Risk Management in IT Projects for Digital Banking: A Case Study of an Indonesian State-Owned Bank
DOI:
https://doi.org/10.15408/aism.v8i2.46123Keywords:
IT Project Risks, Digital Banking, Risk Management, PMBOK, ISO 31000, Indonesia State-Owned BanksAbstract
The increasing use of information technology in the banking industry has made it more difficult to manage risks in the digital projects of state-owned banks. This study aims to examine the risk management processes of a state-owned mortgage bank in Indonesia and how it manages the information technology risks in the digital banking project lifecycle. This qualitative research is based on content analysis of forty-three risk assessment documents, with thematic coding using ATLAS.ti. This research was further enriched through expert interviews and a quantitative survey conducted among 38 project stakeholders. Risks are defined in a hierarchical classification and mapped to project phases using the PMBOK. Identifying operational, compliance, and third-party risks is most pertinent in the execution and post-implementation phases. Additionally, there are pressing concerns, such as the potential for cyber threats, non-compliance with applicable laws and regulatory frameworks, integration issues, over-reliance on service vendors, and systemic dependence on external vendors. In this case, the study integrates PMBOK, ISO 31000:2018, and the insights of seasoned practitioners to create a singular holistic mitigation strategy. It comprises a risk prioritization matrix, phased actionable treatment plans for each defined stage, and robust governance and responsiveness enhancement mechanisms for high-risk reactive IT environments. The guidance is triangulated with sector-specific intelligence, thereby underscoring proactive risk governance through communication, vendor due diligence, dynamic control, and real-time accountability across boundaries scaffolding. Further single-initiative case studies, multi-institutional case studies, evolving longitudinal risk studies, and the application of AI and blockchain for predictive and autonomous risk steering in digital finance could enhance and refine this work.
References
L. Abubakar, T. Handayani, J. Ir Soekarno km, and J. Sumedang, “Penguatan Regulasi: Upaya Percepatan Transformasi Digital Perbankan di Era Ekonomi Digital,” Jurnal Masalah-Masalah Hukum, vol. 51, no. 3, 2022, doi: https://doi.org/10.14710/mmh.51.3.2022.259-270.
K. Kantika, F. Kurniasari, and M. Mulyono, “The Factors Affecting Digital Bank Services Adoption Using Trust as Mediating Variable,” Journal of Business and Management Review, vol. 3, no. 10, pp. 690–704, Oct. 2022, doi: 10.47153/jbmr310.4882022.
McKinsey, “McKinsey on Risk Institutional resilience starts with understanding risks,” 2022. Accessed: Oct. 18, 2024. [Online]. Available: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/mckinsey-on-risk/mckinsey-on-risk-number-12
PwC, “From Threat to Opportunity,” 2023. Accessed: Oct. 18, 2024. [Online]. Available: https://www.pwc.com/gx/en/issues/risk-regulation/global-risk-survey.html
Accenture, “Hyper-Disruptions Demands Constant Reinvention | Accenture,” 2024. Accessed: Oct. 18, 2024. [Online]. Available: https://www.accenture.com/us-en/insights/consulting/global-risk-compliance
Gartner, “Gartner Lists Top Security and Risk Management Trends,” 2021. Accessed: Oct. 18, 2024. [Online]. Available: https://www.gartner.com/smarterwithgartner/gartner-top-security-and-risk-trends-for-2021
S. M. Ali, S. M. N. Hoq, A. B. M. M. Bari, G. Kabir, and S. K. Paul, “Evaluating factors contributing to the failure of information system in the banking industry,” PLoS One, vol. 17, no. 3 March, Mar. 2022, doi: 10.1371/journal.pone.0265674.
P. Widharto, A. I. Pandesenda, A. N. Yahya, E. A. Sukma, M. R. Shihab, and B. Ranti, “Digital Transformation of Indonesia Banking Institution: Case Study of PT. BRI Syariah,” in 2020 International Conference on Information Technology Systems and Innovation (ICITSI), 2020, pp. 44–50. doi: 10.1109/ICITSI50517.2020.9264935.
Project Management Institute, Process Groups: A Practice Guide. Project Management Institute, 2022.
H. F. Cervone, “Project risk management,” OCLC Systems & Services: International digital library perspectives, vol. 22, no. 4, pp. 256–262, Jan. 2006, doi: 10.1108/10650750610706970.
O. Bevan, S. Ganguly, P. Kaminski, and C. Rezek, “‘The ghost in the machine’: Managing technology risk,” Jul. 2016. Accessed: Nov. 12, 2024. [Online]. Available: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-ghost-in-the-machine-managing-technology-risk
C. C. H. Law, C. C. Chen, and B. J. P. Wu, “Managing the full ERP life-cycle: Considerations of maintenance and support requirements and IT governance practice as integral elements of the formula for successful ERP adoption,” Comput Ind, vol. 61, no. 3, pp. 297–308, Apr. 2010, doi: 10.1016/j.compind.2009.10.004.
F. Khan, J. H. Kim, L. Mathiassen, and R. Moore, “Data Breach Management: An Integrated Risk Model,” Information and Management, vol. 58, no. 1, Jan. 2021, doi: 10.1016/j.im.2020.103392.
R. Ramchand, N. Tatikonda, D. Verma, and R. E. Nance, “Maintenance Practices and Metrics across Defense and Commercial Systems,” INCOSE International Symposium, vol. 14, no. 1, pp. 1810–1820, Jun. 2004, doi: https://doi.org/10.1002/j.2334-5837.2004.tb00615.x.
