Corruption Risk Assessment (CRA)

Corruption Risk Assessment (CRA) is a process that aims at increasing the level of integrity (resistance to corruption and unethical behavior) of a sector or institution by identifying the risk factors that may facilitate a corruption case, as well as by developing and implementing measures for mitigation or elimination of those factors and risks.

 Why is it important?

If implemented properly, corruption risk assessment can become an important and effective integral part of the corruption-prevention policy, essential for identifying and managing corruption risks, which is critical for the long-term successful operation of different parts of the public sector (as such, corruption risk assessment is basically a technical process and requires a certain level of sophistication and expert knowledge). However, it cannot by itself substitute good governance, good management, good regulation, good internal process, etc. Yet, one of the key benefits of corruption risk assessment is that it can give a better understanding of the corruption and integrity situation in a given context.

How it works?

The corruption risk assessment indicator explores whether the legal and methodological framework for corruption risk assessments has been adopted and implemented in public institutions. The indicator takes into account how systematic the practice is, whether it has become an integral part of organisational activities and whether it is sufficiently funded and regularly carried out.

There are different concepts of CRA: internal assessment (self-assessment), external assessment and mixed model. When it comes to SEE countries, CRA is mainly a self-assessment carried out the public institution’s representatives. Each public institution has to provide its self-assessment on corruption risks periodically to the oversight / coordination national authority – usually Agencies for Prevention of Corruption.

Within the Integrity Plans, beside the identification of risks and factors of those risks, the respective public institutions also have to develop mitigation measures for the identified risks and set the deadlines and persons in charge for each measure. After one or two years (differing from one jurisdiction to another), the public institutions report on their existing Corruption Risk Assessment Plans – what has been done so far and what measures were implemented/ risks avoided, and develop the new Plan for the forthcoming period. The process is monitored by the Agencies for Prevention of Corruption.

The main challenge in the implementation of the CRA concept is the acceptance that risks exist.

Environment and Security sectors

Higher Education and Public Enterprises sectors

Corruption Risk Assessment (CRA) is a process which aims at increasing the level of integrity (resistance to corruption and unethical behaviour) of a sector or institution by identifying the risk factors that may facilitate a corruption case, as well as by developing and implementing measures for mitigation or elimination of those factors and risks.

 Why is it important?

If implemented properly, corruption risk assessment can become an important and effective integral part of the corruption-prevention policy, essential for identifying and managing corruption risks, which is critical for the long-term successful operation of different parts of public sector (as such, corruption risk assessment is basically a technical process and requires a certain level of sophistication and expert knowledge). However, it cannot by itself substitute good governance, good management, good regulation, good internal process, etc. Yet, one of the key benefits of corruption risk assessment is that it can give a better understanding of the corruption and integrity situation in a given context.

How it works?

The corruption risk assessment indicator explores whether the legal and methodological framework for corruption risk assessments has been adopted and implemented in public institutions. The indicator takes into account how systematic the practice is, whether it has become an integral part of organisational activities, and whether it is sufficiently funded and regularly carried out.

There are different concepts of CRA: internal assessment (self-assessment), external assessment and mixed model. When it comes to SEE countries, CRA is mainly a self-assessment carried out the public institution’s representatives. Each public institution has to provide its self-assessment on corruption risks periodically to the oversight / coordination national authority – usually Agencies for Prevention of Corruption.

Within the Integrity Plans, beside the identification of risks and factors of those risks, the respective public institutions also have to develop mitigation measures for the identified risks, and set the deadlines and persons in charge for each measure. After one or two years (differing from one jurisdiction to another), the public institutions report on their existing Corruption Risk Assessment Plans – what has been done so far and what measures were implemented/ risks avoided, and develop the new Plan for the forthcoming period. The process is monitored by the Agencies for Prevention of Corruption.

The main challenge in the implementation of CRA concept is the acceptance that risks exist.

 What RAI did?

In December 2015, Regional Anticorruption Initiative (RAI) and United Nations Office on Drugs and Crime (UNODC) have launched the Southeast Europe Regional Programme on Strengthening Capacity of Anti-corruption Authorities and Civil Society to Combat Corruption and Contribute to the UNCAC Review Process (hereinafter the Programme).

One of the core activities of the Regional Programme in order to achieve its objectives is development of national methodologies and IT solutions for CRA and CPL.

