Information system has become a strategic tool for business organization, its wide usage and acceptance has increased the flexibility of commercial activities and business sustainability. The use of internet technology has also promoted business networking, information sharing, knowledge acquisition, and prompt decision-making. Meanwhile, efficiency of IS is anchored on the commitment and support of top management in terms of policy and strategy formulation. This paper analyses the impact of top management commitment and support on IS risk management implementation in the business sector. The study employed a narrative method of literature review that critically analyzed the importance of top management commitment and support on information system risk management implementation within the business organization. Relevant information was obtained from Scopus, Web of Science, Research Gate and google scholar. It was found that IS improves task efficiency through effective communication and job automation. Therefore, organizations need to control and prevent the possibility of IS risk occurrence in their operations to promote competitive advantage and sustainable performance. Hence, and it is the responsibility of executive arm of organization to guide, direct, and control IS risk management implementation for performance advantage.
- top management
- commitment and support
- risk management
- information system
- business organization
The development in information technology has enabled the business organizations to implement information system (IS) risk management as a method of protecting businesses as well as organization’s confidential information. Nowadays, information technology (IT) has helped organizations to accomplished objective of automated information processing system. Information is considered valuable and intangible assets that has to do with knowledge acquisition, trade secret, organizational capability and innovative advantage, therefore, they need to be protected from any form of IS related threat or risk .
Recently, attention has been drawn to IS risk management implementation due to the common problem of cyber-attack and intellectual property theft. Effective IS risk management implementation is significant to IS assets protection. Organizations need to focus on every area of risk management and not financial assets alone . Top management must show commitment and ultimate responsibility towards accomplishment of IS risk management implementation. Senior management should include IS risk management as part of managerial function and ensure that all required resources are readily available to provide the capabilities needed to achieve IS risk management implementation objective . Additionally, top management should evaluate IS risk management performance to know the failure or success of the program.
Moreover, in order to incorporate the result of risk assessment into organizational decision making, top management must show support and commitment to IS risk management implementation programmes to mitigate IS related risks. Both profit and not for profit organizations need to boost efficient and secure financial operations by remain proactive in managing various risks that are related to IS. The most common type of theft in our time is connected to intellectual property theft, information security breach, and online financial crime therefore, top management commitment and support for IS risk management implementation will enhance greater protection of business information.
However, IS risk management implementation should be based on criteria that successfully measure IS performance objective in all areas of corporate activities. IS is now a critical success factor that influenced number of performance outcomes, hence, managing its risk will promote competitiveness and performance of business organization. Studies have recommended risk management implementation as breakthrough in performance management [4, 5] also views risk management as the crucial area of managerial planning and action required to achieve performance efficiency. Ultimately, commitment and support of top management is a factor that measure organization’s proactiveness in IS risk management implementation in relation to entire performance of business units. Top management commitment and support involves establishment of corporate objective on risk minimization, risk management policy formulation, financing, setting up committees for monitoring, supervision and training, as well as evaluation of risk management result . However, IS is a combination of hardware, software and people in an organization who collect, filter and process data to generate useful information to support business processes . Nowadays, both financial and non-financial operations relied on information processing using IT as a major tool. Hence; it is necessary to beware of various major risks associated with the usage of IS such as human error, scam, and natural disasters.
Therefore, this book chapter discusses the impact of top management commitment and support on IS risk management implementation in the business organization for sustainable business result. Meanwhile, IS risk include series of events associated with the usage of IS, examples are hardware and software failure, computer virus attack, human error, and other criminal risks like hackers, staff dishonesty, fraud, information security breach, passwords theft and denial of service. Including the occurrence of natural disasters like fire, flood and others that could cause complete damage to entire information processing operation. Thus, it is critical to prevent risk occurrence than waiting for the risk to occur and then try to get rid of it, this could be costly and have a devastating effect on performance outcome. Much has not been done in the area of academic research when it comes to IS risk management implementation [7, 8], unlike other areas of risk management studies. Researchers and practitioners should put efforts in understanding and assessing how organizations can implement effective IS risk management. In terms of combination of technical procedure with people-orientated component for the purpose of minimizing the likely risks of IS assets as well as enhancing organization’s capacity in managing the risks .
