Issue

Vol. 10, No. 4, November 2025

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Ambidextrous Blockchain Governance to Strengthen BankCo’s Digital Transformation through COBIT 2019 Traditional and DevOps

https://doi.org/10.22219/kinetik.v10i4.2361
Salsabill Nur Aisyah
Telkom University
Rahmat Mulyana
Tien Fabrianti Kusumasari
Telkom University

Corresponding Author(s) : Salsabill Nur Aisyah

sabillnrsyh@gmail.com

Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, Vol. 10, No. 4, November 2025

Abstract

The adoption of blockchain in banking accelerates digital transformation by enhancing transparency and operational efficiency. However, it also introduces governance challenges related to compliance, accountability, and system integrity in a highly regulated environment. This study addresses these challenges by developing a blockchain governance solution based on the ambidextrous of COBIT 2019 Traditional and DevOps Focus Areas. A governance model was built and evaluated through iterative steps. Data were collected via interviews with key stakeholders and triangulated with internal documents, including annual reports, risk frameworks, and policy records, until data saturation was achieved. The analysis applied the ambidextrous COBIT 2019 framework across seven governance components. Governance and Management Objectives (GMOs) were prioritized using design factors, national regulations (POJK No.11/2022 and SOE Minister No.PER-2/MBU/03/2023), and insights from prior studies. APO12: Managed Risk was identified as the most prioritized GMO. A capability gap analysis revealed missing leadership roles, overlapping security responsibilities, and underdeveloped risk management practices. Recommendations include formalizing key governance roles and strengthening risk handling for blockchain and DevOps environments. These enhancements are expected to increase the maturity level of APO12 from 3.5 to 4.1, thereby improving BankCo’s risk management, compliance, and innovation capabilities. Ultimately, the findings contribute to continuous digital innovation by aligning risk management practices with strategic performance goals and adaptive control mechanisms rooted in emerging technology principles.

