Corruption risk assessments: country case studies highlight advantages and challenges of diverse approaches

InHealth — institute for health transformation

institute for health strategy, digital health
and continuous health transformation

Joaquim Cardoso MSc
Chief Research and Strategy Officer (CRSO) 
May 19, 2023


The research on corruption risk assessments (CRAs) identifies three main approaches: centralised, decentralised, and transparency-oriented methodologies.

Case studies from the Netherlands, Lithuania, Mexico, and Italy highlight the role of resource and institutional constraints in the choice of approach, and the importance of ensuring high-quality, complete, and accessible data.

To ensure the mitigation of the identified risks, CRA should include systematic and explicit recommendations for assessed entities to follow up.


Despite high-level commonalities, corruption risk assessments (CRAs) are very diverse in terms of specific goals, data and methodology used, stakeholders, and impact mechanisms.

  • The institutional environment for CRAs and their constraints are a major reason behind diversity of approaches.

The different public bodies that develop and implement CRAs can impose centralised data collection and analysis to different degrees.

  • The institutional mandate, political constraints, and the corresponding resources allocated also determine the scope and depth of a CRA.

Case studies from diverse countries — the Netherlands, Lithuania, Mexico, and Italy — point at three broad types of methodologies:

  • i) a centralised approach implementing a systematic assessment of corruption risks carried out by an audit body; 

  • ii) a decentralised approach, which typically implies self-assessment carried out by public bodies; and 

  • iii) a transparency-oriented approach, which aims to increase the availability of corruption risk information and relies on third parties such as civil society to act on the results.

Many CRAs focus on corruption risks in laws, regulations, and organisational policies rather than on their implementation.


  • Some other CRAs aim to identify corruption risks in policy implementation in fields as diverse as public procurement, farm subsidies, or government human resource management.

Effective CRAs involve systematic and explicit requirements for assessed entities to follow up on risks identified and recommendations made.

  • Given the complexity of the analytical task and political sensitivities, CRAs typically yield positive results only after years of operation (and when implementation is continuously monitored).


Understanding corruption risk assessment

Corruption risk assessment methodologies around the world

Three main types of CRAs

Public body conducting the CRA

Data used in the CRA

Corruption types analysed by the CRA

Four diverse case studies

· The Netherlands

· Lithuania

· Mexico

· Italy

Main challenges and recommendations for CRAs

· Challenge: Institutional constraints

· Challenge: Data quality and accessibility

· Challenge: Methodology and analytical focus

· Challenge: Follow-up mechanisms


Corruption risk assessments: country case studies highlight advantages and challenges of diverse approaches

Anti-corruption resource centre

Viktoriia Poltoratskaia 
 Mihály Fazekas

Series editor
Sofie Arjon Schütte

U4 issue 2023:2
CHR Michelsen Institute

Corruption erodes sustainable and inclusive development. It is both a political and technical challenge. The U4 Anti-Corruption Resource Centre (U4) works to understand and counter corruption worldwide.

U4 is part of the Chr. Michelsen Institute (CMI), an independent development research institute in Norway.

Understanding corruption risk assessment

Corruption risk assessment (CRA) is a methodology (that is, a set of guidelines on how to collect, analyse, and interpret data) — often accompanied by a tool (for example, a data collection instrument such as a questionnaire or data analysis tool such as a dashboard).

It is used by various state agencies, private sector actors, and civil society organisations (CSOs) to monitor corruption risks in the public sector (within ministries, localities, public procurement, etc), as well as in private sector bodies.

More specifically, a CRA ‘seeks to identify weaknesses within a system which may present opportunities for corruption to occur’.[1]

This paper focuses only on the use of CRAs by public bodies, such as anti-corruption agencies or supreme audit institutions, which have a mandate to monitor corruption risks predominantly in the public sector.

In addition, it is limited to well-established methodologies that have been implemented over several years; nevertheless, whenever possible, we also refer to emerging approaches.

Different models for rolling out CRAs, their limitations, strengths, and whether or not they are fit for purpose are also assessed.

While not heralding one approach as the best, this paper showcases possible options that may be more or less advantageous depending on available resources, political constraints, data quality, and other factors.

First, some agencies differentiate integrity assessment from corruption assessment, while others use the terms interchangeably (eg, the UN Office on Drugs and Crime (UNODC) and Georgia’s Ministry of Justice).

In the former case, integrity assessment is understood as a framework helping to combat corruption by assessing personal characteristics including ethical and moral principles and factors contributing to their formation.[2]

This paper predominantly focuses on corruption rather than integrity assessments.

