AGILE IT SERVICE MANAGEMENT DESIGN OF FINTECHCO DIGITALIZATION BASED ON COBIT 2019 DEVOPS FOCUS AREA

The Indonesian Financial Technology (Fintech) industry plays a pivotal role in driving digital technology advancements and propelling the nation's growth. The rapid development of Fintech presents a unique challenge for established financial companies, necessitating effective government regulation through a Sandbox approach. FintechCo, operating under the watchful eye of State-Owned Enterprises and the Financial Service Authority, must strike a delicate balance between their agile services and security risks. Hence, FintechCo necessitates an examination of optimal agile services through the utilization of five stages derived from the Design Science Research approach. This need arises to adhere to the Good Corporate Governance standards established by State-Owned Enterprises (SOE) and the Financial Services Authority (FSA). The cutting-edge COBIT 2019 DevOps Focus Area framework is employed for analysis. The research identifies three highest priority Governance and Management Objectives (GMOs): Managed Security Services (DSS05), Managed Problem (DSS03), and Managed Solution Identification and Build (BAI03). These GMOs are thoroughly evaluated, and comprehensive recommendations are provided based on their seven key components. There is an estimated 17% increase in the average capability score, from 2.82 to 3.30, across all three GMOs. The contribution of this study is twofold: to serve as a valuable knowledge resource for agile IT services in digitalization within organizations and to offer practical implications for FintechCo to enhance their digitalization. Furthermore, this research sets a precedent for the Fintech industry, signifying a benchmark for excellence and innovation.


INTRODUCTION
In this era, Information Technology (IT) is essential in developing education, economy, industry, and the country.This shift has led to the emergence of various challenges such as digitalization that need to be addressed to meet evolving needs.The ongoing process of digitalization is restructuring the dynamics between customers and businesses, necessitating fresh approaches for structuring and innovating business models [1].There are many perceptions about digitalization, two of them are the utilization and implementation of digital technologies within the contexts of individuals, entities, or broader enterprises [2] and the transformation of interactions communications, business functions, and business models into the digital ones [3].Setia [4] highlight that digitalization plays a pivotal role in the transformation journey of companies, as it improves customer relations, enhances IT-enabled business processes, and facilitates the delivery of online services.
IT has a significant role in the operational activities of a company [5].The worldwide momentum towards digital transformation has heightened the necessity for the proficient, streamlined processes and provision of software products, services, and solutions [6].Because IT is very important and crucial in organizations, the use and development of IT must be agile.In business, agile organization is a strategy that helps to quickly adapt and respond to changes in the environment, such as evolving customer needs and advancements in technology [7].The integration of Agile principles within the IT Governance framework has the potential to accelerate decision-making processes, reinforce business procedures, and augment organizational competitiveness [8].Agile IT design requires regulations such as IT Governance (ITG), which focuses on monitoring IT assets, impacting business value, and mitigating IT-related risks [9].This because ITG coordination is carried out under by the board, executive management, and IT management [10].ITG also has a very important position in driving digital efforts within the organization [11].
The development of information technology impacts assimilation in every sector, one of which is the finance sector.The upward trajectory of financial and technological innovation has generated a heightened scholarly curiosity within this specific realm of study [12].Over time, the financial and information technology sectors have merged under the name of Financial Technology (Fintech).The term 'Fintech' embodies a fusion of information technology and financial services, possessing the potential to transform business structures and facilitate entry into the industry [13].Fintech has been attracting attention and acceptance rapidly in recent years [14].The expectations of fintech itself cause significant challenges for several business organizations in implementing it.This is what causes the presence of fintech to be called digital disruption, where every business organization will try to compete with one another in developing it.One such manifestation of Fintech innovation in Indonesia is represented by FintechCo.
The world of finance hasn't been immune to the IT revolution.In fact, established incumbent financial companies have found themselves disrupted by this digital technology, compelling them to embrace Digital Transformation (DT) [15].Digital technology disrupts incumbent companies due to its capacity to revolutionize traditional business models and processes.In the realm of finance, DT essentially means harnessing the power of fresh digital technologies like social media, mobile computing, and Internet of Things (IoT), with the goal to effect significant business enhancements.These include bettering customer interactions, streamlining operations, and bringing in groundbreaking business models.The objective of this transformation is not just to boost efficiency and improve customer service, but also to roll out innovative financial products.This changes the entire perspective of stakeholders towards traditional financial institutions, offering them a whole new interactive experience [16].Nonetheless, the execution of digital transformation (DT) is a complex process, with frequent failures attributed to inadequate Information Technology Governance (ITG) [17].Moreover, Incumbent companies require digital transformation to modernize outdated processes, enhance customer experiences, and remain competitive in the digital age.Starting from planning, system integration, governance, and other factors need to be considered for business organizations to be able to adopt fintech.By doing so, the organization can ensure that all aspects of its IT function are synchronized and in harmony with its overall objectives.Therefore, DevOps came as a means of culture shift toward collaboration between development, quality assurance, and operations [18].DevOps practices promote a culture where development and operations teams work together, fostering shared ownership and responsibility.By shifting away from traditional methods, organizations can foster effective collaboration among teams and employees, streamline the exchange of ideas and suggestions, and eliminate lengthy and cumbersome processes.
The fintech regulations are listed in Bank Indonesia Regulation No.To design agile information technology governance and management, this research uses the COBIT 2019 DevOps Focus Area framework approach as the initial standard.This study was undertaken by building upon prior research [23] that primarily concentrated on process components, thereby incorporating additional components from the Seven Components.By integrating these supplementary components, this research endeavors to achieve several objectives, including assessing the status of Agile Service within the framework of digitalization at FintechCo, formulating recommendations grounded in identified gaps, and evaluating the efficacy of these recommendations when applied within the current operational landscape of FintechCo.