Keywords

Ambidextrous Blockchain Governance Digital Transformation COBIT 2019 DevOps APO12 Design Science Research Banking
Aisyah, S. N. ., Mulyana, R., & Kusumasari, T. F. (2025). Ambidextrous Blockchain Governance to Strengthen BankCo’s Digital Transformation through COBIT 2019 Traditional and DevOps. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 10(4). https://doi.org/10.22219/kinetik.v10i4.2361
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX
References
  1. Jabborova, D., Mamurova, D., Umurova, K. K., Ulasheva, U., Djalolova, S. X., & Khurramov, A. (2024). Possibilities of using technologies in digital transformation of sustainable development. E3S Web of Conferences, 491, 01002. [https://doi.org/10.1051/e3sconf/202449101002](https://doi.org/10.1051/e3sconf/202449101002)
  2. Omol, E. J. (2024). Organizational digital transformation: From evolution to future trends. Emerald Publishing. [https://doi.org/10.1108/DTS-08-2023-0061](https://doi.org/10.1108/DTS-08-2023-0061)
  3. Alqararah, E. A., Shehadeh, M., & Yaseen, H. (2025). The role of digital transformation capabilities in improving banking performance in Jordanian commercial banks. Journal of Risk and Financial Management, 18(4). [https://doi.org/10.3390/jrfm18040196](https://doi.org/10.3390/jrfm18040196)
  4. Budisteanu, T.-G. (2025). Blockchain and the banking sector: Benefits, challenges and perspectives. Open Journal of Social Sciences, 13(3), 288–300. [https://doi.org/10.4236/jss.2025.133019](https://doi.org/10.4236/jss.2025.133019)
  5. Javaid, M., Haleem, A., Singh, R. P., Suman, R., & Khan, S. (2022). A review of blockchain technology applications for financial services. Elsevier B.V. [https://doi.org/10.1016/j.tbench.2022.100073](https://doi.org/10.1016/j.tbench.2022.100073)
  6. Park, J., Jeong, S., & Yeom, K. (2023). Smart contract broker: Improving smart contract reusability in a blockchain environment. Sensors, 23(13). [https://doi.org/10.3390/s23136149](https://doi.org/10.3390/s23136149)
  7. Muayad, A., & Abumandil, M. (2022). Role of smart contract technology blockchain services in finance and banking systems: Concept and core values. SSRN Electronic Journal. [https://dx.doi.org/10.2139/ssrn.4078566](https://dx.doi.org/10.2139/ssrn.4078566)
  8. Gangarde, R. (2024). Exploring the role of blockchain in preventing cyber fraud in financial systems. Computer Fraud and Security, 123–130. [https://doi.org/10.52710/cfs.81](https://doi.org/10.52710/cfs.81)
  9. Reyes, C. L., & Cutler, J. P. (2025). Ready layer one: Functional regulation for blockchain infrastructure. [https://doi.org/10.2139/ssrn.5145302](https://doi.org/10.2139/ssrn.5145302)
  10. Nahi, H. A., et al. (2025). Blockchain network for regulation decentralized e-government systems. Data and Metadata, 4. [https://doi.org/10.56294/dm2025201](https://doi.org/10.56294/dm2025201)
  11. Mewha, H. (2023). Blockchain wakes: Balancing the light and dark sides of blockchain through global regulation. [https://doi.org/10.1017/9781108609708.007](https://doi.org/10.1017/9781108609708.007)
  12. Baertschi, S., Guenthardt, L., Sabani, R., & Krey, M. (2023). A method for the adoption of DevOps in the banking industry. In 2023 International Conference on Information Management (ICIM) (pp. 31–36). IEEE. [https://doi.org/10.1109/ICIM58774.2023.00012](https://doi.org/10.1109/ICIM58774.2023.00012)
  13. Lesavre, L., Varin, P., & Yaga, D. (2024). Blockchain networks: Token design and management overview (NIST IR 8301). [https://doi.org/10.6028/NIST.IR.8301](https://doi.org/10.6028/NIST.IR.8301)
  14. Mulyana, R., Rusu, L., & Perjons, E. (2024). Key ambidextrous IT governance mechanisms influence on digital transformation. In Proceedings of PACIS 2024. [https://aisel.aisnet.org/pacis2024](https://aisel.aisnet.org/pacis2024)
  15. ISACA. (2018). COBIT 2019 Framework: Introduction and Methodology. [https://www.isaca.org/](https://www.isaca.org/)
  16. ISACA. (2021). COBIT Focus Area: DevOps. [https://www.isaca.org/](https://www.isaca.org/)
  17. Mulyana, R. (2025). IT governance influence on digital transformation (Ph.D. dissertation). Stockholm University. [http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-242507](http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-242507)
  18. Satriadi, A. F., Mulyana, R., & Fauzi, R. (2023). Agile IT service management design of FinTechCo digitalization based on COBIT 2019 DevOps Focus Area. Jurnal Teknik Informatika (Jutif), 4(5), 1165–1177. [https://doi.org/10.52436/1.jutif.2023.4.5.1304](https://doi.org/10.52436/1.jutif.2023.4.5.1304)
  19. Otoritas Jasa Keuangan. (2022). Peraturan Otoritas Jasa Keuangan Nomor 11/POJK.03/2022 Tahun 2022 tentang Penyelenggaraan Teknologi Informasi oleh Bank Umum. [https://peraturan.bpk.go.id/Details/227376](https://peraturan.bpk.go.id/Details/227376)
  20. BUMN. (2023). Berita Negara Republik Indonesia. [http://www.peraturan.go.id](http://www.peraturan.go.id)
  21. Safiullah, M., & Paramati, S. R. (2024). The impact of FinTech firms on bank financial stability. Electronic Commerce Research, 24(1), 453–475. [https://doi.org/10.1007/s10660-022-09595-z](https://doi.org/10.1007/s10660-022-09595-z)
  22. Wang, S., Asif, M., Shahzad, M. F., & Ashfaq, M. (2024). Data privacy and cybersecurity challenges in the digital transformation of the banking sector. Computers & Security, 147, 104051. [https://doi.org/10.1016/j.cose.2024.104051](https://doi.org/10.1016/j.cose.2024.104051)
  23. Seyedjafarrangraz, F., De Fuentes, C., & Zhang, M. (2024). Mapping the global regulatory terrain in digital banking: A longitudinal study across countries. Digital Policy, Regulation and Governance. [https://doi.org/10.1108/DPRG-04-2024-0067](https://doi.org/10.1108/DPRG-04-2024-0067)
  24. Mulyana, R., Rusu, L., & Perjons, E. (2021). IT governance mechanisms influence on digital transformation: A systematic literature review. AMCIS 2021. [https://aisel.aisnet.org/amcis2021/adv_info_systems_general_track/adv_info_systems_general_track/19/](https://aisel.aisnet.org/amcis2021/adv_info_systems_general_track/adv_info_systems_general_track/19/)
