<![CDATA[Digital transformation in the public utility sector, particularly in regional water-owned enterprises (BUMD), presents complex risk challenges ranging from cybersecurity threats to operational distribution disruptions. PT Tirta Sriwijaya Maju (Perseroda), as the research object, faces constraints in IT risk management processes that are currently manual, reactive, and disintegrated, potentially threatening the sustainability of public services. This study aims to evaluate the current IT governance capability and design risk management improvements using the COBIT 2019 framework. The research methodology employs a mixed-method approach utilizing the Design Toolkit to determine domain priorities based on the company's risk profile and strategy. The evaluation focuses on six critical domains: EDM03, APO12, APO13, BAI03, DSS01, and MEA01. The Design Factors analysis established a target capability at Level 3 (Defined Process) to ensure regulatory compliance. However, the current state (As-Is) measurement indicates that the company is at an average of Level 1 (Performed). A gap of 2 levels was identified, primarily caused by a disconnected evaluation cycle (MEA01), the absence of a formal Risk Appetite document, and reliance on spreadsheet-based risk monitoring. As a solution, this study provides strategic recommendations including the formalization of risk policies, the design of an integrated digital Monitoring Dashboard, and an Implementation Roadmap for 2025-2027. The implementation of this roadmap is expected to enhance risk governance maturity, ensure customer data integrity, and guarantee operational stability in accordance with Good Corporate Governance standards. Keywords: IT Governance, Risk Management, COBIT 2019, Design Factors, Regional Water Utility, Capability Level.]]>