2. Overview of information system
IS risk management implementation can be a foundation to effective business management initiative, businesses are processing tons of stakeholders information daily any, slack or weakness in IS management operation can expose the entire business operation to financial loss. Organization is a network of activities combined as one under the influence of IS. IS has become an essential tool that promote entire operation of an organization and it is crucial to performance. Specifically, organization must recognize the implication of IS risk management implementation to profitability. Risk management is like a catalyst to operational efficiency . Nevertheless, IS risk management implementation should be a concentrated area of study especially in the financial institutions. Financial sectors have been trying to understand how to minimize customer’s information theft and financial scam for the performance efficiency.
Literature review findings revealed limited studies on IS risk management implementation in the business organization . Studies like  explained the process and the importance of managing risk in the business organization. Other studies discussed factors that drove effective IS risk management implementation . The importance of IS risk management implementation to financial performance is worthy of exploration due to the present cashless policy in the global economy. The more the global reliance on internet services for business operations the higher the exposure to IS risk and the more the necessity for IS risk management implementation. Also, business organizations are operating under intense competitive pressure relating to trade secret and competitive advantage, organizations that failed to implement IS risk management implementation could lose sensitive information to competitors. This can reduce operational efficiency and slow down timely decision making. Additionally, the global economic efficiency is anchored on digital financial transaction and the volatility of information exposure via the internet further increased IS risk. This problem has hindered the effectiveness of IS usage. Organizations are rethinking of risk management policy to meet the current challenges of IS risk management. Therefore, top management must adequately play oversight function in the risk management implementation by setting up a risk management policy and framework and accept suggestions on IS risk management prevention and control.
The main reason for implementing IS risk management does not limited to risk minimization but to optimize it rewards and prevent probable failure in the long run [14, 15]. IS risk management implementation is a technical practice that influence the major area of business practice in recent time. Effective IS risk management implementation in the business operation is critical to both financial and sustainable performance. Development of effective capacity to measure and manage IS risks is also critical for organizations to effectively perform their duties in financing business activities, particularly, the role of continuous managing financial operations involving various stakeholders whose involvement underpin economic growth of the company. It is highly important to minimize losses and increase business performance.
IS supports the strategic decision of business organization. It also gives appropriate response to information aspect of business operation by promoting effectiveness in the coordination of different units of the business. IS promotes simple access to data and information in timely basis and in an arranged manner. Information becomes easily documented to enhance and improve the day-to day activities of organization. IS needs people and hardware to exercise functional activities of planning, directing, organizing, coordinating, controlling, and decision-making. However, IS risk management implementation is relevant to protect the functional activities of IS for better result and to correct the deviations in the system. IS creates appropriate condition for effective decision-making and information processing that improves organizational efficiency. IS risk management implementation help to predict and protect the future of IS usage in the organization with the view to make appropriate caution in the event of a limitation in attaining the goal of IT resource [1, 16]. Ability to take advantage of IS lies in risk management efficiency.
3. Do we have to measure economic effect of IS risk management implementation to promote pro-activeness in risk prevention?
IS is a tool that supported business connectivity within and outside the organization. It helps to generate information from data processing and analyzed it into meaningful services for managerial decision making. IS is people and service oriented activities that determine the method of gathering, processing, storing and transmitting business information to support managerial operations in the organization . The success of IS risk management dependent on the result of evaluation and efficiency of business processes. The common measure for evaluating IS risk management implementation are quality of productivity and performance efficiency. Quality of productivity is a determent of how the organization utilizes it IS in the production of products and services. Meanwhile, efficiency of IS depends on employees’ attitudes and behaviors towards IS usage, task effectiveness, and resource availability.
Technological development and expansion have promoted the recent industrial booming in terms of speedy information processing and decision making. Also, the whole activities in our everyday life has been impacted by IS and technology devices. In a nutshell, IS is a product of information and communication technology (ICT), which includes software, hardware, and other elements communication . Nonetheless, IS involves combination of IT and its applications in the organization as well as the users who enables technology implementation for organizational benefit. Organizational information is related to customers, suppliers, products, operating procedures, equipment, competitors, financial transactions, and regulatory environments . IS risk management implementation helps to safeguard customers’ accounts, payroll information, information relating to trade secret, company’ financial and non-financial assets and the efficiency of the branch operations .
