Risk Management Analysis in Digital Bank XYZ Using the COBIT 2019 Framework

Rudi Purnomo; Ruki Harwahyu

doi:10.57152/malcom.v5i3.1876

Authors

Rudi Purnomo Universitas Indonesia
Ruki Harwahyu Universitas Indonesia

DOI:

https://doi.org/10.57152/malcom.v5i3.1876

Keywords:

Bank, COBIT 2019, Digital Bank, Risk, Risk Management

Abstract

The digital transformation in the banking sector has driven the emergence of digital banks, offering online services without the need for physical branches. However, this transformation brings various risks, including information security threats and challenges in regulatory compliance. This study aims to evaluate the maturity level of risk management in Digital Bank XYZ using the COBIT 2019 framework. The research methodology employs a qualitative approach with gap analysis to compare the current state with expected standards. The findings reveal significant gaps in the APO13 (Managed Security) and DSS04 (Managed Continuity) domains between current risk management practices and the standards recommended by COBIT 2019. These results highlight the need for a more systematic and structured risk management approach to enhance Digital Bank XYZ's preparedness in addressing cybersecurity threats and other operational risks. Recommendations include strengthening security policies, implementing predictive technologies, and conducting regular training to improve the security team's competencies. This study is expected to serve as a strategic guideline for Digital Bank XYZ to mitigate risks, improve operational efficiency, and achieve international governance standards.

Downloads

Download data is not yet available.

References

“Cetak Biru Transformasi Digital Perbankan.” Accessed: Jun. 27, 2024. [Online]. Available: https://ojk.go.id/id/berita-dan-kegiatan/info-terkini/Pages/Cetak-Biru-Transformasi-Digital-Perbankan.aspx

E. Indriasari, H. Prabowo, F. L. Gaol, and B. Purwandari, “Intelligent Digital Banking Technology and Architecture: A Systematic Literature Review,” International Journal of Interactive Mobile Technologies, vol. 16, no. 19, pp. 98–117, 2022, doi: 10.3991/ijim.v16i19.30993.

“Statistik Sistem Pembayaran dan Infrastruktur Pasar Keuangan (SPIP) September 2023.” Accessed: Jun. 21, 2024. [Online]. Available: https://www.bi.go.id/id/statistik/ekonomi-keuangan/spip/Pages/SPIP-September-2023.aspx

“Indonesia peringkat 2 Pemilik Rekening Bank Digital Terbanyak di Dunia 2021 - GoodStats.” Accessed: Jun. 27, 2024. [Online]. Available: https://goodstats.id/article/indonesia-peringkat-kedua-terbanyak-pemilik-rekening-digital-di-dunia-e04Em

“Pengguna Bank Digital di Indonesia Diproyeksi Capai 748 Juta pada 2026.” Accessed: Jun. 25, 2024. [Online]. Available: https://databoks.katadata.co.id/datapublish/2021/10/07/pengguna-bank-digital-di-indonesia-diproyeksi-capai-748-juta-pada-2026

“BI Catat Nilai Transaksi Digital Banking 2023 Rp 58.478,24 Triliun - Diskominfo Prov. Kaltim.” Accessed: Jun. 21, 2024. [Online]. Available: https://diskominfo.kaltimprov.go.id/ekonomi/bi-catat-nilai-transaksi-digital-banking-2023-rp-5847824-triliun

“Indonesia – Network Readiness Index.” Accessed: Jun. 25, 2024. [Online]. Available: https://networkreadinessindex.org/country/indonesia/

“Indonesia - Cisco Digital Readiness 2021.” Accessed: Jun. 25, 2024. [Online]. Available: https://www.cisco.com/c/m/en_us/about/corporate-social-responsibility/research-resources/digital-readiness-index.html#/country/IDN

“Indonesia - Latest Cyber Threat Intelligence Report.” Accessed: Jun. 25, 2024. [Online]. Available: https://www.netscout.com/threatreport/apac/indonesia/