METHODS
This study uses the Design Science Research framework that has been developed and optimized by Hevner [24] to support designing Agile Services at FintechCo.Design Science Research shown in Figure 1 explains the formulation of the problem, theories relevant to research, as well as the scope of research discussion which is divided into three (3) sections, namely Environment, Information System Research, and Knowledge.

ITGM Objectives Prioritization Result
The following is the prioritization based on the COBIT 2019 design factor toolkit [26] and the COBIT 2019 DevOps Focus Area [6].The results of the two analyzes are multiplied and the results used to determine priorities.Based on Table 1, The Focus Area is value two (2) included in Secondary Relevance and is in the domain DSS05: Managed Security Services.Focus Areas have a value of three (3) including Primary Relevance and are found in two (2) domains, namely: DSS03: Managed Problems and BAI03: Managed Solutions Identification and Build.The three domains above were chosen because they have the highest score compared to the other domains.

A. Process Component
The results of the analysis carried out on the process components show that there are gaps in DSS05 with several gaps: DSS03 with one (1) gap, and BAI03 with two (2) gaps.The score obtained for 1168 Jurnal Teknik Informatika (JUTIF), Vol. 4, No. 5, October 2023, pp.1165 -1177 each ITGM Objectives is 2.9 for DSS05, 2.8 for DSS03, and 2.75 for BAI03.The following are the results of the analysis shown in Table 2.

C. Culture, Ethics, and Behavior Component
In this component, a gap was found in BAI03.Table 4 displays the results of the analysis on the culture, ethics, and behavior components.This component affect people at organization.

E. Organization Structure Component
In the results of the analysis of the organization structure components, there is a gap with the number three (3).FintechCo does not yet have roles such as Business Continuity Manager, Project Management Office and Portfolio Manager.The result shown in Table 6.Table 6.Organization structure analysis results

Chief
Technology Officer

BAI03, DSS03
The company already has a Chief Technology Officer who is responsible for identifying technology trends as well as developing and managing the company's technology architecture.

Chief
Information Officer

F. Information Component
The results of the information component analysis at FintechCo show gaps in reports such as penetration testing reports, user access review reports, issues closure reports, and problem management catalogs that are not yet available.The results are shown in Table 7.

Malicious software prevention policy
FintechCo already has a policy regarding the handling of malicious software (malicious code, viruses)

Evaluations of potential threats
The framework and methodology used by FintechCo anticipate threats, weaknesses, impacts, and risk management (possibility of fraud, security threats, and related business risks).DSS05.02-Manage network and connectivity security.

Connectivity Security Policy
Fintech already has policies related to connectivity security that are regulated in the Information Security Management Policy Results Of Penetration Tests FintechCo has conducted penetration testing, but found no reports related to penetration testing DSS05.03-Manage endpoint security.

Security
Policies for Endpoint Devices FintechCo already has policies related to security for endpoint devices that are regulated in the Information Security Management Policy DSS05.04 -Manage user identity and logical access.

Results of Reviews of User Accounts and Privileges
There are no report documents related to user access review

Record of all approved and applied change requests
FintechCo already has a policy regarding recording every change to their application system.BAI03.10 -Maintain solutions.

Maintenance plan
The plan for testing, maintenance and re-assessments as in the Business Continuity Plan is carried out regularly by FintechCo.
Updated solution components and related documentation BAI03.11-Define IT products and services and maintain the service portfolio.

Updated service portfolio
FintechCo has set policies regarding formal change control procedures that must be defined and carried out precisely, every change in the system will be reviewed and tested to ensure there are no negative impacts on operations or security.