Hence, IS consists of software, people, hardware communication devices, and data that enable information processing, storage, and usage for business purpose. Acemoglu et al.  described IS as a package of software connected within the organization to achieve performance efficiency. Abbas  also defined IS as a structural means of gathering, entering, processing, storage, managing, controlling, and disseminating business information to achieve business goals and objectives. Rai et al.  refers to IS as a system that promotes activities that are concentrated on managing, disseminating, and displaying information. Based on those definitions, IS can be referred to as an essential technology tool that improve performance and competitive advantage of business organization. IS risk management implementation is an emerging area of study and no generally accepted standard to guide organizations on successful implementation of IS risk management. Though, few of such standards exist but limited to certain practices which are limited to a small range of business organizations. Therefore, more studies will help to bridge this gap.
4. Do the components of IS matters to it designs and usefulness
Three components of IS was identified and explained in the following statements.
4.1 IS technology activeness
This is a dimension that is built on system and information quality. System and information quality is considered key factor affecting IS’s usage and acceptance within the organization. However, system quality is characterized by device flexibility, software features, ease of use, system reliability, and employee’s acceptance . The success and prospect of IS was based on the perceived usefulness, user satisfaction, and the performance outcome. Moreover  concluded that system quality positively influenced user’s satisfaction. In addition  also supported that system quality influenced IS user satisfaction. Whereas, information quality is the desirable end result of IS usage. It includes information relevant, clarity, accuracy, conciseness, completeness, and timeliness. Increase in information quality will lead to high IS usefulness. Premkumar and King  opined that information quality has a significant influence on IT usefulness and user satisfaction.
Nevertheless, service quality is the motivation and encouragement given to the system users usually from the IT or HRM department and technology personnel support. This includes responsiveness, device accuracy, software reliability, technical support, empathy, rewards and recognition. Victoria Lucas et al. and Al-Mamary et al. [6, 23] concluded that service quality positively affected perceived usefulness of IS. Meaning that increase in service quality will increase IS usefulness.
4.2 Internal organizational factor
Internal organizational factor is the top management commitment and support in terms of training given to IS users. That is, the support offered by top management in IS risk management implementation. Top management commitment and support activities aimed to realize the full benefits of IS by promoting the use of technology for job-related task, provision of necessary resources, rewards and recognitions, training and guidance on IS (Victoria Lucas ). IS training is relevant in Operation systems (OS), Spreadsheets, Word processing, and other software application packages.
Sudhakar  concluded that top management support positively affect IS usefulness and user’s satisfaction. Al-Mamary et al.  also concluded that training has a direct positive influence on IS usefulness and user‘s satisfaction. Resource allocation is very important to IS risk management implementation and the functioning of business operation units. Resource allocation can be finance, people, technology devices etc. IS resource allocation is dependent on the size of business operation and the expected outcome. Organization that has a significant objective of IS risk management implementation is expected to have great IS resources to support their business operations. Also, participation of top management and users in the IS risk management planning and implementation will promote understanding and efficiency of the system.
4.3 People’s factor
People’s factor refers to computer user’s efficacy (Self-efficacy) and experience in handling IS devices. Computer efficacy is the user’s skills and abilities to perform a given task using IS devices. Computer efficacy measure individual’s understanding of how the system work and confidentiality in the use of the system [27, 28]. Premkumar and King  agree that computer efficacy positively influence IS usefulness and users satisfaction. User’s experience can be measure by previous knowledge and skill in the use of IS devices such as spreadsheet, OS, word processing and so on. Moh’d Al-adaileh  found positive interaction between computer experience and user’s satisfaction.
