Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Should risk management use the bottom-up approach or the top-down approach to manage risk exposures?

These two approaches are used in management but it is useful for risk managers to specify which one will lead to a better result, but its a debate.

user-image
Question ajoutée par Lamin Bah , Risk Analyst , Central Bank of The Gambia
Date de publication: 2013/08/07
Utilisateur supprimé
par Utilisateur supprimé

This is a very interesting question. On one hand, bottom-up approach could completely consume all resources and take all your time, on the other hand it it would represent the clearest the most precise picture of the risk and could be completely quantified. 

Bottom-up approach is used rarely these days if ever. But it may have its valid place some place where a tight control over spending is needed, like in government organizations. It is feasible if the discipline in the organization is high and it is possible to systematically collect risk data from the lowest levels of the organization.

On the other hand, for-profit organizations cannot afford to spend that much time and resources to conduct bottom-up risk assessment. So they have to manage risk specific to the business objectives and possible threats to their achievement.

Sometimes it is possible to combine the two approaches. Risk Assessment starts from the top accoding to the business objectives; and when the risk awareness among the personnel riches mature level, then it is possible to rely on self assessments conducted bottom-up to perform continuous risk monitoring after a year or two.

At any rate, a good judgment is needed when selecting initial and subsequent methods, especially if the risk management budget is tight, business objectives are agressive and risk appetite is high.

 

 

Utilisateur supprimé
par Utilisateur supprimé

1. Which one to use is not something that can get answered through a survey or on a debate. This is so because, risk management is always set on a scope. That scope can be the vision of a company or the objectives of a project or the goals of a service operation (This is not an exhaustive list).

 

2. The management culture also plays an important role in determining which risk management would be successful.

 

3. Bottom up approach is successful where high service orientation exists. For example, public services. Anything affecting the normal person utilizing the service can be taken up as a risk or threat towards the governing team.

Utilisateur supprimé
par Utilisateur supprimé

It is should use bottom up approach because a organisation need to identify risk in following level:

Level1: Process Level

Level2: Project/Department Level

Level3: Vertical/Functional Level

Level4: Business Unit Level

Level5: Organisation Level

All risk cannot be treated only top10 or15 risk can be treated at a time. Treatment of most risk need financial approval from top management.

More Questions Like This