“Penyelenggaraan Layanan Perbankan Digital oleh Bank Umum.” Accessed: Jun. 27, 2024. [Online]. Available: https://ojk.go.id/id/regulasi/Pages/Penyelenggaraan-Layanan-Perbankan-Digital-oleh-Bank-Umum.aspx

“Peraturan Bank Indonesia Nomor 20/6/PBI/2018 tentang Uang Elektronik.” Accessed: Jun. 27, 2024. [Online]. Available: https://www.bi.go.id/id/publikasi/peraturan/Pages/PBI-200618.aspx

P. Nicholas, P. Tambunan, and N. Legowo, “Evaluasi Tata Kelola TI Bank Indonesia Provinsi Bengkulu dengan COBIT 2019,” JATISI (Jurnal Teknik Informatika dan Sistem Informasi), vol. 11, no. 1, Mar. 2024, doi: 10.35957/JATISI.V11I1.7707.

P. Kwak and R. I. Desanti, “IT Governance Evaluation Using COBIT 2019 Framework in A Manufacturing Company,” in Proceedings of the 7th 2023 International Conference on New Media Studies, CONMEDIA 2023, Institute of Electrical and Electronics Engineers Inc., 2023, pp. 62–67. doi: 10.1109/CONMEDIA60526.2023.10428517.

Proceeding of 2019 International Conference on Electrical Engineering and Informatics (ICEEI)?: July 9th-10th, 2019, Bandung, Indonesia. IEEE, 2019.

J. N. Utamajaya, A. Ramadhan, E. Abdurachman, A. Trisetyarso, and M. Zarlis, “Risk Assessment Analysis on Mobile Banking Using Cobit 5 Framework,” in 2022 IEEE Creative Communication and Innovative Technology, ICCIT 2022, Institute of Electrical and Electronics Engineers Inc., 2022. doi: 10.1109/ICCIT55355.2022.10118645.

D. E. R. Hidayatullah, R. Kunthi, and R. Harwahyu, “Design and Analysis of Information Security Risk Management Based on ISO 27005: Case Study on Audit Management System (AMS) XYZ Internal Audit Department,” International Journal of Electrical, Computer, and Biomedical Engineering, vol. 2, no. 3, Sep. 2024, doi: 10.62146/ijecbe.v2i3.81.

“COBIT | Control Objectives for Information Technologies | ISACA.” Accessed: Jul. 06, 2024. [Online]. Available: https://www.isaca.org/resources/cobit

“Bank | Definition, History, Types, Examples, & Facts | Britannica Money.” Accessed: Dec. 31, 2024. [Online]. Available: https://www.britannica.com/money/bank

“Bank Umum.” Accessed: Sep. 19, 2024. [Online]. Available: https://ojk.go.id/id/regulasi/Pages/Bank-Umum.aspx

S. Kraus, P. Jones, N. Kailer, A. Weinmann, N. Chaparro-Banegas, and N. Roig-Tierno, “Digital Transformation: An Overview of the Current State of the Art of Research,” Sage Open, vol. 11, no. 3, 2021, doi: 10.1177/21582440211047576.

“ISO 31000:2018(en), Risk management — Guidelines.” Accessed: Dec. 31, 2024. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en

“Enterprise Risk Management | COSO.” Accessed: Dec. 25, 2024. [Online]. Available: https://www.coso.org/enterprise-risk-management

“Manajemen Risiko di Era Digital?: Melindungi Perusahaan dari Ancaman Siber.” Accessed: Dec. 31, 2024. [Online]. Available: https://pe.feb.unesa.ac.id/post/manajemen-risiko-di-era-digital-melindungi-perusahaan-dari-ancaman-siber?utm_source=chatgpt.com

“Introducing COBIT 2019.” Accessed: Dec. 28, 2024. [Online]. Available: https://www.isaca.org/isaca-digital-videos/cobit/introducing-cobit-2019