Which of the following is NOT a step in the ORM process?

The ORM (Operational Risk Management) process typically involves a structured approach to identifying, assessing, and mitigating risks. The steps include identifying hazards, assessing those hazards to understand the level of risk they pose, and implementing appropriate controls to manage these risks effectively.

Allocating resources, while important for effective risk management, is not explicitly categorized as a step in the ORM process. Instead, it is often considered a supportive action that ensures that the necessary tools, personnel, and budget are available to implement the controls that have been identified. The focus of the primary steps is on the identification and management of risks rather than the allocation of resources.

In summary, the steps in ORM primarily include identifying hazards, assessing hazards, and implementing controls to mitigate those hazards, making the concept of resource allocation a secondary but necessary condition for successful implementation rather than a distinct step in the process.