Ambidextrous AI Governance Model for Advancing State-Owned Bank in Indonesia Digital Transformation Through COBIT 2019 Traditional and DevOps

Authors

  • Rama Putra Ramdani Information Systems, Faculty of Industrial Engineering, Telkom University, Indonesia
  • Rahmat Mulyana Department of Computer and Systems Science, Stockholm University, Sweden
  • Taufik Nur Adi Information Systems, Faculty of Industrial Engineering, Telkom University, Indonesia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.4.4835

Keywords:

Ambidextrous AI Governance, Banking, Case Stud, COBIT 2019, Compliance, Design Science Research, DevOps, Digital Transformation, Risk Management

Abstract

Integrating artificial intelligence into the banking sector accelerates digital transformation, but it also presents governance challenges, particularly in striking a balance between innovation and regulatory compliance, risk management, and operational control. This research proposes an ambidextrous AI governance model by combining two distinct yet complementary mechanisms from COBIT 2019: the structured, control-oriented Traditional framework and the agile, adaptive DevOps Focus Area. This dual approach enables organizations to pursue innovation and maintain governance stability simultaneously. The study investigates BankCo’s, a state-owned bank in Indonesia that is undergoing a systemic digital transformation and applies the Design Science Research (DSR) methodology with a case study approach. Collecting data through five semi-structured interviews with key IT Governance, Risk, and Compliance stakeholders and triangulated with internal policy documents, annual reports, and audit trails. The analysis identified two prioritized Governance and Management Objectives (GMOs), MEA03 (Managed Compliance with External Requirements) and APO12 (Managed Risk), based on design factors, regulatory alignment (POJK No. 11/2022 and SOE Minister Regulation No. PER-2/MBU/03/2023), and agile governance needs. A maturity gap analysis revealed areas for improvement across people, process, and technology dimensions, with the proposed model raising governance capability from 3.55 to 3.95. The proposed model applies multidimensional prioritization through Resource-Risk-Value (RRV) analysis. This study presents a practical and auditable approach to ethical AI governance that strikes a balance between innovation and accountability. The model supports digital transformation in banks and contributes to information systems governance by linking the ethical use of AI with agile yet compliant practices in regulated environments.

Downloads

Download data is not yet available.

References

R. Kumar Batchu, “Digital Transformation in Banking: Navigating the Technological Frontier,” International Machine learning journal and Computer Engineering, vol. 7, no. 7, pp. 1–13, Feb. 2024, [Online]. Available: https://mljce.in/index.php/Imljce/article/view/21

É. Marcon, M. A. Le Dain, and A. G. Frank, “Designing business models for Industry 4.0 technologies provision: Changes in business dimensions through digital transformation,” Technol Forecast Soc Change, vol. 185, Dec. 2022, doi: 10.1016/j.techfore.2022.122078.

M. Doumpos, C. Zopounidis, D. Gounopoulos, E. Platanakis, and W. Zhang, “Operational research and artificial intelligence methods in banking,” Apr. 01, 2023, Elsevier B.V. doi: 10.1016/j.ejor.2022.04.027.

OJK, “Blueprint for Digital Transformation in Banking.” [Online]. Available: https://www.ojk.go.id/id/berita-dan-kegiatan/info-terkini/Documents/Pages/Cetak-Biru-Transformasi-Digital-Perbankan/BLUEPRINT%20FOR%20DIGITAL%20TRANSFORMATION%20IN%20BANKING.pdf

C. Gong and V. Ribiere, “Developing a unified definition of digital transformation,” Technovation, vol. 102, pp. 1–17, Apr. 2021, doi: 10.1016/j.technovation.2020.102217.

L. Lachvajderová and J. Kádárová, “Industry 4.0 Implementation and Industry 5.0 Readiness in Industrial Enterprises,” Management and Production Engineering Review, vol. 13, no. 3, pp. 102–109, 2022, doi: 10.24425/mper.2022.142387.

M. Zahid, I. Inayat, M. Daneva, and Z. Mehmood, “A security risk mitigation framework for cyber physical systems,” in Journal of Software: Evolution and Process, John Wiley and Sons Ltd, Feb. 2020. doi: 10.1002/smr.2219.

BankCo, “Sustainability Report,” 2024. [Online]. Available: https://www.bankco.co.id/

M. A. Camilleri, “Artificial intelligence governance: Ethical considerations and implications for social responsibility,” Expert Syst, vol. 41, no. 7, pp. 1–15, Jul. 2024, doi: 10.1111/exsy.13406.

S. Mithas, Z. L. Chen, T. J. V. Saldanha, and A. De Oliveira Silveira, “How will artificial intelligence and Industry 4.0 emerging technologies transform operations management?,” Prod Oper Manag, vol. 31, no. 12, pp. 4475–4487, Dec. 2022, doi: 10.1111/poms.13864.

