Hybrid Approach to IT Risk Management, Mix of Top-Down and Bottom-Up Strategies

Abstract

Risk management framework and approach was and still is under developed in many firms, with things being kept mostly operational as BAU (Business as usual) in this domain. There is a massive need for maturing the overall Risk management approach, Risk management teams and firms relied and still rely heavily on risk assessments to evaluate their Risk posture. Risk assessments themselves come with baggage and dependencies, to run it like a well-oiled machine takes time, resources, effort and collaboration. This article firstly describes the rationale for the Hybrid approach, building towards this concept and the key pillars needed to support this concept, goes on to detail what the approaches or pillars are and how its drawn out in various firms. In addition, this article sheds some light on positives and shortcomings of both those approaches when conducted individually, however, when both these approaches are combined organically the results are very much in favor of the firm’s overall benefit, while risk assessments gets us granular details and more context its limiting in terms of overall resources and time spend.