What are the four steps commonly used in ORM (risk management)?

In ORM, risk management follows a practical sequence: first identify hazards that could cause harm, then assess the risks those hazards pose by considering likelihood and impact, then develop and implement controls to reduce or eliminate those risks, and finally supervise and review the effectiveness of those controls to ensure they’re actually reducing risk over time. This last step—monitoring and evaluating how well the controls work—keeps the process dynamic and allows improvements as conditions change. This option is the best because it includes all four essential activities in the correct order: identifying hazards, assessing risks, implementing controls, and supervising and reviewing effectiveness. Other choices omit or alter one of these elements—for example, missing hazard identification, emphasizing documentation instead of ongoing effectiveness review, or not focusing on monitoring the actual performance of controls.