**1. Introduction**

The development in information technology has enabled the business organizations to implement information system (IS) risk management as a method of protecting businesses as well as organization's confidential information. Nowadays, information technology (IT) has helped organizations to accomplished objective of automated information processing system. Information is considered valuable and intangible assets that has to do with knowledge acquisition, trade secret, organizational capability and innovative advantage, therefore, they need to be protected from any form of IS related threat or risk [1].

Recently, attention has been drawn to IS risk management implementation due to the common problem of cyber-attack and intellectual property theft.

Effective IS risk management implementation is significant to IS assets protection. Organizations need to focus on every area of risk management and not financial assets alone [2]. Top management must show commitment and ultimate responsibility towards accomplishment of IS risk management implementation. Senior management should include IS risk management as part of managerial function and ensure that all required resources are readily available to provide the capabilities needed to achieve IS risk management implementation objective [3]. Additionally, top management should evaluate IS risk management performance to know the failure or success of the program.

Moreover, in order to incorporate the result of risk assessment into organizational decision making, top management must show support and commitment to IS risk management implementation programmes to mitigate IS related risks. Both profit and not for profit organizations need to boost efficient and secure financial operations by remain proactive in managing various risks that are related to IS. The most common type of theft in our time is connected to intellectual property theft, information security breach, and online financial crime therefore, top management commitment and support for IS risk management implementation will enhance greater protection of business information.

However, IS risk management implementation should be based on criteria that successfully measure IS performance objective in all areas of corporate activities. IS is now a critical success factor that influenced number of performance outcomes, hence, managing its risk will promote competitiveness and performance of business organization. Studies have recommended risk management implementation as breakthrough in performance management [4, 5] also views risk management as the crucial area of managerial planning and action required to achieve performance efficiency. Ultimately, commitment and support of top management is a factor that measure organization's proactiveness in IS risk management implementation in relation to entire performance of business units. Top management commitment and support involves establishment of corporate objective on risk minimization, risk management policy formulation, financing, setting up committees for monitoring, supervision and training, as well as evaluation of risk management result [6]. However, IS is a combination of hardware, software and people in an organization who collect, filter and process data to generate useful information to support business processes [7]. Nowadays, both financial and non-financial operations relied on information processing using IT as a major tool. Hence; it is necessary to beware of various major risks associated with the usage of IS such as human error, scam, and natural disasters.

Therefore, this book chapter discusses the impact of top management commitment and support on IS risk management implementation in the business organization for sustainable business result. Meanwhile, IS risk include series of events associated with the usage of IS, examples are hardware and software failure, computer virus attack, human error, and other criminal risks like hackers, staff dishonesty, fraud, information security breach, passwords theft and denial of service. Including the occurrence of natural disasters like fire, flood and others that could cause complete damage to entire information processing operation. Thus, it is critical to prevent risk occurrence than waiting for the risk to occur and then try to get rid of it, this could be costly and have a devastating effect on performance outcome. Much has not been done in the area of academic research when it comes to IS risk management implementation [7, 8], unlike other areas of risk management studies. Researchers and practitioners should put efforts in understanding and assessing how organizations can implement effective IS risk management. In terms of combination of technical procedure with people-orientated component for the purpose of minimizing the likely risks of IS assets as well as enhancing organization's capacity in managing the risks [9].

*Assessment of Top Management Commitment and Support on IS Risk Management... DOI: http://dx.doi.org/10.5772/intechopen.96258*