Second, a further dimension through which CRAs can be distinguished is the inclusion of preventive mechanisms.

While the literature on corruption risk methodologies shows an increasing interest in preventive mechanisms,[3] this is not necessarily reflected in the ongoing practical implementation of CRAs.

By implication, CRAs are distinct from assessments that are part of corruption risk management approaches.[4]

Corruption risk management involves addressing corruption risks through various administrative, financial, and legislative means.[5]

Corruption risk assessment methodologies are mainly and ‘only’ aimed at discovering the causes and conditions for corruption to occur.

Yet they can also inform policymakers or the public about preconditions, consequences, and particular cases of corruption,[6] as well as influence the initiation of preventive actions.

This study focuses on the latter approach, stand-alone CRAs.

While some of the results of CRAs can lead to criminal investigations, in most cases they are instead used by public bodies to identify signals of systemic weaknesses.

Running a corruption risk assessment is also quite different from identifying corruption itself. [7]

CRAs target potential weaknesses in institutional design, legislation, procedures, or regulations that can lead to corruption or are generally associated with corrupt behaviour.

For instance, a single bidding indicator in public procurement does not necessarily identify that an exchange between buyer and supplier is corrupt.

Yet for tenders receiving only one submitted bid in an otherwise competitive market, corruption is more likely to be found.

For example, the tender requirements may have been tailored in such a way that only one bidder could fulfil the requirements, hence only one submitted a bid.[8]

Therefore, while some of the results of CRAs can lead to criminal investigations, in most cases they are instead used by public bodies to identify signals of systemic weaknesses where loopholes can be closed.

Where CRAs reveal actual cases of corruption, the initiation of a criminal prosecution depends on the mandate of the assessing body and its deliberate choice.

The definition of corruption, as well as corruption risks, can significantly vary from one state agency to another.

Therefore, rather than predefining those concepts, one of the methodological foci of this paper falls on understanding how agencies define CRAs and targeted corruption types and risks.

Nevertheless, in most of the cases discussed in this paper, the corruption type targeted by public bodies does not focus on an assessment of individuals’ behaviour but rather on structural loopholes and favourable conditions for corruption to occur.[9]

While some risk assessment approaches may be applied in an unstructured and unstandardised way, many public bodies have started introducing more systematic approaches based on a standardised methodology.

Usually, public bodies responsible for CRAs are either independent anti-corruption commissions or departments and divisions within other controlling bodies (such as, a court of auditors, ministry of interior, etc).

While some risk assessment approaches may be applied in an unstructured and unstandardised way, many public bodies have started introducing more systematic approaches based on a standardised methodology.

Such a methodology can rely on existing studies and international best practice, or on internal practices, self-assessments, and the general experience of the assessors.

The application of CRAs can either lead to follow-on investigations and prosecutions or may be triggered by criminal cases, while they can also support preventive measures aimed at addressing risks before corruption actually occurs.


The methodology used in this paper includes desk research on selected cases and semi-structured interviews with representatives of public bodies, international organisations, and CSOs dealing with CRAs in the selected countries.

The interviews were conducted with members of civil society and anti-corruption bodies in the selected countries who were either directly in charge of CRAs or experienced in it.

In total, ten interviews were conducted (some with multiple participants from the same agency or organisation).

Among the secondary sources[10] used for the desk research are various policy reports published by international organisations (eg, the Organisation for Economic Co-operation and Development (OECD) integrity reports) and civil society, as well as internal documentation of CRA methodologies provided by the responsible public organisations.


[1] Transparency International 2011.

[2] Martini 2012.

[3] Ceschel et al. 2022.

[4] See Andersson and Bergman 2009; Samociuk and Iyer 2010; Monteduro et al. 2021.

[5] Hansen 2011; Capasso and Santoro 2018; Thaler and Helmig 2016.

[6] Williams 2014.

[7] CoE 2019

[8] Fazekas and Kocsis 2020.

[9] Thompson 2018.

[10] By secondary sources here and thereafter, we mean data that were collected not by the researcher at first hand, but by somebody else (eg, statistical data from national statistical services, various corruption prevention indexes prepared by international organisations, and CSOs). On the contrary, primary sources involved data collection by the researcher (eg, interviews, focus groups).

Originally published at


Poltoratskaia, V.; Fazekas, M.; (2023) Corruption risk assessments: country case studies highlight advantages and challenges of diverse approaches. Bergen: U4 Anti-Corruption Resource Centre, Chr. Michelsen Institute (U4 Issue 2023:2)

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *