**5. Is there a fit between the role of IS and organization performance?**

IS function stated that organization with significant impact on information processing need a high level of technology efficiency, because any interruption can have a devastating effect on business operation. For example, IS deficiency can caused significant level of revenue loss to organizations that are based on the use of computer for business processing e.g., airlines, banks et cetera [19]. In those organizations, performance is based on genuine service, relevant of information, and the consistency of the system. IS implementation is often established in the organization to achieve a key performance objectives. Integration of IS with business operation will improve communication efficiency and better identification of strategy that suit performance objectives. IS applications and good communication will also promote a user friendly environment. The achievement of these objectives can be considered as a measure of active IS risk management implementation. Organizations that play a significant role in IS risk management implementation is expected to have greater attainment of both mission and vision objectives. Success in IS risk management implementation is to a large extent dependent on the organization's culture and level of resistance to risk management and control [4, 5]. Organization's resistance to risk control and reduction can cause loss of revenue and profitability. The level of acceptance and usage of IS could be higher in organizations that are in the strategic position of competitiveness. Hence, the more the usage of IS the higher the exposure to potential risk of IS technology. A computer or system shutdown can has a great negative effect on the operations of organizations in the strategic IS businesses. For instance, sectors like Airlines can suffer significant revenue loss if their computers were to be breakdown for few hours. In those organizations, IS efficiency must be maintained to support accuracy of service, relevancy of information, and the efficiency of system to meet the critical needs of business operation.

IS has the capacity to impact business performance in many ways, such as return on investment (ROI), sales revenue, customer satisfaction, market share and competitive advantage. Studies have highlighted that the return from IS investment dependent on the system's strategic role [19]. Over the years, airline industries have been found to increase their sales revenue and market share through strategic IS implementation. Scholars like [29] provide evidences that IS can impact organizational performance. Therefore, since this study focuses on the top management commitment and support for IS risk management implementation, it is expected that organizations that have a significant reliance on IS for business operations need an active top management executives to implement and support IS risk management. This will have a great contribution to the development and economic sustainability of business organization.

#### **6. Concept of risk management**

Risk is a probability of bad occurrence and the anticipation of the degree of loss that is likely to occur. Probability of loss can emerge from the uncertainty, threat, vulnerability, and asset characteristics. Eboigbe [30] refers to risk as an unwanted event

*Assessment of Top Management Commitment and Support on IS Risk Management... DOI: http://dx.doi.org/10.5772/intechopen.96258*

or circumstance that has a probability of occurrence resulting to bad result from a project. Technology, N. I. o. S. a. [31] described risk as any circumstance that is capable of affecting the goal of business objectives. Diverse opinions on the meaning of risk are what resulted into various identifications of risks and it outcomes, including the risk assessment. Looking at the definition of the risk, it nature is universal regardless of the context. Business organization is liable to incur some risks in the form of investment risk, market risk, credit risk, operational risk, liquidity risk, IS risk, competition risk, government policy risk, natural disaster's risk and other risks that are connected to commercial activities. Therefore, risks exposure required effective risk management. Risk management is one of the strategies required to achieve business goal.

#### **7. IS risk management**

Nowadays, technology serves as a blockbuster to business performance and automated information processing. IS is an asset to the organization thus, organizations are required to protect their assets from any form of risk. IS risk is an IT-related risk that can expose business process to significant loss. IS risk management played an important role in the management of business organization. An efficient IS risk management is necessary for the success of IT security in the organization. Hence, IS risk management should not be left to IT technicians/experts; rather it should be regarded as one of the critical managerial function [32, 33].

IS risk management allowed IT supervisor to evaluate operation and economic costs of information security to obtain the goal of IT investment. IS is an organizational system designed to process, store and distribute information to accomplish the mission and vision objectives. Every stage of those functions involved risk, for example, during information processing, sensitive information could be loss or stolen, it is in the capacity of business organization to manage such risk exposure. Also, financial data is one of the sensitive aspects of IS processing, organization needs to protect it from the risk of manipulation and false Figures. IS risk management encompasses security and conscious procedures in preventing and reducing IS risk. These risks include operational, usage, and implementation.

