<![CDATA[The accelerating digital transformation in the energy sector demands robust governance mechanisms for emerging technologies, particularly the Internet of Things (IoT). This study examines the governance challenges faced by an energy company in Indonesia as it strives to manage IoT ecosystems while meeting regulatory requirements and achieving organizational objectives. Despite IoT’s critical role in enabling digital transformation, limited Research has explored IoT governance frameworks grounded in COBIT 2019, especially within the energy domain. To bridge this gap, this study develops an ambidextrous IoT governance framework by integrating the Traditional and DevOps Focus Area mechanisms from COBIT 2019. The framework is designed to balance stability and adaptability in managing IoT-related risks. A Design Science Research methodology is employed, complemented by a case study approach involving interviews, questionnaires, and internal document analysis to ensure contextual relevance and data saturation. The study identifies and evaluates governance priorities by aligning Governance and Management Objectives (GMOs) with national regulations, design factors, and prior research findings. Based on gap analysis using seven components of the selected GMO, DSS (Managed Security Services), the study proposes targeted improvements to IoT governance. These include strengthening leadership accountability, advancing cybersecurity competencies, and enhancing system monitoring capabilities. The implementation of these improvements is projected to elevate the DSS maturity level from 3.29 to 3.86, supporting its digital transformation agenda in alignment with COBIT 2019. This Research contributes to the literature by offering a structured, context-aware IoT governance framework and providing actionable insights for practitioners seeking to govern IoT initiatives within complex, regulated environments.]]>