The overall target of 3 beneficiary countries introducing or strengthening the CRA mechanism was achieved. At the early stages of implementation, 5 jurisdictions were initially planned to be engaged (BiH, Kosovo*, Montenegro, Moldova and North Macedonia) but ultimately the Outcome targeted the 3 jurisdictions: BiH, Montenegro and North Macedonia, due to the fact that both Kosovo* and Moldova already were implementing a CRA methodology and this work would have been duplicated. Moldova was well already advanced in implementing CRA mechanism, while Kosovo1 was supported by the Council of Europe in developing its capacities for implementing CRA.

Throughout the Regional Programme, national methodologies on CRA were developed for 3 countries (BiH, Montenegro and North Macedonia) and trainings were carried out in each of these jurisdictions. These trainings were assessed as useful by the participants[2]. Legal opinions on national methodologies were provided for Moldova, BiH, North Macedonia, Montenegro, to support the introduction of the concept of corruption risk assessment into the national legislative framework and/or administrative practice.

In Montenegro, CRA was already being implemented in the country in 2016, but for a limited number of institutions. By 2020 it is mainstreamed across the public sector. With the help of the Regional Programme, expert guidance was provided on Montenegro’s CRA approach. Additionally, under the Regional Programme more than 200 Integrity Managers across 700 public institutions at national, municipal and local level were trained in 3 workshops nationwide over the course of the Regional Programme.

Furthermore, the tailored support for the health sector in Montenegro via a training workshop (Podgorica, April 2018) and expert guidance on this sector’s new integrity plans. This sectoral approach was lauded as very relevant and was used in the programming of the subsequent phase of the Regional Programme.

North Macedonia the outcome can be seen to have been partially achieved, mainly due to the external conditions beyond the control of the Programme Team. The existing CRA framework in North Macedonia was deemed more complex than in other countries, and unusually, it is under the remit of the Ministry of Finance. Through the Regional Programme, RAI provided expert support on pointing out the limitations of their existing approach) and provided recommendations for revising the national methodology, which were partially implemented and thus strengthened the CRA mechanism. North Macedonia adopted a new guideline on fraud and corruption risk assessment in 2017. It is safe to state that these guidelines were influenced by the Regional Programme activities.

In BiH, two beneficiary institutions were included in the Programme (APIK and HJPC). Namely, during the initial phases of implementation, it became clear that the HJPC was an interested and willing potential beneficiary for the IT solution for CRA. As a result, RAI adapted their plan allowing HJPC to come on board as an additional beneficiary.

Apart from issuing recommendations on improving the CRA mechanism in the country, the key focus was on the development and roll-out of the IT solutions for CRA. The inclusion of HJPC in the Programme was inspired by the HJPC engagement in the field of strengthening the integrity of judicial office holders, paired with a particularly high absorption capacity for the IT solutions. The Regional Programme originally envisaged creating one tool which could be customised to different institutions but over the course of the implementation, it became clear that two separate tools were required because of the distinct needs of the judicial sector tool (HJPC) and the more general anti-corruption agency tool (APIK). The need for diversification of the CRA tool was also influenced by the substantial difference in the level of ‘e-preparedness’, or the IT-related capacities of these institutions. By the end of Regional Programme, the IT tools have been developed, tested and deployed at the beneficiaries’ infrastructure. To help both APIK and HJPC take on the full roll out of the tool, the Programme Team developed the video tutorial[3] for the end-users of each of these CRA tools, thus boosting the potential for sustainability of the tool countrywide. Additionally, the HJPC co-operation in BiH was another example of the sectoral approach.

What are the next steps?

In the following years. RAI will maintain providing support to member countries in developing and strengthening implementation of CRA mechanisms with the focus on impact assessment, continue providing training for respective government officials in selected sectors and for CRA practitioners through process of introducing/upgrading CRA IT tool.
Expected results after the implementation of project activities related to the execution of CRA mechanisms:

Strengthening regional cooperation and exchange of good practices and serving as a network for information and expertise exchange will remain RAI’s mission.

* This designation is without prejudice to positions on status, and is in line with UNSCR 1244/1999 and the ICJ Opinion on the Kosovo declaration of independence.

[2] Final External Evaluation Report, Suzanne Mulcahy PhD and Coralie Pring, April 2020

[3] Video tutorial for users of APIK’s CRA IT tool and video tutorial for users of the HJPC’s CRA IT tool