By Linn Latt
Powerful Tool
The effects of corruption are often intangible, yet they significantly hinder the sustainable development of our future world. Global data shows that the cost of corruption is staggering, with an estimated loss of approximately US$3.6 trillion annually – roughly five per cent of the global GDP. As the saying goes, “An ounce of prevention is worth a pound of cure.” This principle is exceptionally true for corruption; it is a challenge that must be addressed through prevention before it takes root. Among the various strategies available to prevent corruption, the most powerful tool is “Corruption Risk Assessment – CRA”. As a proactive mechanism, CRA is designed to detect and identify specific loopholes and vulnerabilities within a system where corruption is most likely to occur. By pinpointing these high-risk areas, organizations can effectively close the gaps before unethical actions can take root.
Another way to combat corruption is through Corruption Investigation, but this is inherently a reactive action. While it is essential to hold corrupt individuals accountable and ensure they face justice behind bars, the process demands significant budgets, resources, and human capital. Furthermore, by the time a perpetrator is prosecuted, the illicit funds often disappear, making it impossible to recover the full extent of the financial losses. Relying solely on investigation means reacting only after the damage to sustainable development and public trust has already been done. Therefore, focusing on Corruption Risk Assessment (CRA) provides a more resource-efficient and sustainable path toward a corruption-free future, and we should use this as an indispensable and proactive tool for all anti-corruption agencies to fight against corruption.
How CRA works
According to the definition provided by the United Nations Office on Drugs and Crime (UNODC) in the State of Integrity, “A corruption risk assessment is a systematic tool that can be used by public organizations to identify corruption vulnerabilities within their operations and devise efficient, cost – effective strategies to mitigate those vulnerabilities or risks.” In fact, a corruption risk represents the potential for an act of corruption to occur. Therefore, identifying corruption risks is akin to searching for the hidden roots of corruption, while mitigating those risks is essentially destroying the roots of the corruption plant before it can grow.
Furthermore, the Corruption Risk Assessment (CRA) acts as a specialized lens for identifying loopholes within public services. In many administrative processes, certain gaps and loopholes or ambiguities in rules, regulations and procedures can inadvertently create opportunities for malpractice. CRA meticulously examines these service delivery channels to uncover structural weaknesses – whether they be a lack of transparency, excessive discretionary power, or inadequate oversight. By proactively identifying and closing these loopholes and gaps, CRA ensures that public services remain resilient, accountable, and beyond the reach of corrupt intent, creating corruption – free public services.
Two types of Risk
Generally, every sector faces two categories of risk: internal and external. Internal risks typically arise during the management of public assets. These include vulnerabilities such as embezzlement, fraud, and financial losses resulting from corrupt practices. Key areas of concern include the procurement of organizational equipment, the management of stockpiles, and the overall expenditure of public funds. Furthermore, the safeguarding of confidential information is a critical component of asset management. Vulnerabilities such as the theft or unauthorized sale of sensitive data, including tender details, future acquisition plans, and national security information, must be rigorously addressed within the CRA process.
The second category, external risks, typically arises during interactions with the private sector or the general public. Factors such as undue influence, personal favouritism, or bribery can bias decision-making processes, leading to the distortion of an organization’s integrity and objectives. The collection of public revenue—including taxes, license fees, and import duties—presents significant loopholes where corruption may occur. Furthermore, external risks are often prevalent in procurement and contracting, such as showing favouritism towards a specific supplier during tender preparation or the awarding of contracts, as well as through unnecessary change orders. Other critical vulnerabilities include the processes involved in issuing permits, licenses, and official approvals, all of which require rigorous oversight within the CRA framework.
Five Practical Steps to Conduct CRA
To implement the CRA process practically, the first thing an organization needs to consider is the nature of its operations. Since corruption risks vary significantly across different sectors, understanding the specific functions, mandates, and operational environment of the organization is essential. This foundational step ensures that the assessment is tailored to identify the most relevant vulnerabilities unique to that particular entity.
As emphasized in the UNODC’s ‘State of Integrity’ guidance, a systematic five-step methodology is essential for conducting effective corruption risk assessments within any institutional setting.
Evaluating the operating environment – The initial step requires every organization to thoroughly evaluate its operating environment. This involves identifying various external factors that influence organizational and employee behaviour, while assessing the extent of the organization’s authority over these factors and the constraints it faces. To ensure a comprehensive assessment, the organization should consider a broad range of influences, including legal, regulatory, financial, technological, economic, natural, and competitive environments.
Identifying potential corruption risks – The second step of the process involves identifying the specific types of corruption risks to which the organization is, or may be, exposed. During this stage, the CRA working group meticulously examines the organization’s various functions to pinpoint areas where a dishonest actor could potentially exploit system vulnerabilities for illicit gain. By mapping these functional processes, the group can uncover exactly where the integrity of the organization might be compromised.
Analyzing corruption risks – The third step of the CRA process is to analyze the identified corruption risks. Once the working group has compiled a list of potential risks, an in-depth analysis is conducted to establish their nature and underlying drivers. During this stage, the group may interview staff, examine internal documents, or review existing corruption controls. Relevant internal documents typically include past audit reports, investigation findings, and accounting or procurement records to identify recurring patterns of vulnerability.
Evaluating corruption risks – During the fourth step, the identified issues are prioritized. Working group members must assess which risks require the most urgent attention in the mitigation plan. This evaluation ensures that resources are allocated effectively to address the most critical and high-impact vulnerabilities first. According to the UNODC outlines, the risk prioritization process should be conducted based on two primary dimensions: Likelihood and Impact Severity. As illustrated in the Risk Matrix below, this process helps the working group categorize risks into different levels, such as Minor, Moderate, or Major. For instance, a risk that has a high likelihood of occurring and a high impact severity (e.g., bribes to allow illegal logging) would be classified as a top priority. This systematic approach ensures that the most critical vulnerabilities are addressed first in the mitigation plan.
Preparing and finalizing the mitigation plan to treat the corruption risks – The final step of the process is to prepare and finalize a comprehensive mitigation plan to effectively manage and treat the identified corruption risks. This plan serves as a strategic roadmap for the organization to implement specific controls, assign responsibilities, and establish timelines for reducing vulnerabilities to an acceptable level. Since every organization possesses a unique nature and structure, the risk mitigation plan must be tailored to align with its specific organizational culture. A plan that respects and integrates with the existing internal environment is far more likely to be embraced and effectively implemented by its members.
To cut down the roots
Ultimately, Corruption Risk Assessment (CRA) has become a powerful strategic tool because it shifts the focus from merely addressing symptoms to identifying and addressing the root causes of corruption. By proactively diagnosing systemic vulnerabilities and implementing targeted mitigation strategies, organizations can effectively cut down the opportunities for illicit behaviour before they manifest. This forward-looking approach ensures a more sustainable and resilient framework for organizational integrity.
In conclusion, CRA stands as a powerful and indispensable tool capable of uprooting and eliminating the deep-seated causes of corruption. It is, therefore, vital for every organization to strive for its effective implementation. Beyond merely combating corruption, this process enhances organizational accountability and transparency, ultimately driving overall performance. By improving the quality of public services and fostering greater trust between the government and the citizens, CRA is a cornerstone for institutional integrity. For these reasons, I highly recommend that every organization prioritizes and integrates this essential process into its strategic operations.
References
• Anti-Corruption Commission of Myanmar (ACCM). Official Website. https://www.accm.gov.mm/
• United Nations Office on Drugs and Crime (UNODC). (2020). State of Integrity: A Guide on Conducting Corruption Risk Assessments in Public Organizations. UNODC.
#GlobalNewLightOfMyanmar