Main points

• Despite high-level commonalities, corruption risk assessments (CRAs) are very diverse in terms of specific goals, data and methodology used, stakeholders, and impact mechanisms.
• The institutional environment for CRAs and their constraints are a major reason behind diversity of approaches. The different public bodies that develop and implement CRAs can impose centralised data collection and analysis to different degrees. The institutional mandate, political constraints, and the corresponding resources allocated also determine the scope and depth of a CRA.
• Case studies from diverse countries – the Netherlands, Lithuania, Mexico, and Italy – point at three broad types of methodologies: i) a centralised approach implementing a systematic assessment of corruption risks carried out by an audit body; ii) a decentralised approach, which typically implies self-assessment carried out by public bodies; and iii) a transparency-oriented approach, which aims to increase the availability of corruption risk information and relies on third parties such as civil society to act on the results.
• Many CRAs focus on corruption risks in laws, regulations, and organisational policies rather than on their implementation. Some other CRAs aim to identify corruption risks in policy implementation in fields as diverse as public procurement, farm subsidies, or government human resource management.
• Effective CRAs involve systematic and explicit requirements for assessed entities to follow up on risks identified and recommendations made. Given the complexity of the analytical task and political sensitivities, CRAs typically yield positive results only after years of operation (and when implementation is continuously monitored).