Several countries have mandated their anti-corruption bodies to conduct corruption risk assessments (CRAs). In general, a CRA consists of a methodology (that is, a set of guidelines on how to collect, analyse, and interpret data) and often a corresponding tool (for example, a data collection instrument such as a questionnaire or data analysis tool such as a dashboard) used by various public organisations, private sector actors, and civil society organisations (CSOs) to systematically monitor corruption risks. It seeks to identify weaknesses across government or in specific agencies that present opportunities for corruption.
CRA methodologies vary in scope, the type of data used, and the organisations involved. Some countries focus on legislative frameworks and regulatory coherence, while others enhance the analysis with integrity assessments, self-assessments, focus groups, and population surveys. The assessments can draw on primary or secondary data sources, such as interviews, focus groups, statistical data, media investigations, corruption perception surveys, and socio-economic indicators. Despite their wide variety, three main types of CRAs have been identified. The first type is a centralised external assessment carried out systematically, on request, or in reaction to criminal cases. The second type is a decentralised approach, where questionnaires, focus groups, or interviews are used by the assessed government agency itself – either internally or with some external assistance. The third type is a transparency-oriented approach that focuses on particular areas of public spending or provides indicators for specific territories or sectors. This type is made publicly available online, increases transparency, and can serve as a source for corruption risk analysis by interested parties, such as CSOs.
The Lithuanian Corruption Risk Assessment is an example of a centralised approach, conducted by the Corruption Risk Division of the Special Investigations Service of the Republic of Lithuania (STT). It is a two-step process that assesses the compliance of procedures with regulations and seeks to identify discrepancies. The Lithuanian CRA has been effective; however, it needs more resources and legislative support. Additionally, it overlooks certain organisational characteristics and does not allow for self-assessment.
The Netherlands’ ‘SAINT’ system provides an example of a decentralised approach to corruption risk assessment, involving staff members of the assessed organisations in a ‘guided discussion’ to identify and mitigate risks. In 2016, the system was abolished and replaced by a whistleblowing approach that focuses on internal reporting mechanisms. It is planned that the ‘SAINT’ methodology will be reintroduced by the Capacity Building Committee of the International Organization of Supreme Audit Institutions in the form of IntoSAINT, which proposes a self-assessment tool for supreme audit institutions (SAIs) across many countries.
The Sistema Nacional Anticorrupción (SNA) in Mexico is an example of a multilevel decentralised institutional arrangement with elements of a transparency-oriented approach. The system was introduced in 2016, with the aim to bring together state agencies working on corruption cases, along with civil society, academia, and international organisations, to increase transparency and make monitoring of corruption within government more systematic. One of the core ideas behind SNA was to ensure the participation of citizens and therefore introduce an element of direct accountability. This was chiefly achieved by creating a Citizen Participation Committee (CPC) in the administrative structure. The main power of the CPC is to conduct screening of government agencies and provide recommendations. Since the introduction of the SNA, one of the main results of its activities is the National Anti-corruption Internet Platform. This publishes all data collected on asset declarations, public figures participating in tendering procedures, and sanctions against public servants, as well as various materials on corruption in general.
The National Anti-Corruption Authority (ANAC) in Italy conducts corruption risk assessment through a combination of approaches, including the centralised and transparency-oriented ones. One of these is a programme on risk assessment at the level of municipalities, provinces, and regions. The programme collects quantitative data to develop territorial indicators that will identify areas prone to higher corruption risks. Another tool developed by ANAC is known as ‘collaborative supervision’, which is used to identify corruption risks and prevent corruption in public tendering. Data for the analysis are provided by the National Statistical Service, the National Database of Public Procurement, and other public bodies. The resulting indicators are published openly on a dashboard, yet there is no clear accountability mechanism ensuring that risk information leads to an actual reduction in corruption risks.
Corruption risk assessment systems face several challenges that can be grouped into four main categories: contextual constraints, data quality and accessibility, targeted corruption types, and follow-up mechanisms. First, ‘contextual constraints’ refers to the broader political, institutional, and social environment in which anti-corruption initiatives operate and which can hinder their effective functioning. To overcome these constraints, CRAs should be established on a robust legal basis and the implementing public body should have adequate, secure, and long-term resources allocated for risk assessment activities. Second, the challenge of data quality includes the reliability, accuracy, completeness, and consistency of the data used in corruption risk assessments. This issue can be addressed by the corruption prevention agency establishing cooperation with reliable data providers and investing in dataset building.
Third, resource constraints need to be kept in mind when choosing a methodology, the breadth of coverage of corruption types, and corruption hotspots in a country.If assessment bodies rely on the entities being assessed to a greater degree and give them room to explore a wide range of corrupt practices through self-assessment, this may offer a remedy in this challenge category. Fourth, many CRAs struggle with ensuring actions are taken based on the risk assessment findings and recommendations. One key lesson in this respect revolves around the importance of developing systematic follow-up mechanisms and monitoring.