<![CDATA[The increasing use of information technology in the banking industry has made it more difficult to manage risks in the digital projects of state-owned banks. This study aims to examine the risk management processes of a state-owned mortgage bank in Indonesia and how it manages the information technology risks in the digital banking project lifecycle. This qualitative research is based on content analysis of forty-three risk assessment documents, with thematic coding using ATLAS.ti. This research was further enriched through expert interviews and a quantitative survey conducted among 38 project stakeholders. Risks are defined in a hierarchical classification and mapped to project phases using the PMBOK. Identifying operational, compliance, and third-party risks is most pertinent in the execution and post-implementation phases. Additionally, there are pressing concerns, such as the potential for cyber threats, non-compliance with applicable laws and regulatory frameworks, integration issues, over-reliance on service vendors, and systemic dependence on external vendors. In this case, the study integrates PMBOK, ISO 31000:2018, and the insights of seasoned practitioners to create a singular holistic mitigation strategy. It comprises a risk prioritization matrix, phased actionable treatment plans for each defined stage, and robust governance and responsiveness enhancement mechanisms for high-risk reactive IT environments. The guidance is triangulated with sector-specific intelligence, thereby underscoring proactive risk governance through communication, vendor due diligence, dynamic control, and real-time accountability across boundaries scaffolding. Further single-initiative case studies, multi-institutional case studies, evolving longitudinal risk studies, and the application of AI and blockchain for predictive and autonomous risk steering in digital finance could enhance and refine this work. ]]>
