Ambidextrous IoT governance to support EnergyCo’s digital transformation based on COBIT 2019 traditional and DevOps

Prima Audina Wibowo; Rahmat Mulyana; Hanif  Fakhrurroja

doi:10.30656/jsmi.v9i2.10803

Authors

Prima Audina Wibowo Telkom University https://orcid.org/0009-0000-8327-2068
Rahmat Mulyana Stockholm University https://orcid.org/0000-0002-5074-3916
Hanif Fakhrurroja Telkom University

DOI:

https://doi.org/10.30656/jsmi.v9i2.10803

Keywords:

Ambidextrous IoT governance, COBIT 2019, DevOps, Digital transformation, EnergyCo

Abstract

The accelerating digital transformation in the energy sector demands robust governance mechanisms for emerging technologies, particularly the Internet of Things (IoT). This study examines the governance challenges faced by an energy company in Indonesia as it strives to manage IoT ecosystems while meeting regulatory requirements and achieving organizational objectives. Despite IoT’s critical role in enabling digital transformation, limited Research has explored IoT governance frameworks grounded in COBIT 2019, especially within the energy domain. To bridge this gap, this study develops an ambidextrous IoT governance framework by integrating the Traditional and DevOps Focus Area mechanisms from COBIT 2019. The framework is designed to balance stability and adaptability in managing IoT-related risks. A Design Science Research methodology is employed, complemented by a case study approach involving interviews, questionnaires, and internal document analysis to ensure contextual relevance and data saturation. The study identifies and evaluates governance priorities by aligning Governance and Management Objectives (GMOs) with national regulations, design factors, and prior research findings. Based on gap analysis using seven components of the selected GMO, DSS (Managed Security Services), the study proposes targeted improvements to IoT governance. These include strengthening leadership accountability, advancing cybersecurity competencies, and enhancing system monitoring capabilities. The implementation of these improvements is projected to elevate the DSS maturity level from 3.29 to 3.86, supporting its digital transformation agenda in alignment with COBIT 2019. This Research contributes to the literature by offering a structured, context-aware IoT governance framework and providing actionable insights for practitioners seeking to govern IoT initiatives within complex, regulated environments.

Downloads

Download data is not yet available.

References

[1] R. Mulyana, L. Rusu, and E. Perjons, “Key ambidextrous IT governance mechanisms for successful digital transformation: A case study of Bank Rakyat Indonesia (BRI),” Digit. Bus., vol. 4, no. 2, p. 100083, Dec. 2024, doi: https://doi.org/10.1016/j.digbus.2024.100083.

[2] H. D. Phi, V. P. Thi Hai, T. N. Duy, and V. N. Van, “The Impact of Digital Transformation on the Competitive Advantage of Businesses: Case Study of Businesses Providing Logistic Services in HCMC, Vietnam,” Int. J. Manag. Econ. Invent., vol. 10, no. 07, pp. 3366–3379, Jul. 2024, doi: https://doi.org/10.47191/ijmei/v10i7.07.

[3] P. C. Verhoef et al., “Digital transformation: A multidisciplinary reflection and research agenda,” J. Bus. Res., vol. 122, pp. 889–901, 2021, doi: https://doi.org/10.1016/j.jbusres.2019.09.022.

[4] W. Shao, “The Role of Digital Transformation in Enhancing Organizational Agility and Competitive Advantages: A Strategic Perspective,” Adv. Econ. Manag. Polit. Sci., vol. 154, no. 1, pp. 115–120, Jan. 2025, doi: https://doi.org/10.54254/2754-1169/2024.19552.

[5] J. Zhang, Y. Ye, C. Hu, and B. Li, “Architecture design and demand analysis on application layer of standard system for ubiquitous power Internet of Things,” Glob. Energy Interconnect., vol. 4, no. 3, pp. 304–314, Jun. 2021, doi: https://doi.org/10.1016/j.gloei.2021.07.001.

[6] J. Sakhnini, H. Karimipour, A. Dehghantanha, R. M. Parizi, and G. Srivastava, “Security aspects of Internet of Things aided smart grids: A bibliometric survey,” Internet of Things, vol. 14, p. 100111, Jun. 2021, doi: https://doi.org/10.1016/j.iot.2019.100111.