5. Is there a fit between the role of IS and organization performance?
IS function stated that organization with significant impact on information processing need a high level of technology efficiency, because any interruption can have a devastating effect on business operation. For example, IS deficiency can caused significant level of revenue loss to organizations that are based on the use of computer for business processing e.g., airlines, banks et cetera . In those organizations, performance is based on genuine service, relevant of information, and the consistency of the system. IS implementation is often established in the organization to achieve a key performance objectives. Integration of IS with business operation will improve communication efficiency and better identification of strategy that suit performance objectives. IS applications and good communication will also promote a user friendly environment. The achievement of these objectives can be considered as a measure of active IS risk management implementation. Organizations that play a significant role in IS risk management implementation is expected to have greater attainment of both mission and vision objectives. Success in IS risk management implementation is to a large extent dependent on the organization’s culture and level of resistance to risk management and control [4, 5]. Organization’s resistance to risk control and reduction can cause loss of revenue and profitability. The level of acceptance and usage of IS could be higher in organizations that are in the strategic position of competitiveness. Hence, the more the usage of IS the higher the exposure to potential risk of IS technology. A computer or system shutdown can has a great negative effect on the operations of organizations in the strategic IS businesses. For instance, sectors like Airlines can suffer significant revenue loss if their computers were to be breakdown for few hours. In those organizations, IS efficiency must be maintained to support accuracy of service, relevancy of information, and the efficiency of system to meet the critical needs of business operation.
IS has the capacity to impact business performance in many ways, such as return on investment (ROI), sales revenue, customer satisfaction, market share and competitive advantage. Studies have highlighted that the return from IS investment dependent on the system’s strategic role . Over the years, airline industries have been found to increase their sales revenue and market share through strategic IS implementation. Scholars like  provide evidences that IS can impact organizational performance. Therefore, since this study focuses on the top management commitment and support for IS risk management implementation, it is expected that organizations that have a significant reliance on IS for business operations need an active top management executives to implement and support IS risk management. This will have a great contribution to the development and economic sustainability of business organization.
6. Concept of risk management
Risk is a probability of bad occurrence and the anticipation of the degree of loss that is likely to occur. Probability of loss can emerge from the uncertainty, threat, vulnerability, and asset characteristics. Eboigbe  refers to risk as an unwanted event or circumstance that has a probability of occurrence resulting to bad result from a project. Technology, N. I. o. S. a.  described risk as any circumstance that is capable of affecting the goal of business objectives. Diverse opinions on the meaning of risk are what resulted into various identifications of risks and it outcomes, including the risk assessment. Looking at the definition of the risk, it nature is universal regardless of the context. Business organization is liable to incur some risks in the form of investment risk, market risk, credit risk, operational risk, liquidity risk, IS risk, competition risk, government policy risk, natural disaster’s risk and other risks that are connected to commercial activities. Therefore, risks exposure required effective risk management. Risk management is one of the strategies required to achieve business goal.
7. IS risk management
Nowadays, technology serves as a blockbuster to business performance and automated information processing. IS is an asset to the organization thus, organizations are required to protect their assets from any form of risk. IS risk is an IT-related risk that can expose business process to significant loss. IS risk management played an important role in the management of business organization. An efficient IS risk management is necessary for the success of IT security in the organization. Hence, IS risk management should not be left to IT technicians/experts; rather it should be regarded as one of the critical managerial function [32, 33].
IS risk management allowed IT supervisor to evaluate operation and economic costs of information security to obtain the goal of IT investment. IS is an organizational system designed to process, store and distribute information to accomplish the mission and vision objectives. Every stage of those functions involved risk, for example, during information processing, sensitive information could be loss or stolen, it is in the capacity of business organization to manage such risk exposure. Also, financial data is one of the sensitive aspects of IS processing, organization needs to protect it from the risk of manipulation and false Figures. IS risk management encompasses security and conscious procedures in preventing and reducing IS risk. These risks include operational, usage, and implementation.
This book chapter however, concentrates on the role of top management commitment and support as a driver of IS risk management implementation in the business organization. Al-Wohaibi et al.  concluded that the main goal of IS risk management is to enhance active performance of business operation by reducing the running cost of the business  examined IS and software development in U.S. and found that IS risk management promote data and information processes within the organization. Standardization and integration of activities enabled organizations to coordinate operating processes and improve information generation capacity such that reduce the operating cost. Whale  conducted study on IS risk management in the bank sector in England and concluded that IS risk management is critical to the operation of bank institution than any other organization due to their stand as service delivery. Financial institutions processed a huge amount of customers’ information daily. This information is exposed to a number of factors like theft, destruction, system failure, and information inaccuracy. These risks are threat to the performance of organization, therefore IS risk management implementation becomes critical for the survival of business.
