Which component is NOT typically included in Operational Risk Management (ORM)?

Operational Risk Management (ORM) primarily focuses on identifying, assessing, and mitigating risks that arise from the internal processes, people, systems, or external events that can affect an organization’s operations. The key components of ORM typically include risk assessment, risk identification, and risk mitigation. Each of these components plays a critical role in developing a comprehensive risk management strategy tailored to an organization's needs.

Risk assessment involves evaluating the potential impact of identified risks and determining their likelihood. Risk identification is the systematic process of recognizing potential risks that could impede the organization's objectives. Risk mitigation encompasses strategies and measures put in place to reduce the likelihood or impact of these risks.

Market analysis, on the other hand, is more aligned with analyzing external market conditions and economic factors that can influence business environment and performance, but it does not pertain directly to operational risks at the level required in ORM. While market conditions can affect operational strategies, they are not a core component of operational risk management focused on internal processes and risks. Thus, it stands out as a component that is not typically included in ORM procedures.