[7] R. Mulyana, L. Rusu, and E. Perjons, “IT Governance Mechanisms that Influence Digital Transformation: A Delphi Study in Indonesian Banking and Insurance Industry,” in Pacific Asia Conference on Information Systems (PACIS), AI-IS-ASIA, 2022, pp. 1–16. [Online]. Available: https://aisel.aisnet.org/pacis2022/267

[8] S. Zhang, “Research on the impact of digital transformation on enterprise innovation,” in International Review of Economics & Finance, vol. 90, Elsevier, 2024, pp. 544–551. doi: https://doi.org/10.2991/978-2-38476-257-6_65.

[9] J. Jöhnk, P. Ollig, P. Rövekamp, and S. Oesterle, “Managing the complexity of digital transformation—How multiple concurrent initiatives foster hybrid ambidexterity,” Electron. Mark., vol. 32, no. 2, pp. 547–569, Jun. 2022, doi: https://doi.org/10.1007/s12525-021-00510-2.

[10] J. Zhen, C. Cao, H. Qiu, and Z. Xie, “Impact of organizational inertia on organizational agility: the role of IT ambidexterity,” Inf. Technol. Manag., vol. 22, no. 1, pp. 53–65, Mar. 2021, doi: https://doi.org/10.1007/s10799-021-00324-w.

[11] ISACA, COBIT Focus Area: DevOps. 2019. [Online]. Available: https://www.scribd.com/document/906261743/COBIT-Focus-Area-DevOps-Using-COBIT-2019

[12] D. Henriques, R. Pereira, I. S. Bianchi, R. Almeida, and M. M. da Silva, “How IT Governance can assist IoT project implementation,” Int. J. Inf. Syst. Proj. Manag., vol. 8, no. 3, pp. 25–45, Sep. 2021, doi: https://doi.org/10.12821/ijispm080302.

[13] M. Baslyman, “Digital Transformation From the Industry Perspective: Definitions, Goals, Conceptual Model, and Processes,” IEEE Access, vol. 10, pp. 42961–42970, 2022, doi: https://doi.org/10.1109/ACCESS.2022.3166937.

[14] G. Vial, “Understanding digital transformation: A review and a research agenda,” J. Strateg. Inf. Syst., vol. 28, no. 2, pp. 118–144, Jun. 2019, doi: https://doi.org/10.1016/j.jsis.2019.01.003.

[15] Abhimanyu Ahluwalia, “Leveraging IoT for Smart Grids and Energy Management in Electrical Systems: Applications, Benefits, and Challenges,” J. Electr. Syst., vol. 20, no. 2, pp. 2802–2809, Apr. 2024, doi: https://doi.org/10.52783/jes.6853.

[16] R. Mulyana, L. Rusu, and E. Perjons, “How Hybrid IT Governance Mechanisms Influence Digital Transformation and Organizational Performance in the Banking and Insurance Industry of Indonesia,” in Proceedings of the 31st International Conference on Information Systems Development, Oct. 2023. doi: https://doi.org/10.62036/ISD.2023.33.

[17] S. Vejseli, A. Rossmann, and K. Garidis, “The Concept of Agility in IT Governance and its Impact on Firm Performance,” ECIS2022 Res. Pap., no. 98, pp. 6–18, 2022, [Online]. Available: https://aisel.aisnet.org/ecis2022_rp/98/

[18] ISACA, COBIT 2019 Framework - Introduction and Methodology. 2019. [Online]. Available: https://books.google.co.id/books/about/COBIT_2019_Framework.html?id=PmmDuQEACAAJ&redir_esc=y

[19] L. Jaime and J. Barata, “How can FLOSS Support COBIT 2019? Coverage Analysis and a Conceptual Framework,” Procedia Comput. Sci., vol. 219, no. 2022, pp. 680–687, 2023, doi: https://doi.org/10.1016/j.procs.2023.01.339.

[20] A. Wiedemann, M. Wiesche, H. Gewald, and H. Krcmar, “Integrating development and operations teams: A control approach for DevOps,” Inf. Organ., vol. 33, no. 3, p. 100474, Sep. 2023, doi: https://doi.org/10.1016/j.infoandorg.2023.100474.

[21] O. H. Plant, J. van Hillegersberg, and A. Aldea, “Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment,” Int. J. Account. Inf. Syst., vol. 45, no. January, p. 100560, Jun. 2022, doi: https://doi.org/10.1016/j.accinf.2022.100560.