A. Taeihagh, “Governance of artificial intelligence,” Policy Soc, vol. 40, no. 2, pp. 137–157, 2021, doi: 10.1080/14494035.2021.1928377.

B. W. Wirtz, J. C. Weyerer, and B. J. Sturm, “The Dark Sides of Artificial Intelligence: An Integrated AI Governance Framework for Public Administration,” International Journal of Public Administration, vol. 43, no. 9, pp. 818–829, Jul. 2020, doi: 10.1080/01900692.2020.1749851.

B. W. Wirtz, J. C. Weyerer, and I. Kehl, “Governance of artificial intelligence: A risk and guideline-based integrative framework,” Gov Inf Q, vol. 39, no. 4, pp. 1–17, Oct. 2022, doi: 10.1016/j.giq.2022.101685.

T. Birkstedt, M. Minkkinen, A. Tandon, and M. Mäntymäki, “AI governance: themes, knowledge gaps and future agendas,” 2023, Emerald Publishing. doi: 10.1108/INTR-01-2022-0042.

R. S. Peres, X. Jia, J. Lee, K. Sun, A. W. Colombo, and J. Barata, “Industrial Artificial Intelligence in Industry 4.0 -Systematic Review, Challenges and Outlook,” IEEE Access, 2020, doi: 10.1109/ACCESS.2020.3042874.

B. Attard-Frost, A. Brandusescu, and K. Lyons, “The governance of artificial intelligence in Canada: Findings and opportunities from a review of 84 AI governance initiatives,” Gov Inf Q, vol. 41, no. 2, pp. 1–24, Jun. 2024, doi: 10.1016/j.giq.2024.101929.

R. Mulyana, L. Rusu, and E. Perjons, “IT Governance Mechanisms that Influence Digital Transformation: A Delphi Study in Indonesian Banking and Insurance Industry,” Montreal: AIS Electronic Library (AISeL), Jul. 2022, pp. 1–10. doi: diva2:1683489.

R. Mulyana, L. Rusu, and E. Perjons, “Key ambidextrous IT governance mechanisms for successful digital transformation: A case study of Bank Rakyat Indonesia (BRI),” Digital Business, vol. 4, no. 2, pp. 1–19, Dec. 2024, doi: 10.1016/j.digbus.2024.100083.

ISACA, COBIT 2019 Framework Governance and Management Objectives. 2019. [Online]. Available: www.isaca.org

ISACA, COBIT Focus Area: DevOps Using COBIT 2019. ISACA, 2021. [Online]. Available: www.isaca.org

R. Mulyana, IT Governance Influence on Digital Transformation. Doctoral dissertation, Department of Computer and Systems Sciences, Stockholm University, 2025. [Online]. Available: http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-242507

M. Sprajcer et al., “How effective are Fatigue Risk Management Systems (FRMS)? A review,” Accid Anal Prev, vol. 165, Feb. 2022, doi: 10.1016/j.aap.2021.106398.

S. Umamaheswari, A. Valarmathi, and M. Phil, “Role Of Artificial Intelligence in The Banking Sector Associate professor, Vivekananda institute of management studies Coimbatore M. Raja lakshmi,” Chennai, 2023. doi: 10.17762/sfs.v10i4S.1722.

R. Mulyana, L. Rusu, and E. Perjons, “IT Governance Mechanisms Influence on Digital Transformation: A Systematic Literature Review,” Association for Information Systems (AIS), Aug. 2021, pp. 1–10. doi: diva2:1612879.

BankCo, “Annual Report,” 2024. [Online]. Available: https://www.bankco.co.id/

D. A. S. Bhegawati and M. S. Utama, “The Role of Banking in Indonesia in Increasing Economic Growth and Community Welfare,” South East Asia Journal of Contemporary Business, Economics and Law, vol. 22, no. 1, pp. 83–91, 2020, [Online]. Available: https://seajbel.com/wp-content/uploads/2020/10/SEAJBEL22_227.pdf

P. G. R. de Almeida, C. D. dos Santos, and J. S. Farias, “Artificial Intelligence Regulation: a framework for governance,” Ethics Inf Technol, vol. 23, no. 3, pp. 505–525, Sep. 2021, doi: 10.1007/s10676-021-09593-z.