  25. Mulyana, R., Rusu, L., & Perjons, E. (2023). How hybrid IT governance mechanisms influence digital transformation and organizational performance in the banking and insurance industry of Indonesia. [https://doi.org/10.62036/ISD.2023.33](https://doi.org/10.62036/ISD.2023.33)
  26. Dhillon, R., & Sivabalan, P. (2025). Exploring dimensions of governance for different types of blockchain systems. British Accounting Review. [https://doi.org/10.1016/j.bar.2025.101588](https://doi.org/10.1016/j.bar.2025.101588)
  27. Joshi, A., Bollen, L., Hassink, H., De Haes, S., & Van Grembergen, W. (2018). Explaining IT governance disclosure through the constructs of IT governance maturity and IT strategic role. Information & Management, 55(3), 368–380. [https://doi.org/10.1016/j.im.2017.09.003](https://doi.org/10.1016/j.im.2017.09.003)
  28. Alnor, N. H. A., et al. (2024). The role of bank governance in managing the risks associated with banking institutions. International Journal of Advanced and Applied Sciences, 11(4), 194–206. [https://doi.org/10.21833/ijaas.2024.04.021](https://doi.org/10.21833/ijaas.2024.04.021)
  29. Ibrahimy, M. M., Norta, A., & Normak, P. (2024). Blockchain-based governance models supporting corruption-transparency: A systematic literature review. Zhejiang University. [https://doi.org/10.1016/j.bcra.2023.100186](https://doi.org/10.1016/j.bcra.2023.100186)
  30. ISACA. (2018). COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution. [https://www.isaca.org/](https://www.isaca.org/)
  31. Leonardo, K., & Latuperissa, R. (2024). Information technology governance design in trading companies using the COBIT 2019 framework. Journal of Information Systems and Informatics, 6(3), 1466–1483. [https://doi.org/10.51519/journalisi.v6i3.798](https://doi.org/10.51519/journalisi.v6i3.798)
  32. Alić, A., Traljić, A., & Đonko, D. (2025). Methodology for evaluating the impact of DevOps principles. In 2025 24th International Symposium INFOTEH-JAHORINA (INFOTEH) (pp. 1–6). IEEE. [https://doi.org/10.1109/INFOTEH64129.2025.10959292](https://doi.org/10.1109/INFOTEH64129.2025.10959292)
  33. Alam, Y., Azizah, S. N., & Caroline, C. (2025). Digital transformation in banking management: Optimizing operational efficiency and enhancing customer experience. International Journal of Management Science and Information Technology, 5(1), 46–55. [https://doi.org/10.35870/ijmsit.v5i1.3646](https://doi.org/10.35870/ijmsit.v5i1.3646)
  34. Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design science in information systems research. [https://doi.org/10.2307/25148625](https://doi.org/10.2307/25148625)
  35. Johannesson, P., & Perjons, E. (2014). An Introduction to Design Science. Springer International Publishing. [https://doi.org/10.1007/978-3-319-10632-8](https://doi.org/10.1007/978-3-319-10632-8)
  36. Yin, R. (2009). How to do better case studies: With illustrations from 20 exemplary case studies. In The SAGE Handbook of Applied Social Research Methods (pp. 254–282). SAGE Publications. [https://doi.org/10.4135/9781483348858.n8](https://doi.org/10.4135/9781483348858.n8)
  37. Shenton, A. K. (2004). Strategies for ensuring trustworthiness in qualitative research projects. Education for Information, 22(2), 63–75. [https://doi.org/10.3233/EFI-2004-22201](https://doi.org/10.3233/EFI-2004-22201)
  38. Fusch, P., & Ness, L. (2015). Are we there yet? Data saturation in qualitative research. The Qualitative Report. [https://doi.org/10.46743/2160-3715/2015.2281](https://doi.org/10.46743/2160-3715/2015.2281)
  39. ISACA. (2021). COBIT Focus Area: DevOps Using COBIT 2019. [https://www.isaca.org/](https://www.isaca.org/)
  40. ISACA. (2019). COBIT 2019 Framework: Governance and Management Objectives. [https://www.isaca.org/](https://www.isaca.org/)
  41. Laatikainen, G., Li, M., & Abrahamsson, P. (2023). A system-based view of blockchain governance. Information and Software Technology, 157. [https://doi.org/10.1016/j.infsof.2023.107149](https://doi.org/10.1016/j.infsof.2023.107149)
  42. van Pelt, R., Jansen, S., Baars, D., & Overbeek, S. (2021). Defining blockchain governance: A framework for analysis and comparison. Information Systems Management, 38(1), 21–41. [https://doi.org/10.1080/10580530.2020.1720046](https://doi.org/10.1080/10580530.2020.1720046)
  43. Tan, E., Mahula, S., & Crompvoets, J. (2022). Blockchain governance in the public sector: A conceptual framework for public management. Government Information Quarterly, 39(1). [https://doi.org/10.1016/j.giq.2021.101625](https://doi.org/10.1016/j.giq.2021.101625)
  44. Mulyana, R., Rusu, L., & Perjons, E. (2024). Key ambidextrous IT governance mechanisms for successful digital transformation: A case study of Bank Rakyat Indonesia (BRI). Digital Business, 4(2). [https://doi.org/10.1016/j.digbus.2024.100083](https://doi.org/10.1016/j.digbus.2024.100083)
  45. Project Management Institute. (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition and the Standard for Project Management (7th ed.). [https://www.pmi.org/standards/pmbok](https://www.pmi.org/standards/pmbok)
  46. Otero, C. E., Otero, L. D., Weissberger, I., & Qureshi, A. (2010). A multi-criteria decision making approach for resource allocation in software engineering. In 2010 12th International Conference on Computer Modelling and Simulation (pp. 137–141). IEEE. [https://doi.org/10.1109/UKSIM.2010.32](https://doi.org/10.1109/UKSIM.2010.32)
  47. Marle, F., & Gidel, T. (2012). A multi-criteria decision-making process for project risk management method selection. International Journal of Multicriteria Decision Making, 2(2), 189. [https://doi.org/10.1504/IJMCDM.2012.046948](https://doi.org/10.1504/IJMCDM.2012.046948)
Read More
Author biographies is not available.
Download this PDF file
Statistic
Read Counter : 0

Downloads

Download data is not yet available.