**2. Overview of information system**

IS risk management implementation can be a foundation to effective business management initiative, businesses are processing tons of stakeholders information daily any, slack or weakness in IS management operation can expose the entire business operation to financial loss. Organization is a network of activities combined as one under the influence of IS. IS has become an essential tool that promote entire operation of an organization and it is crucial to performance. Specifically, organization must recognize the implication of IS risk management implementation to profitability. Risk management is like a catalyst to operational efficiency [10]. Nevertheless, IS risk management implementation should be a concentrated area of study especially in the financial institutions. Financial sectors have been trying to understand how to minimize customer's information theft and financial scam for the performance efficiency.

Literature review findings revealed limited studies on IS risk management implementation in the business organization [11]. Studies like [12] explained the process and the importance of managing risk in the business organization. Other studies discussed factors that drove effective IS risk management implementation [13]. The importance of IS risk management implementation to financial performance is worthy of exploration due to the present cashless policy in the global economy. The more the global reliance on internet services for business operations the higher the exposure to IS risk and the more the necessity for IS risk management implementation. Also, business organizations are operating under intense competitive pressure relating to trade secret and competitive advantage, organizations that failed to implement IS risk management implementation could lose sensitive information to competitors. This can reduce operational efficiency and slow down timely decision making. Additionally, the global economic efficiency is anchored on digital financial transaction and the volatility of information exposure via the internet further increased IS risk. This problem has hindered the effectiveness of IS usage. Organizations are rethinking of risk management policy to meet the current challenges of IS risk management. Therefore, top management must adequately play oversight function in the risk management implementation by setting up a risk management policy and framework and accept suggestions on IS risk management prevention and control.

The main reason for implementing IS risk management does not limited to risk minimization but to optimize it rewards and prevent probable failure in the long run [14, 15]. IS risk management implementation is a technical practice that influence the major area of business practice in recent time. Effective IS risk management implementation in the business operation is critical to both financial and sustainable performance. Development of effective capacity to measure and manage IS risks is also critical for organizations to effectively perform their duties in financing business activities, particularly, the role of continuous managing financial operations involving various stakeholders whose involvement underpin economic growth of the company. It is highly important to minimize losses and increase business performance.

IS supports the strategic decision of business organization. It also gives appropriate response to information aspect of business operation by promoting effectiveness in the coordination of different units of the business. IS promotes simple access to data and information in timely basis and in an arranged manner. Information becomes easily documented to enhance and improve the day-to day activities of organization. IS needs people and hardware to exercise functional activities of planning, directing, organizing, coordinating, controlling, and decision-making. However, IS risk management implementation is relevant to

#### *Risk Management*

protect the functional activities of IS for better result and to correct the deviations in the system. IS creates appropriate condition for effective decision-making and information processing that improves organizational efficiency. IS risk management implementation help to predict and protect the future of IS usage in the organization with the view to make appropriate caution in the event of a limitation in attaining the goal of IT resource [1, 16]. Ability to take advantage of IS lies in risk management efficiency.