8. Implementation of IS risk management
IS risk management implementation is the method of highlighting vulnerability in the IS and the protection of all the components of IS. Whale  argued that the fundamental concerns of IS risk management implementation is to support operating mission and vision of the organization. IS risk management implementation involves a series of steps like identifying, measuring, monitoring, and controlling IS related risks in an organization. The process ensures that individual clearly understand risk management procedures in order to achieve business strategic objectives. IS risk management implementation can also reduce the negative impact of business and increase the emerging market opportunities .
However, I concluded on the following as major objectives of IS risk management implementation in an organization: (1) building IS that process, store, and disseminate information; (2) allowing management to formulate useful decision that ensure judicious utilization of IS budget and (3) assist management to give necessary authority regarding the documentation of risk management performance. IS risk management implementation consists of different activities by which when undertaking in sequence will allow continual improvement in decision making. This includes establishing the content of the risk, identifying the risk, evaluating the risk, and risk treatment.
Al-Mamary  emphasized that effective IS risk management implementation should support the business operation objective. IS risk management is a vital component of business management and performance. Top management is enriched with two fundamental obligations, namely, obligation to dedicate and obligation to care in IS risk management implementation process. An obligation of dedication means that the IS risk management implementation decision will be made in the benefit of the business. Obligation of care is an indication that senior executive will safe guide the assets of the organization and make informed business decision. IS risk management implementation must be practical and control must be directed towards eradication of existing risks. Implementing a timely IS risk management can fulfill this objective  IS risk management implementation responsibility and accountability should be made specific and clear. IS risk management implementation policy should be based on the responsibilities of workforce. Also, for effective IS risk management implementation, efficient policy must be implemented, missions and objectives must be clearly communicated across the workforce and IT experts. The result of IS risk management implementation should always be evaluate to know the area that required improvement and to meet IS changing update. This should be done in respect to time, need, and objective. Efficient top management commitment and support will help to conduct routine inspection on IS risk management implementation and make changes where necessary.
9. Is top management commitment and support a necessity to IS risk management efficiency
Top management commitment and support played crucial role in IS risk management implementation, stating from budget approval, policy formulation, team appointment, supervision and monitoring to evaluation . Effective IS risk management implementation and objective accomplishment can be compensated by top management as a reward for the success. Dembo and Freeman  conducted study in U.S. to examine the concept of critical success factor to be implemented in a business environment. Executive management support was considered the most successful critical success factor. Integrating risk management into decision-making process will create efficiency in procedure and control in a common risk management. Galorath  studied the importance of risk management and evaluate the process required for effective implementation of IS risk management in SMEs. Top-level executive support was also considered a success factor for risk management implementation. Risk management implementation protects the entire management structure and measure the pattern of performance in relation to risk management. Westerveld  investigate the relationship between project success and critical success factor using project designed model, top management support was found effective. Belassi and Tukel  identified critical success factors for Management Information System (MIS) project implementation, top management support was considered a crucial factor. Cereola  examined the critical success factors in complex industrial project management and highlighted top management support as major critical success factor.
An holistic survey conducted by  revealed that the most important elements of risk management implementation in the organizations include attitude towards risk monitoring and practice and support from executive board. Therefore, it can be concluded that top management commitment and support is a key component of IS risk management implementation because it improves and support decision making in IS risk management. Commitment from top management and support are crucial to IS risk management implementation. Successful implementation of risk management is thus, based on the commitment and support of the top management.
The commitment and support from top management plays a major role in the success of any form of project implementation within an organization. Top management has a broad range of actions that include effective decision-making in managing IS risk, developing training programs, supporting quality management, formulating objectives and strategies for IS risk management implementation, and establishing a project management office . Commitment and support from top management is very essential in the management of any organization and its one of the key factors for IS risk management implementation. The level of capability in managing risk project administration in the organization has a connection with the implementation and risk control. Top management needs to be mindful of risk management control in terms of execution, device screening and selection, application prerequisites, and outcome measurement  Commitment and support can be in the forms of skill, monetary, and direct participation in organization’s risk management implementation. Top management clearly has a key role in running business activities and concerns for organizational success. Fasilat  conducted study on the critical success factor for IS risk management implementation in the financial sector and found that top management commitment and support was critical to the success of IS risk management implementation. Victoria Lucas et al.  also found that top management support is critical to the success of diverse enterprise resource management. Top management competency, instruction, and awareness about IS risk management practice play significant role in building a strategy that promote risk management.
