Which of the following is NOT one of the five steps of ORM?

The five steps of Operational Risk Management (ORM) are designed to help identify, assess, and control risks associated with operations. The correct choice is based on the understanding that "Evaluate costs" is not specifically one of these steps. The key steps in ORM include identifying potential hazards, assessing risks, implementing controls to mitigate those risks, and supervising or monitoring the effectiveness of those controls.

Identifying hazards is the first step, where potential risks and hazards are recognized within the operational context. Implementing controls involves putting measures in place to reduce or eliminate those risks. Supervising is crucial in the ORM process as it ensures that the controls are being followed and are effective over time.

While evaluating costs can be an important consideration in risk management decisions, it does not constitute a standalone step in the ORM framework. Rather, it may occur as part of the broader analysis when assessing the feasibility or effectiveness of different risk control measures, but it does not align with the structured steps of ORM.