This book chapter however, concentrates on the role of top management commitment and support as a driver of IS risk management implementation in the business organization. Al-Wohaibi et al. [2] concluded that the main goal of IS risk management is to enhance active performance of business operation by reducing the running cost of the business [26] examined IS and software development in U.S. and found that IS risk management promote data and information processes within the organization. Standardization and integration of activities enabled organizations to coordinate operating processes and improve information generation capacity such that reduce the operating cost. Whale [34] conducted study on IS risk management in the bank sector in England and concluded that IS risk management is critical to the operation of bank institution than any other organization due to their stand as service delivery. Financial institutions processed a huge amount of customers' information daily. This information is exposed to a number of factors like theft, destruction, system failure, and information inaccuracy. These risks are threat to the performance of organization, therefore IS risk management implementation becomes critical for the survival of business.

#### **8. Implementation of IS risk management**

IS risk management implementation is the method of highlighting vulnerability in the IS and the protection of all the components of IS. Whale [34] argued that the

fundamental concerns of IS risk management implementation is to support operating mission and vision of the organization. IS risk management implementation involves a series of steps like identifying, measuring, monitoring, and controlling IS related risks in an organization. The process ensures that individual clearly understand risk management procedures in order to achieve business strategic objectives. IS risk management implementation can also reduce the negative impact of business and increase the emerging market opportunities [35].

However, I concluded on the following as major objectives of IS risk management implementation in an organization: (1) building IS that process, store, and disseminate information; (2) allowing management to formulate useful decision that ensure judicious utilization of IS budget and (3) assist management to give necessary authority regarding the documentation of risk management performance. IS risk management implementation consists of different activities by which when undertaking in sequence will allow continual improvement in decision making. This includes establishing the content of the risk, identifying the risk, evaluating the risk, and risk treatment.

Al-Mamary [32] emphasized that effective IS risk management implementation should support the business operation objective. IS risk management is a vital component of business management and performance. Top management is enriched with two fundamental obligations, namely, obligation to dedicate and obligation to care in IS risk management implementation process. An obligation of dedication means that the IS risk management implementation decision will be made in the benefit of the business. Obligation of care is an indication that senior executive will safe guide the assets of the organization and make informed business decision. IS risk management implementation must be practical and control must be directed towards eradication of existing risks. Implementing a timely IS risk management can fulfill this objective [11] IS risk management implementation responsibility and accountability should be made specific and clear. IS risk management implementation policy should be based on the responsibilities of workforce. Also, for effective IS risk management implementation, efficient policy must be implemented, missions and objectives must be clearly communicated across the workforce and IT experts. The result of IS risk management implementation should always be evaluate to know the area that required improvement and to meet IS changing update. This should be done in respect to time, need, and objective. Efficient top management commitment and support will help to conduct routine inspection on IS risk management implementation and make changes where necessary.

## **9. Is top management commitment and support a necessity to IS risk management efficiency**

Top management commitment and support played crucial role in IS risk management implementation, stating from budget approval, policy formulation, team appointment, supervision and monitoring to evaluation [36]. Effective IS risk management implementation and objective accomplishment can be compensated by top management as a reward for the success. Dembo and Freeman [37] conducted study in U.S. to examine the concept of critical success factor to be implemented in a business environment. Executive management support was considered the most successful critical success factor. Integrating risk management into decision-making process will create efficiency in procedure and control in a common risk management. Galorath [38] studied the importance of risk management and evaluate the process required for effective implementation of IS risk management in SMEs. Toplevel executive support was also considered a success factor for risk management

#### *Assessment of Top Management Commitment and Support on IS Risk Management... DOI: http://dx.doi.org/10.5772/intechopen.96258*

implementation. Risk management implementation protects the entire management structure and measure the pattern of performance in relation to risk management. Westerveld [39] investigate the relationship between project success and critical success factor using project designed model, top management support was found effective. Belassi and Tukel [40] identified critical success factors for Management Information System (MIS) project implementation, top management support was considered a crucial factor. Cereola [41] examined the critical success factors in complex industrial project management and highlighted top management support as major critical success factor.

An holistic survey conducted by [42] revealed that the most important elements of risk management implementation in the organizations include attitude towards risk monitoring and practice and support from executive board. Therefore, it can be concluded that top management commitment and support is a key component of IS risk management implementation because it improves and support decision making in IS risk management. Commitment from top management and support are crucial to IS risk management implementation. Successful implementation of risk management is thus, based on the commitment and support of the top management.

