Repeatable Customer Solution (RCS) and it is licensed separately.
**Audit Management is complimentary with S/4HANA Enterprise.


Operational Risk Assessment has to objective to enable an end-to-end process for identifying and dealing with all manner of hazards and risks to the well-being of the workforce.
The solution provides the following capabilities:
- Comprehensive environment, health, and safety risk assessments (including Job Hazard Analysis)
- Easy identification of risk "areas" or "trends" and control failures
- Triggering follow-up actions and tracking them to completion
- Multiple risk analysis methods (for example, risk matrix, job hazard analysis, exposure analysis, document bases analysis)
- Ad-hoc analytical reports and dashboard views
- Validation between hazards, impact, and controls
- Workplace sampling features using sampling campaigns and built in occupational exposure limits.
Customers can benefit from the following:
- Standardized, cost-effective approach to managing operational risks
- Monitor workplace exposures and minimize related health impacts
- Increased visibility and automation of tasks and corrective actions
- Valuable process integration between EHS and other SAP applications

The risk assessment process starts with the identification of the risk. Since risks can be analyzed and evaluated only in a risk assessment project, the identified risks have to be assigned to a project where they can be further assessed.
In the first step of the risk assessment process, you identify the hazards or risks.
After you have identified a risk, you assign it to a risk assessment project.
You can then use various risk analysis methods within the risk assessment project to perform the risk analysis and evaluation for the identified risks.
After determining the need for risk treatment during risk evaluation, you can choose one or more relevant options for treating a risk. The goal of risk treatment is to mitigate risk and prevent an unacceptable risk from causing harmful impacts.
After the actions and controls for treating a risk have been implemented, the remaining level of risk should be acceptable to your organization.
After risk mitigation, you can specify controls, manage tasks, and analyze the residual risk after risk mitigation.
After a risk assessment project is completed, you can continue to monitor and review the identified risk at your organization to verify that risk data remains valid, and that risk treatment is effective.


To support a mobile use case of identifying relevant hazards, the application comes with an app for Risk Identification, which was designed to also work on mobile devices.
Users are able to use the app during safety rounding and workplace inspections. The user experience is specifically designed towards the needs of field workers.
Therefore, the app allows to streamline the process for identifying risks in the workplace and triggering risk assessments and control determination.
The SAP Fiori application is device agnostic and therefore will run on any device within a internet browser.
Furthermore, this app also allows you to assign a risk to a Risk Assessment Project directly (green-framed area).
The app was primarily designed to identify existing risks, but it can also be used to do a quick first assessment of these risks by defining an initial risk level and by recording the existing and even some planned controls for that risk already.


Either at the workplace or back in the office the supervisor will logically group the risks by assigning them to risk assessment projects.
You can also assign individual risks already during their identification with the Identify Risks app to a certain risk assessment project.

The context of the risk assessment is set within the Basic Information tab of the risk assessment:
- Title and remarks
- Location and Job details
- Link to regulations
- Assessment team
- Assessment reasons link to other objects - for example, incident, audit finding or change request
Risk Analysis and Evaluation


The evaluation of the individual risks is done on the tab page, Risk Matrix, within the assessment step, Determine Initial / Residual Risk:
- Likelihood of the risk
- Severity of the risk
- Exposure Frequency (optional)
- Risk value
- Risk Evaluation
Different Analysis Methods can be configured, for example:
- Risk Matrix
- Exposure Analysis-> compare measured amounts with official Occupational Exposure Limits (OEL)
- Office Document (Word)
- Office Document (Excel)

Quantitative Exposure Assessment
The system allows to perform Statistical Analysis on the displayed (or just the selected) set of exposure data.
This feature brings this set of data into a spreadsheet where the data is analyzed in order to support the Hygienist in their assessment decision regarding Exposure Rating and Confidence Level.


Risk mitigation controls are defined for risk treatment to prevent unacceptable risk from causing adverse consequences.
Existing controls are assigned during the Risk Identification to a risk. Within the assessment steps new controls can be defined based on a predefined control catalog.
The task management in Environment, Health, and Safety is leveraged for the implementation and tracking of the individual controls.


Continuous monitoring of the controls should be conducted to ensure that the risk assessment information stays up to date. This includes planning of the control inspections and the assignment of competent and available resources. Questions can be defined per control to be answered during the control inspections. The control effectiveness can be calculated automatically based on the inspection responses and can be imported into the applicable risk assessment.


Through the Manage Controls app, the user is able to track all controls within his responsibility. This allows, for example, the monitoring of status and effectiveness of controls.

The Risk Assessment Summary Report provides an overview of the risk assessment including the individual hazards, agents, assessments, controls as well as proposed health surveillance protocols. It is created and stored as an attachment to the risk assessment project.

The Risk Overview app is designed to get a quick overview of all risks in my area of responsibility. Users can group the risks by different dimensions and select one or multiple segments in which they are interested. Further functionalities like export to Spreadsheet or chart view / tabular view are available.
You can drill down further into the selected risks in the Monitor Risks application.
The Risk Explorer app represents a tool for a detailed analysis of risk data across my area of responsible and even across the whole company. Risk data can be filtered by location, hazard category, hazard, agent and many more.

The Chemical Risks app is an example of how real-time ad-hoc analytics is done in SAP S/4HANA. Analysis is done by defining analysis steps. Each step represents a data filter and has its own result representation.
The Chemical Risks app is a very powerful tool which allows to freely look at all available chemical related risk data from various angles. It allows to answer questions like the following:
- "Where in my business unit do we have flammable chemicals and what are their associated risks?"
- "Where do we use chemicals that contain formaldehyde and how are they used?"
- "Which toxic chemicals do we have in use and which jobs are affected?"
- … and many more

The risk management solution contains functional components in four separate areas. To support the hazard identification process, the solution provides the possibility of assigning locations. The operational status enables you to relate the identified risk to a specific operational status of the location. The hazard and control register provides an inventory for hazards, their impacts, and controls. Furthermore, you can manage physical agents and hazardous chemical as well as impacts and available controls.
In terms of risk analysis, the solution provides different analysis methods to analyze inherent, initial and residual risks and to evaluate workplace sampling data. There are statistic analytics available for sampling data for job hazards. The risk dashboard provides you an overview about different risk related data.
In order to evaluate risks, the solution supports you with risk matrix, embedded office checklists and Word documents and exposure assessment.
The risk matrix calculates the risk level by combining several risk factors. You can use exposure assessment to assess exposures to various agents at a location by comparing analytical results of workplace sampling data against predefined limits, such as the relevant occupational exposure limit (OEL) for the agent or its components.
When analyzing this data, you can assess and rate an exposure for the risk that you take into consideration when determining the risk level, evaluating risk, and determining the appropriate treatment of a risk.
To mitigate and treat risks, the solution supports you with a control catalog, you can manage existing and new controls and you can inspect controls. Furthermore, the task management supports processing of workflows and the solution provides recommendations for Health Surveillance Protocols.