OJK, “Peraturan Otoritas Jasa Keuangan Republik Indonesia Nomor 11/POJK.03/2022 Tentang Penyelenggaraan Teknologi Informasi Oleh Bank Umum.” [Online]. Available: https://ojk.go.id/id/regulasi/Documents/Pages/Penyelenggaraan-Teknologi-Informasi-Oleh-Bank-Umum/POJK%2011%20-%2003%20-%202022.pdf

BUMN, “Peraturan Menteri Badan Usaha Milik Negara Nomor PER-2/MBU/03/2023 Tahun 2023 tentang Pedoman Tata Kelola dan Kegiatan Korporasi Signifikan Badan Usaha Milik Negara.” [Online]. Available: https://peraturan.bpk.go.id/Details/264291/permen-bumn-no-per-2mbu032023-tahun-2023

R. Mulyana, L. Rusu, and E. Perjons, “How Hybrid IT Governance Mechanisms Influence Digital Transformation and Organizational Performance in the Banking and Insurance Industry of Indonesia,” in The International Conference on Information Systems Development (ISD), Lisbon: Association for Information Systems (AIS), 2023, pp. 1–12. doi: 10.62036/isd.2023.33.

J. Schneider, R. Abraham, C. Meske, and J. Vom Brocke, “Artificial Intelligence Governance For Businesses,” Information Systems Management, vol. 40, no. 3, pp. 229–249, Jun. 2022, doi: 10.1080/10580530.2022.2085825.

M. S. Djanegara, S. Sutarti, and S. A. Dewo, “The Influence of Corporate Governance for the Indonesian Banking Industry in a Pandemic Period,” International Journal of Finance & Banking Studies (2147-4486), vol. 11, no. 3, pp. 62–71, Sep. 2022, doi: 10.20525/ijfbs.v11i3.1988.

I. Permatasari, “Does corporate governance affect bank risk management? Case study of Indonesian banks,” International Trade, Politics and Development, vol. 4, no. 2, pp. 127–139, Oct. 2020, doi: 10.1108/itpd-05-2020-0063.

S. Napitupulu, I. Primiana, S. R. Nidar, N. Effendy, and D. M. Puspitasari, “The effect of management capabilities in implementing good corporate governance: A study from indonesia banking sector,” Journal of Asian Finance, Economics and Business, vol. 7, no. 1, pp. 159–165, Jan. 2020, doi: 10.13106/jafeb.2020.vol7.no1.159.

M. Mäntymäki, M. Minkkinen, T. Birkstedt, and M. Viljanen, “Putting AI Ethics into Practice: The Hourglass Model of Organizational AI Governance,” ArXiv, pp. 1–41, Feb. 2023, doi: 10.48550/arXiv.2206.00335.

C. V. R. Padmaja, S. L. Narayana, G. L. Anga, and P. K. Bhansali, “The rise of artificial intelligence: a concise review,” IAES International Journal of Artificial Intelligence, vol. 13, no. 2, pp. 2224–2233, Jun. 2024, doi: 10.11591/ijai.v13.i2.pp2226-2235.

P. Soto-Acosta, “COVID-19 Pandemic: Shifting Digital Transformation to a High-Speed Gear,” Information Systems Management, vol. 37, no. 4, pp. 260–266, Oct. 2020, doi: 10.1080/10580530.2020.1814461.

R. Mulyana, L. Rusu, and E. Perjons, “Key Ambidextrous IT Governance Mechanisms Influence on Digital Transformation and Organizational Performance in Indonesian Banking and Insurance,” AIS Electronic Library (AISeL), Jul. 2024, pp. 1–16. [Online]. Available: https://aisel.aisnet.org/pacis2024/track15_govce/track15_govce/7

L. McCormack and M. Bendechache, “Ethical AI Governance: Methods for Evaluating Trustworthy AI,” pp. 1–9, Aug. 2024, [Online]. Available: http://arxiv.org/abs/2409.07473

P. Ala-Pietilä et al., “The Assessment List for Trustworthy Artificial Intelligence (ALTAI),” European Commission, pp. 1–32, 2020, doi: 10.2759/791819.

European Commission, “Assessment List for Trustworthy Artificial Intelligence (ALTAI) for self-assessment,” Publications Office of the European Union, pp. 1–33, Jul. 2020, doi: 10.2759/791819.

M. Mäntymäki, M. Minkkinen, T. Birkstedt, and M. Viljanen, “Defining organizational AI governance,” AI and Ethics, vol. 2, no. 4, pp. 603–609, Nov. 2022, doi: 10.1007/s43681-022-00143-x.

OJK, “The Indonesian Financial Services Sector Master Plan 2021–2025.” [Online]. Available: https://www.ojk.go.id/id/berita-dan-kegiatan/info-terkini/Documents/Pages/Master-Plan-Sektor-Jasa-Keuangan-Indonesia-2021-2025/The%20Indonesian%20Financial%20Services%20Sector%20Master%20Plan%202021-2025.pdf

S. De Haes, W. Van Grembergen, A. Joshi, and T. Huygh, Enterprise governance of Information Technology: Achieving alignment and value in digital organizations. Springer, 2020. doi: 10.1007/978-3-030-25918-1.