J. T. Yee and S.-C. Oh, “Technology Integration Project Planning and Execution,” in Technology Integration to Business: Focusing on RFID, Interoperability, and Sustainability for Manufacturing, Logistics, and Supply Chain Management, J. T. Yee and S.-C. Oh, Eds., London: Springer London, 2013, pp. 169–236. doi: 10.1007/978-1-4471-4390-1_6.
D. Saxunova and C. L. Le Roux, “Digital Transformation of World Finance,” in Investment Strategies in Emerging New Trends in Finance, R. G. Ahangar and A. Salman, Eds., Rijeka: IntechOpen, 2020, p. Ch. 6. doi: 10.5772/intechopen.93987.
A. Kurniawan et al., “Pengaruh Transformasi Digital Terhadap Kinerja Bank Pembangunan Daerah di Indonesia,” 2021. doi: https://doi.org/10.34010/jika.v10i2.4426.
Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition and The Standard for Project Management (ENGLISH). in PMBOK® Guide. Project Management Institute, 2021.
Bank Indonesia, “PBI No. 11/25/PBI/2009 tentang Perubahan atas Peraturan Bank Indonesia No. 5/8/PBI/2003 tentang Penerapan Manajemen Risiko bagi Bank Umum,” 2009. Accessed: Nov. 18, 2024. [Online]. Available: https://ojk.go.id/id/kanal/perbankan/regulasi/peraturan-bank-indonesia/Pages/peraturan-bank-indonesia-nomor-11-25-pbi-2009.aspx
Basel Committee on Banking Supervision, “Principles for the Management of Credit Risk,” 2000. Accessed: Nov. 18, 2024. [Online]. Available: https://www.bis.org/publ/bcbs75.htm
P. Giudici, “Fintech Risk Management: A Research Challenge for Artificial Intelligence in Finance,” Front Artif Intell, vol. 1, Nov. 2018, doi: 10.3389/frai.2018.00001.
McKinsey Company, “The future of operational-risk management in financial services,” 2020. Accessed: Nov. 18, 2024. [Online]. Available: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-future-of-operational-risk-management-in-financial-services
E. Scannella, “Theory and regulation of liquidity risk management in banking,” Int J Risk Assess Manag, vol. 19, no. 1–2, pp. 4–21, Jan. 2016, doi: 10.1504/IJRAM.2016.074433.
V. A. Dokuchaev, “Digital Transformation: New Drivers and New Risks,” in 2020 International Conference on Engineering Management of Communication and Technology (EMCTECH), 2020, pp. 1–7. doi: 10.1109/EMCTECH49634.2020.9261544.
M. D. Moberly, “Chapter 6 - Reputation Risks and Their Management,” in Safeguarding Intangible Assets, M. D. Moberly, Ed., Boston: Butterworth-Heinemann, 2014, pp. 73–90. doi: https://doi.org/10.1016/B978-0-12-800516-3.00006-9.
R. Burnett, “Legal risk management for the IT industry,” Computer Law & Security Review, vol. 21, no. 1, pp. 61–67, 2005, doi: https://doi.org/10.1016/j.clsr.2004.11.011.
D. Pimchangthong and V. Boonjing, “Effects of Risk Management Practices on IT Project Success,” Management and Production Engineering Review, vol. 8, no. 1, pp. 30–37, Mar. 2017, doi: 10.1515/mper-2017-0004.
International Organization for Standardization (ISO), Risk Management - Guidelines. BSI, 2018.
C. M. Tae, P. D. Hung, and L. D. Huynh, “Risk Management for Software Projects in Banking,” in Proceedings of the 2020 The 6th International Conference on E-Business and Applications, in ICEBA 2020. New York, NY, USA: Association for Computing Machinery, 2020, pp. 65–69. doi: 10.1145/3387263.3387268.
G. Dicuonzo, G. Galeone, E. Zappimbulso, and V. Dell’Atti, “Risk Management 4.0: The Role of Big Data Analytics in The Bank Sector,” International Journal of Economics and Financial Issues, vol. 9, no. 6, pp. 40–47, Oct. 2019, doi: 10.32479/ijefi.8556.
A. Papathomas and G. Konteos, “Financial institutions digital transformation: the stages of the journey and business metrics to follow,” Journal of Financial Services Marketing, vol. 29, no. 2, pp. 590–606, Jun. 2024, doi: 10.1057/s41264-023-00223-x.
V. Chang, B. Ali, L. Golightly, M. A. Ganatra, and M. Mohamed, “Investigating credit card payment fraud with detection methods using advanced machine learning,” Information (Basel), vol. 15, no. 8, p. 478, Aug. 2024.
D Priyadarshana, T Ramachandra Rao, and M Sambasiva Rao, “AI and blockchain technology for secure and transparent financial transactions,” Int. J. Sci. Res. Arch., vol. 13, no. 1, pp. 2013–2019, Oct. 2024.
V. Murinde, E. Rizopoulos, and M. Zachariadis, “The impact of the FinTech revolution on the future of banking: Opportunities and risks,” Int. Rev. Fin. Anal., vol. 81, no. 102103, p. 102103, May 2022.
T. R. Peltier, “Social Engineering: Concepts and Solutions,” EDPACS, vol. 33, no. 8, pp. 1–13, Feb. 2006.
F. Zabala Aguayo and B. Ślusarczyk, “Risks of banking services’ digitalization: The practice of diversification and sustainable development goals,” Sustainability (Switzerland), vol. 12, no. 10, May 2020, doi: 10.3390/SU12104040.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Aji Prastio Wibowo, Teguh Raharjo, Ni Wayan Trisnawaty, Gilang Aulia Muhamad, Azka Faridy
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