IS is considered importance in the production of goods and services in the recent time, production activities from raw material supply to the final consumption required communication processes both within and outside the scope of organization. Top management is expected to be committed to the process of formulating strategic decisions regarding the IS risk management implementation and performance efficiency. IS as a process of information and communication technology (ICT) that allows an organization to use and interact with technology in the business processing system. IS is a complete process that involves data process and management on the one hand and activity relating to information usage and management on the other hand. Hence, it can be concluded that successful IS risk management implementation depends on the commitment of top management officials and that if IS risk management is well implemented will enhance organizational performance.
The architectural process of the method employed in this book chapter is logic that follows the sequence of highlights that clearly defines the title of the book chapter. However,  described research methodology as the process of considering and explaining the logic behind research method and technique which allowed the means to explore a phenomenon. Therefore, this study employs a narrative method of literature review, a comprehensive approach that critically analyzed the impact of top management commitment and support on information system risk management implementation in the business organization. It is essential to the study’s objective because it helps to identify relevant information on what is matter in the research topic. This also allows identification of the importance and contributions of both top management commitment and support and IS risk management implementation to sustainable business performance in the existing body of knowledge . This method was chosen due to its flexible approach which gives individual insight and opportunities for speculation that most quantitative review approaches never give. Google Scholar, Scopus, Web of Science, Research Gate were the main source of data collection.
11. Result and discussion
The desire to accelerate profit through sustainable performance does not come without an effort, organizations need to undertake some practical steps to enhance job standard and expectation. This will promote financial stability and commitment to performance objectives. Hence, top management commitment and support on information system risk management implementation is one of the channels through which an organization can truly achieve the desired goal and objective. Since IS has become the bedrock of business processing activities. Also, inability to managed IS risk has posed major challenges to sustainability of some organizations in the recent time. Sensitive information leakage, hard and software malfunctioning, attitude to IS usage, and online scammer constitute major IS risk. When IS risk management is affected, the sustainable performance of global business organizations will be hindered.
Additionally, IS promotes and sustained interaction between organization and its stakeholders. It is a key component that provide information to the right people at the right time in the favor of managerial activities. Additionally, it reduces the time spent in face-to-face communications among employees and supervisors thus, increasing efficiency of information responsiveness in the organization. IS is a user support system for management information which aims to provide understandable, reliable, accessible, and complete information in a timely basis. However, the risk of IS has been identified as one of the most critical issue in IS implementation. Few studies have been conducted to explore the influence of IS risk management implementation on the success of organizational performance. IS risk management implementation is a critical factor that determine organization’s success in IT management. According to  successful implementation and usage of technology in the business processes depends on software characteristics, organizational characteristics, types of project, users perception, and value yield to the financial outcome. IS risk management can be evaluated from the users experience in terms of perceived usefulness, perceived ease of use and user satisfaction. IS implementation is a costly project, inability of organization to maximize it performance potential is a risk to financial stability. Hence, IS is a resource capability that can be used as tool for competitive advantage. Therefore, more studies are required to create awareness about the importance of top management commitment and support on information system risk management implementation to promote sustainable profit and performance across the globe.
IS has become a bedrock of organization’s achievement in business administration and control. Therefore, efficient IS risk management implementation will help to achieve reliable information required for business processing. People like managers, employees and other related stakeholders need to connect through IS to coordinate business processing activities. IS analysis indicates that organizations have distinct roles to play in IS operations in terms of supporting various forms of strategic planning, performance, and evaluation. A great deal of administrative activities is been supported by IS software components, example is the Enterprise Resource Planning (ERP). It’s obvious that modern organization cannot survive without technology particularly, in the area of Management Information System (MIS). MIS help to disseminate information relating to business administration and processes within the circle of corporate units for organizational success. It’s also assists in timely process of business information for effective decision making. IS risk management implementation has not been a reality in the realm of research activity but it was valued by business organizations especially, the multi-million-dollar businesses. Telecommunication and financial sectors are most concerned with the problem of IS risk management. They are information service-oriented businesses that required information quality, service quality, and system quality to satisfy customers for profitability. Hence, top management commitment and support will enhance IS risk management and technology efficiency.