[22] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: The road ahead,” Comput. Networks, vol. 76, pp. 146–164, Jan. 2015, doi: https://doi.org/10.1016/j.comnet.2014.11.008.

[23] V. A. F. Almeida, D. Doneda, and M. Monteiro, “Governance Challenges for the Internet of Things,” IEEE Internet Comput., vol. 19, no. 4, pp. 56–59, Jul. 2015, doi: https://doi.org/10.1109/MIC.2015.86.

[24] C. Stephen Ball and D. Degischer, “IoT implementation for energy system sustainability: The role of actors and related challenges,” Util. Policy, vol. 90, no. May, p. 101769, Oct. 2024, doi: https://doi.org/10.1016/j.jup.2024.101769.

[25] K. Boeckl et al., “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks,” Nistir 8228, p. 44, 2019, [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ir/2019/nist.ir.8228.pdf

[26] P. Sethi and S. R. Sarangi, “Internet of Things: Architectures, Protocols, and Applications,” J. Electr. Comput. Eng., vol. 2017, pp. 1–25, 2017, doi: https://doi.org/10.1155/2017/9324035.

[27] B. Morar, Y. Barkawie, R. Balakrishnan, M. Khasawneh, J. Bangara, and H. A. Baker, “IoT Governance - Governance framework,” 2021. [Online]. Available: https://www.deloitte.com/content/dam/assets-zone2/middle-east/en/docs/industries/technology-media-telecommunications/2024/me_IoT-Governance.pdf

[28] A. Sedrati, A. Mezrioui, and A. Ouaddah, “IoT-Gov: A structured framework for internet of things governance,” Comput. Networks, vol. 233, no. May, p. 109902, Sep. 2023, doi: https://doi.org/10.1016/j.comnet.2023.109902.

[29] M. Ammar, G. Russello, and B. Crispo, “Internet of Things: A survey on the security of IoT frameworks,” J. Inf. Secur. Appl., vol. 38, pp. 8–27, Feb. 2018, doi: https://doi.org/10.1016/j.jisa.2017.11.002.

[30] A. Sedrati, A. Mezrioui, and A. Ouaddah, “IoT Governance: A state of the Art and a Comparative analysis,” in 2022 13th International Conference on Information and Communication Systems (ICICS), IEEE, Jun. 2022, pp. 76–81. doi: https://doi.org/10.1109/ICICS55353.2022.9811219.

[31] National Institute of Standards and Technology, “Essay: Planning for Updating IoT Cybersecurity Guidance for theFederal Government (NIST SP 800-213 and NIST SP 800-213A),” 2021. [Online]. Available: https://www.nist.gov/system/files/documents/2025/06/03/Essay Update to 800-213 2025-06-03.pdf

[32] J. vom Brocke, A. Hevner, and A. Maedche, “Introduction to Design Science Research,” in Design Science Research. Cases, no. November, 2020, pp. 1–13. doi: https://doi.org/10.1007/978-3-030-46781-4_1.

[33] R. Yin, “How to do Better Case Studies: (With Illustrations from 20 Exemplary Case Studies),” in The SAGE Handbook of Applied Social Research Methods, 2455 Teller Road, Thousand Oaks California 91320 United States: SAGE Publications, Inc., 2009, pp. 254–282. doi: https://doi.org/10.4135/9781483348858.n8.

[34] J. Mackiewicz, “A Mixed-Method Approach,” in Writing Center Talk over Time, New York: Routledge, 2018. | Series: Routledge research in writing studies: Routledge, 2018, pp. 37–60. doi: https://doi.org/10.4324/9780429469237-3.

[35] P. Fusch and L. Ness, “Are We There Yet? Data Saturation in Qualitative Research,” Qual. Rep., vol. 20, no. 9, pp. 1408–1416, Sep. 2015, doi: https://doi.org/10.46743/2160-3715/2015.2281.

[36] H. Morgan, “Using Triangulation and Crystallization to Make Qualitative Studies Trustworthy and Rigorous,” Qual. Rep., vol. 29, no. 7, pp. 1844–1856, Jul. 2024, doi: https://doi.org/10.46743/2160-3715/2024.6071.