The commitment and support from top management plays a major role in the success of any form of project implementation within an organization. Top management has a broad range of actions that include effective decision-making in managing IS risk, developing training programs, supporting quality management, formulating objectives and strategies for IS risk management implementation, and establishing a project management office [43]. Commitment and support from top management is very essential in the management of any organization and its one of the key factors for IS risk management implementation. The level of capability in managing risk project administration in the organization has a connection with the implementation and risk control. Top management needs to be mindful of risk management control in terms of execution, device screening and selection, application prerequisites, and outcome measurement [44] Commitment and support can be in the forms of skill, monetary, and direct participation in organization's risk management implementation. Top management clearly has a key role in running business activities and concerns for organizational success. Fasilat [45] conducted study on the critical success factor for IS risk management implementation in the financial sector and found that top management commitment and support was critical to the success of IS risk management implementation. Victoria Lucas et al. [6] also found that top management support is critical to the success of diverse enterprise resource management. Top management competency, instruction, and awareness about IS risk management practice play significant role in building a strategy that promote risk management.

IS is considered importance in the production of goods and services in the recent time, production activities from raw material supply to the final consumption required communication processes both within and outside the scope of organization. Top management is expected to be committed to the process of formulating strategic decisions regarding the IS risk management implementation and performance efficiency. IS as a process of information and communication technology (ICT) that allows an organization to use and interact with technology in the business processing system. IS is a complete process that involves data process and management on the one hand and activity relating to information usage and management on the other hand. Hence, it can be concluded that successful IS risk management implementation depends on the commitment of top management officials and that if IS risk management is well implemented will enhance organizational performance.

## **10. Methodology**

The architectural process of the method employed in this book chapter is logic that follows the sequence of highlights that clearly defines the title of the book chapter. However, [46] described research methodology as the process of considering and explaining the logic behind research method and technique which allowed the means to explore a phenomenon. Therefore, this study employs a narrative method of literature review, a comprehensive approach that critically analyzed the impact of top management commitment and support on information system risk management implementation in the business organization. It is essential to the study's objective because it helps to identify relevant information on what is matter in the research topic. This also allows identification of the importance and contributions of both top management commitment and support and IS risk management implementation to sustainable business performance in the existing body of knowledge [47]. This method was chosen due to its flexible approach which gives individual insight and opportunities for speculation that most quantitative review approaches never give. Google Scholar, Scopus, Web of Science, Research Gate were the main source of data collection.

#### **11. Result and discussion**

The desire to accelerate profit through sustainable performance does not come without an effort, organizations need to undertake some practical steps to enhance job standard and expectation. This will promote financial stability and commitment to performance objectives. Hence, top management commitment and support on information system risk management implementation is one of the channels through which an organization can truly achieve the desired goal and objective. Since IS has become the bedrock of business processing activities. Also, inability to managed IS risk has posed major challenges to sustainability of some organizations in the recent time. Sensitive information leakage, hard and software malfunctioning, attitude to IS usage, and online scammer constitute major IS risk. When IS risk management is affected, the sustainable performance of global business organizations will be hindered.

Additionally, IS promotes and sustained interaction between organization and its stakeholders. It is a key component that provide information to the right people at the right time in the favor of managerial activities. Additionally, it reduces the time spent in face-to-face communications among employees and supervisors thus, increasing efficiency of information responsiveness in the organization. IS is a user support system for management information which aims to provide understandable, reliable, accessible, and complete information in a timely basis. However, the risk of IS has been identified as one of the most critical issue in IS implementation. Few studies have been conducted to explore the influence of IS risk management implementation on the success of organizational performance. IS risk management implementation is a critical factor that determine organization's success in IT management. According to [48] successful implementation and usage of technology in the business processes depends on software characteristics, organizational characteristics, types of project, users perception, and value yield to the financial outcome. IS risk management can be evaluated from the users experience in terms of perceived usefulness, perceived ease of use and user satisfaction. IS implementation is a costly project, inability of organization to maximize it performance potential is a risk to financial stability. Hence, IS is a resource capability that can be used as tool for

competitive advantage. Therefore, more studies are required to create awareness about the importance of top management commitment and support on information system risk management implementation to promote sustainable profit and performance across the globe.