Ghazi M Qasaimeh and Hussam Eddin Jaradeh, “The Impact of Artificial Intelligence on the Effective Applying of Cyber Governance in Jordanian Commercial Banks,” International Journal of Technology, Innovation and Management (IJTIM), vol. 2, no. 1, pp. 68–86, May 2022, doi: 10.54489/ijtim.v2i1.61.

ISACA, COBIT 2019 Design guide designing an information and technology governance solution. 2018. doi: www.isaca.org.

R. W. I. Susatyo, E. Indrajit, and E. Dazki, “IT Governance Analysis in Interior Contracting Industry: A COBIT 2019 Approach,” sinkron, vol. 8, no. 4, pp. 2142–2154, Oct. 2024, doi: 10.33395/sinkron.v8i4.13978.

Achmad Fadhli Satriadi, R. Mulyana, and R. Fauzi, “AGILE IT SERVICE MANAGEMENT DESIGN OF FINTECHCO DIGITALIZATION BASED ON COBIT 2019 DEVOPS FOCUS AREA,” Jurnal Teknik Informatika (Jutif), vol. 4, no. 5, pp. 1165–1177, Oct. 2023, doi: 10.52436/1.jutif.2023.4.5.1304.

A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design Science in Information Systems Research,” Mar. 2004. doi: https://doi.org/10.2307/25148625.

R. K. Yin, How to do Better Case Studies. The SAGE Handbook of Applied Social Research Methods. SAGE Publications, Inc., 2009. doi: 10.4135/9781483348858.

A. K. Shenton, “Strategies for ensuring trustworthiness in qualitative research projects,” Education for Information, vol. 22, no. 2, pp. 63–75, 2004, doi: 10.3233/EFI-2004-22201.

P. I. Fusch and L. R. Ness, “Are We There Yet? Data Saturation in Qualitative Research,” The Qualitative Report, vol. 20, no. 9, pp. 1408–1416, 2015, doi: 10.46743/2160-3715/2015.2281.

T. Sato, “Risk-based Project Value – The Definition and Applications to Decision Making,” Procedia Soc Behav Sci, vol. 119, pp. 152–161, Mar. 2014, doi: 10.1016/j.sbspro.2014.03.019.

S. Tangprasert, “A Study of Information Technology Risk Management of Government and Business Organizations in Thailand using COSO-ERM based on the COBIT 5 Framework,” J Appl Sci (Thailand), vol. 19, no. 1, pp. 13–24, Jun. 2020, doi: 10.14416/j.appsci.2020.01.002.

R. Testorelli, A. Tiso, and C. Verbano, “Value Creation with Project Risk Management: A Holistic Framework,” Jan. 01, 2024, Multidisciplinary Digital Publishing Institute (MDPI). doi: 10.3390/su16020753.

C. Wu, H. Zhang, and J. M. Carroll, “AI Governance in Higher Education: Case Studies of Guidance at Big Ten Universities,” Future Internet, vol. 16, no. 10, pp. 1–19, Oct. 2024, doi: 10.3390/fi16100354.

ISACA, COBIT 2019 Framework: Introduction and Methodology. ISACA, 2018. [Online]. Available: www.isaca.org

ASEAN, “ASEAN Guide on AI Governance and Ethics Contents,” ASEAN Secretariat, 2024, pp. 1–87. [Online]. Available: https://asean.org/wp-content/uploads/2024/02/ASEAN-Guide-on-AI-Governance-and-Ethics_beautified_201223_v2.pdf

OECD, “Recommendation of the Council on Artificial Intelligence,” 2019, pp. 1–12. [Online]. Available: http://legalinstruments.oecd.org

IEEE Global Initiative, “Ethically Aligned Design - A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems,” IEEE, pp. 1–291, Mar. 2019, [Online]. Available: https://ieeexplore.ieee.org/servlet/opac?punumber=9398611

Additional Files

Published

2025-08-18

How to Cite

[1]
R. P. . Ramdani, R. . Mulyana, and T. N. . Adi, “Ambidextrous AI Governance Model for Advancing State-Owned Bank in Indonesia Digital Transformation Through COBIT 2019 Traditional and DevOps ”, J. Tek. Inform. (JUTIF), vol. 6, no. 4, pp. 1745–1768, Aug. 2025.

Issue

Vol. 6 No. 4 (2025): JUTIF Volume 6, Number 4, Agustus 2025

Section

Articles

License

Copyright (c) 2025 Rama Putra Ramdani, Rahmat Mulyana, Taufik Nur Adi

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.