G. People, Skills, and Competencies Component
Table 8 shows that FintechCo have gaps on BAI03 regarding documentation production and systems design that still based only on Microsoft Visio.

Potential Improvement
The goal of potential improvement is to pinpoint what changes are necessary to fill any identified gaps.
The changes in potential improvement are divided into three (3) aspect, which are People, Process, and Technology.Below are the results of potential improvements shown in Table 9.

Resource, Risk, and Value (RRV) Analysis
Potential improvements that have been determined then be compiled in a roadmap that has been prioritized based on resource, risk, and value (RRV) analysis.RRV analysis gives a score of three (3) with the criteria: if the required resource comes from internal sources, the risk impacts one unit in the company, and the value of the implementation impacts all units in the company.Next, the RRV analysis gives a score of two (2) with the criteria: if the required resources come from internal and external, the risk impacts several units in the company, and the value of the implementation impacts several units in the company.And finally, the RRV analysis gives a score of one (1) with the criteria: if the required resource comes from an external source, the risk impacts all units in the company, and the value of the implementation impacts one unit in the company.Following are the results of the roadmap priority analysis based on the RRV shown in Table 10.

Implementation Roadmap
The following is an overview of the implementation roadmap designed based on the RRV analysis shown in Table 11.

Impact Estimation of Recommendations on FintechCo
The following is an estimate of the impact of the recommendations designed for the gaps found in each component.The process component shows the increasing score on all GMOs after the recommendations.The estimated result of process component is shown in Table 12.With these recommendations, the capability score on the three GMOs is estimated to increase, for DSS05, from 2.9 to 3.6; DSS03 from 2.8 to 3.2; and BAI03 from 2.75 to 3.1.There is an estimated average of 17% increase in the average capability score, from 2.82 to 3.30, across all three GMOs The recommendations on the organization structure component give 3 (three) roles and responsibilities: Portfolio Manager, Business Continuity Manager, and Project Management Office.The recommendations on the information component give template guidelines for reports and documentation documents.FintechCo also received a training and certification recommendation on the culture, ethics, and behavior component, and the people, skills, and competencies component.Lastly, on the application, technology, and services component, FintechCo received recommendations as solutions for the missing tools and documents.Below is the estimated impact result of the recommendation given to FintechCo, shown in Table 13.

DISCUSSION
Entering the Fintech sector, a hotbed of innovation, where pioneering companies like FintechCo are born in the digital era.These startups typically boast modest assets and lower inherent risks, affording regulators the opportunity to grant them more flexibility through the Regulatory Sandbox approach [20].This newfound freedom calls for a different approach to IT governance and management -one that is agile, adaptive, and aligns seamlessly with their dynamic environment.For these Fintech companies, the pursuit of swift digitalization, rapid customer experience enhancements, and sustainable control over their operations necessitates a holistic focus on robust development and operations (DevOps) [21].
The findings from prior research [23] had an emphasis on the process component.These findings solely recognized discrepancies linked to practices and activities within business processes.Consequently, in the context of this study, the elements encompassing the Seven Components were incorporated to pinpoint gaps in areas including information, culture, competencies, organizational structure, policies, and infrastructure.To address these gaps and bolster FintechCo's IT agile services, we have formulated recommendations encompassing three essential aspects: people, process, and technology.In the people aspect, our research has led us to propose additional roles and responsibilities, essential to fortify the organization's resilience, including a dedicated Business Continuity Manager, Portfolio Manager, and Project Management Office.In the process aspect, our tailored recommendations center on designing Standard Operating Procedures (SOPs), report templates, and critical policies that were previously absent.By providing these guidelines, we empower FintechCo to navigate challenges with efficiency and effectiveness, ensuring they stay ahead of the competition.Furthermore, the technology aspect of our recommendations is a pivotal pillar in enhancing FintechCo's performance.By identifying suitable applications and tools, we equip FintechCo with the necessary resources to thrive in the digital age, making the most of emerging technologies to deliver unparalleled customer experiences.With these recommendations, the capability score on the three GMOs is estimated to increase, for DSS05, from 2.9 to 3.6; DSS03 from 2.8 to 3.2; and BAI03 from 2.75 to 3.1.There is a 17% increase in the average capability score, from 2.82 to 3.30, across all three GMOs.
The crux of this study lies in revealing the function of the Design Science Research approach, expertly leveraging ISACA's latest framework -the COBIT 2019 DevOps Focus Area.Through meticulous research and analysis, this study presents a compelling solution tailor-made for the disruptive financial industry, with the Fintech sector as a shining example.By adopting this framework, FintechCo and its peers in the financial industry can harness the potency of agile-adaptive IT governance and management, fostering a transformative environment that propels their growth and success.
The path to digital transformation in the financial realm is multifaceted, demanding both conventional stability and agile innovation.This research demonstrates that by embracing a balanced approach and leveraging the COBIT 2019 DevOps Focus Area, financial institutions can confidently embark on their digital journey, outpacing competition, and delivering unparalleled customer experiences.The future of the financial industry is poised for disruption, and the Fintech sector is leading the way with a dynamic, agile, and adaptive vision for growth and progress.

