Defining the process

Corruption risk assessment is an important part of modern organisational governance policies. Through this process, public and private institutions can systematically identify, analyse and manage vulnerabilities that may encourage corrupt behaviour in their day-to-day activities.

According to Organisation for Economic Co-operation and Development (OECD)In order to better understand and manage corruption risks, including bribery of foreign public officials, development cooperation actors need to focus on a two-step process: on the one hand, they need to address corruption risks and model integrity in the management of official development assistance (ODA); on the other hand, they need to ensure policy coherence, individually and through concerted action, at national and international levels, when taking measures to combat corruption." (OECD, Recommendation of the Council for Development Co-operation Actors on Managing the Risk of Corruption, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0431)

Also, Council of Europe, in a methodological framework developed to support public integrity policies, defines corruption risk assessment as follows: "A preventive tool that involves identifying, analysing and assessing the risks of corruption within a governance mechanism, by mapping its individual components in detail, identifying weaknesses that may facilitate corruption, and assessing the likelihood and impact of these risks." (Council of Europe, Rationale and outline of a Corruption Risk Assessment methodology, https://rm.coe.int/eccd-cra-methodology-proposal-en/168098f194)

In addition to these frameworks for the public sector, there are also methodological tools developed specifically for the private sector:

UNODC guidance for the business sector - Publication An Anti-Corruption Ethics and Compliance Programme for Business provides companies with concrete recommendations for developing a compliance programme, with a focus on risk identification and management, due diligence and codes of conduct( https://www.unodc.org/documents/corruption/Publications/2013/Anti-CorruptionEthicsComplianceProgramme.pdf )

UN Global Compact Platform
This initiative supports businesses to adopt anti-corruption measures through self-assessment tools and best practices, with particular applicability in international supply chains (https://unglobalcompact.org/what-is-gc/our-work/governance/anti-corruption )

OECD guidelines for multinational enterprises
These guidelines are a set of international standards of responsible business conduct for companies operating internationally. They provide detailed recommendations on preventing bribery, reporting wrongdoing and taking an active role of management in overseeing integrity risks. The 2023 update also includes requirements on due diligence in supply chains, tax transparency and responsible use of technology ( https://www.oecd.org/en/publications/2023/06/oecd-guidelines-for-multinational-enterprises-on-responsible-business-conduct_a0b49990.html )

OECD report entitled "Companies' Assessments of Anti-Corruption Compliance" (2024) provides a detailed analysis of how companies, particularly large and multinationals, assess their own anti-corruption compliance programmes. The study highlights recent trends in self-assessment, the methods used to test the effectiveness of measures to prevent bribery, as well as the challenges encountered in implementing and monitoring these programmes. The report underlines the need for a systematic, risk-based approach tailored to the size and specificity of each organisation (https://www.oecd.org/en/publications/companies-assessments-of-anti-corruption-compliance_977ed5a8-en.html )

The relevance of corruption risk assessment for companies

The importance of this assessment derives from the benefits it can bring to an organisation. Effective assessment helps prevent legal sanctions and financial loss. International regulations, such as the Foreign Corrupt Practices Act (USA) or the UK Bribery Act, impose strict standards of ethical behaviour on companies. Breaches of these rules can lead to serious legal consequences, including substantial fines and trade bans.

Risk assessment then strengthens internal governance systems and supports the development of an organisational environment based on transparency and accountability. By identifying sensitive areas - such as interactions with public authorities, procurement or external contracts - companies can adapt their policies and procedures to prevent risks.

Another benefit is protecting reputation. In a globalised economy, public perception and the trust of business partners can have a decisive influence on an organisation's success. Companies that demonstrate a commitment to ethics and integrity are favoured in business dealings and are more likely to attract investment and collaborations.

Essential elements of the process

Corruption risk assessment involves several key steps. In the first phase, relevant data is collected on internal processes, stakeholders and organisational history. This is followed by the identification of risk factors, including commercial pressures, lack of controls or operations in jurisdictions with high levels of corruption.

Each risk is then analysed in terms of likelihood and impact, often using a risk matrix. In parallel, the effectiveness of existing controls is assessed and the level of residual risk - the risk that remains after preventive measures have been put in place - is estimated. Depending on the results, the company may decide to implement additional measures such as employee training, internal audits, extended due diligence or revised policies.

Practical example: Siemens AG

A relevant example of corruption risk management is Siemens AG. In 2008, following an international investigation into illegal payment practices, Siemens was fined more than $1.6 billion for bribery offences in several countries. This marked a profound transformation in the company's approach to compliance and integrity.

Subsequently, Siemens implemented an extensive compliance programme in which regular assessment of corruption risks plays a central role. The company introduced rigorous policies on interactions with external parties, set up a network of global compliance officers and launched anonymous reporting channels. It has also invested significantly in training employees and strengthening organisational culture. Through these measures, Siemens has rebuilt its reputation and become a role model in corporate governance.https://www.siemens.com/global/en/company/about/compliance.html)