A top-down approach in the development of IT policies means that the policies are derived from the strategic objectives and goals of the organization, and are aligned with the business needs and expectations. This should result in greater consistency across the organization, as the policies will be coherent, integrated and applicable to all levels and functions of the organization. A bottom-up approach, on the other hand, means that the policies are developed by individual units or departments based on their operational needs and preferences, which may lead to inconsistency, duplication or conflict among different policies. References:
ISACA Frameworks: Blueprints for Success, IT Governance and Process Maturity

Section: The process of Auditing Information System
Explanation:
The keyword INCORRECTLY is used in the question. You need to find out an option which incorrectly describes the traditional approach.
For your exam you should know the information below about control self-assessment and traditional approach:
The traditional approach can be summarized as any approach in which the primary responsibility for analyzing and reporting on internal control and risk is assigned to auditor and to lesser extent, controller department and outside consultants.
Control self-assessment is an assessment of controls made by the staff and management of the unit or units involved. It is a management technique that assures stakeholders, customers and other parties that the internal controls of the organization are reliable.
Benefits of CSA
Early detection of risk
More efficient and improved internal controls
Creation of cohesive teams through employee involvement
Developing a sense of ownership of the controls in the employees and process owners, and reducing their resistance to control improvement initiatives Increased employee awareness of organizational objectives, and knowledge of risk and internal controls Highly motivated employees Improved audit training process Reduction in control cost Assurance provided to stakeholders and customers Traditional and CSA attributes Traditional Historical CSA Assign duties/supervises staff Empowered/accountable employees Policy/rule driven Continuous improvement/learning curve Limited employee participation Extensive employee participation and training Narrow stakeholders focus Broad stakeholders focus Auditors and other specialist Staff at all level, in all functions, are the primary control analysts The following answers are incorrect:
The other options specified are correctly describes about traditional approach.
Reference:
CISA review manual 2014 page number 61, 62 and 63