CONCLUSION
Throughout this study, we believe have shed light on the challenges and opportunities faced by a leading financial technology organization, FintechCo.As we delve into the implications and potential improvements, it is crucial to acknowledge certain limitations that may restrict the generalization of our findings to other organizations.However, these limitations serve as steppingstones for future research endeavors, aimed at exploring a wider range of financial technology firms, ensuring a more comprehensive understanding of the industry's dynamic landscape.
Drawing from 2019 COBIT DevOps Focus Area framework, we have pinpointed three highest prioritized IT Governance and Management (ITGM) objectives: Managed Security Services (DSS05), Managed Problems (DSS03), and Managed Solution Identification and Build (BAI03).Identifying a total of fifteen gaps within these objectives has granted us unparalleled insight into areas ripe for improvement, thereby fostering digital transformation excellence within FintechCo.
As we reflect on the impact of our research, it is evident that the potential improvements identified have practical implications for FintechCo and the wider financial technology community.By aligning its operations with the recommendations, FintechCo can not only maintain the continuity of its digitalization but also bolster its position in the industry, setting new standards for excellence and innovation.In addition, this study also acts as a guiding light, illuminating the path to success for FintechCo and inspiring other financial technology organizations to embrace transformative change.By staying attuned to the ever-evolving landscape of digitalization and agile IT services, FintechCo can unlock its true potential, leading the industry towards a future brimming with unprecedented possibilities.As we embark on this journey of advancement and innovation, we anticipate that our research will serve as a catalyst, propelling FintechCo and its peers towards a future characterized by ingenuity and resilience growth.

Figure 1 .
Figure 1.Design Science Research adopted from Hevner The systematic research shown in Figure 2 explains the five (5) phases of systematic problem solving in this study.The first phase begins with Problem Identification, which describes problem identification, problem formulation, goal formulation, and problem definition formulation obtained through literature studies.The next phase is Requirements Determination, which explains the preparation for the interview phase, determining ITGM objectives, gap analysis, and determining recommendations based on Aspect: People, Process,

Table 2 .
Process Component Analysis Result

Table 3 .
Policies, principles, and frameworks analysis results

Table 4 .
Culture, ethics, and behavior component analysis results Achmad Fadhli Satriadi, et al., Agile IT Service Management Design … 1169 D. Application, Infrastructure, and Service ComponentThis component shows the gaps related to the application, infrastructure, and services that exist in FintechCo.Complete results are shown in Table5below.

Table 5 .
is an IT Steering Committee, where members of the committee consist of representatives from the Chief Information Officer, Chief Information Security Officer, and FintechCodoes not yet have a Project Continuity Manager who is responsible for Ensuring that projects related to DevOps are initiated, planned, and executed in accordance with the management system.

Table 7 .
Information component analysis result

Table 8 .
People, skills, and competencies component analysis result FintechCo manages its Business Process Testing based on PBI, EU, Fund Transfer PBI, PBI, PPTP, PP PSTE Component integration FintechCo manages its Component Integration based on the Decision of the Risk Management Directors using COSO and ERM Database design FintechCo manages and uses its Database Design based on AWS, SuSE Linux, PSQL Documentation production FintechCo manages its Documentation Production using only Microsoft Office Visio Hardware design FintechCo manages its Hardware Design based on UML, EA, JIRA Porting/software configuration FintechCo manages its Software Configuration using Java, CI/CD, Ansible 1172 Jurnal Teknik Informatika (JUTIF), Vol. 4, No. 5, October 2023, pp.1165 -1177

Table 9 .
Potential improvementsConduct training or create and execute a well-thought-out communication strategy that consistently reinforces the significance of quality and continuous improvement initiatives in a regular and impactful manner.The purpose of this recommendation is about the importance of open communication when evaluating and investigating potential new solutions.Problem Management Catalog template that functions to store records or entries for each problem that has been identified and logged within the organization.

Table 10 .
RRV analysis results for roadmap prioritization

Table 11 .
Roadmap implementation of the designed recommendation

Table 12 .
Impact estimation on process component

Table 13 .
Impact estimation on organization structure, information, culture, people, and application component