1 Introduction
The prevention of corruption is a significant challenge for the public sector. Its ability to ensure sustainability at micro and macro levels and to be resilient to corruption can be heavily affected by the level at which corruption risks are preventively managed (Bogodistov and Wohlgemuth
2017; Del Monte and Papagni
2001; Forson et al.
2016; Green
2015; Kapstein
1998; Mauro
1995; Rose-Ackerman and Palifka
2016; Smith and Fischbacher
2009; Tunley et al.
2018).
Major international organizations such as the Organization for Economic Cooperation and Development (OECD), the United Nations (UN), the European Union (EU), and the Group of States against Corruption (GRECO), as well as policymakers around the world, have stressed the importance of risk management as a useful mechanism to prevent corruption. Practical implementation of risk management has been supported by a series of standards or guidelines. For general operational risks, the two best-known and most widespread standards are ISO 31000
1 and the Enterprise Risk Management (ERM) system proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO
2007). Those systems describe risk management as a ‘process’ that involves clear phases: establishing the context, risk identification, risk analysis, risk evaluation, and risk treatment. This general approach to risk management has been translated into the anticorruption field by international (e.g. OECD), national (e.g., the national authorities against corruption [ANAC] in Italy) and regional bodies (e.g. the New South Wales Treasury in Australia). The growing use of integrated risk management general standards or specific guidelines for corruption risk management is designed to underpin organization-wide strategies by identifying, assessing, and responding to risks on an ongoing basis. It also enables continuous screening for new risks (Hansen
2011) and addresses the problem that a fragmented and reactive approach to risk management would not produce the intended results. These standards or guidelines identify the ‘organization’ as the level with the primary responsibility for managing corruption risks.
Despite the proliferation of risk management standards and guidelines, few studies have examined these standards, especially those for corruption risks. There is considerable rhetoric expressed by regulators, professional associations and consulting companies, but scholars show more caution, or even scepticism, about the use of risk management standards (Power
2009; Hansen
2011). There are still many unanswered questions. For example, we do not know if the implementation of these systems leads to the desired outcome (greater effectiveness of prevention systems), nor do we have a full understanding of how these systems are implemented in organizations and what factors can improve their implementation.
This last issue is the focus of our study. Beasley et al. (
2005) observed that very little is known about the factors that affect the implementation of risk management standards within organizations in the business sector. As far as can be ascertained, no studies have examined the factors associated with the degree of implementation of standards or guidelines specific to corruption risks. We suggest that this may be at least partly because corruption risks are often perceived as a technical problem or a regulatory issue. However, we believe that corruption risk management should be viewed as a decision-making process in itself.
If this is so, the implementation of corruption risk management systems can be examined within the more general context of implementation of decision-making processes, where there is a broader body of knowledge. Both traditional management theories (such as institutional theory and the resource-based view) and public governance theories (such as inclusive or collaborative governance) have been successfully applied to the study of decision-making processes. These theories are very different in their nature and structure, but agree that stakeholder engagement is relevant in shaping the decision-making process.
We therefore started from the point that corruption risk management is a decision-making process, and that relevant theories suggest that stakeholder engagement can affect decision-making processes. We developed two research questions: (1) does stakeholder engagement prompt the public sector to manage corruption risks?; and (2) how do stakeholder engagement factors affect the implementation of corruption risk management in public sector organizations?
International and national anticorruption bodies have encouraged public sector organizations to engage external and internal stakeholders in decisions about how corruption risks should be managed. However, there is still not enough research in this area. This study aimed to help to fill this gap, by empirically testing whether stakeholder involvement, as both a managerial driver and a mechanism of collaborative governance, can predict the extent of implementation of corruption risk management systems. We followed the general definition of stakeholder engagement proposed by Greenwood (
2007: 317), of “practices that the organization undertakes to involve stakeholders in a positive manner in organizational activities”. We therefore used the terms stakeholder engagement and stakeholder involvement interchangeably.
Our study focused on Italy, for two main reasons. First, the national government has encouraged use of an organization-wide risk management framework built on ISO 31000 risk management standards. Second, despite this effort, public corruption is perceived as profound (Transparency International
2017). The government first required corruption risk management in the public sector in 2012, through an Anticorruption Law (no. 190/2012). This law required all public sector organizations to adopt and publish a three-year anticorruption plan based on a risk management approach, and created a national authority known as ANAC (
Autorità Nazionale Anticorruzione), to guide and supervise the Italian public sector’s efforts to manage corruption risks. ANAC issues an annual national guideline (
Piano Nazionale Anticorruzione, PNA) which provides the reference standard for public organizations to identify, assess, treat and monitor corruption risks. This study provides an analysis of the anticorruption plans of a sample of public sector organizations to explore the extent of implementation of corruption risk management guidelines issued by the national anti-corruption authority.
The remainder of the study is structured as follows. The next section contains an overview of the concepts of corruption risk management and stakeholder engagement, and is followed by a section on hypothesis development. The paper then sets out sample characteristics, methodology, data and findings, before a discussion, conclusions and implications for future research and practice.
2 Corruption risk management and stakeholder engagement
Corruption is broadly defined as a misuse of public office for private advantage (Lasthuizen et al.
2011; Rogow and Lasswell
1963; Rose-Ackerman
1978). There is a general consensus among scholars that it has multidimensional and detrimental effects including economic instability, social inequality, inefficiency and resource waste (Abed and Davoodi
2000; Del Monte and Papagni
2001; Lisciandra and Millemaci
2017; Rose-Ackerman and Palifka
2016).
A growing body of scholars (Graycar and Prenzler
2013; Graycar and Masters
2018; Tunley et al.
2018) have discussed how corruption prevention can be improved by identifying potential corruption risks for each function of an administration. They have viewed corruption as a ‘risk to be systematically governed’ (Hansen
2011). Seeing something as a risk is one of the primary ways in which a problem becomes visible and governable (Power
2007). This suggests that preventing corruption means managing corruption risk. This approach does not aim to eliminate or avoid risks altogether, but to achieve reasonable reduction of risks through a comprehensive understanding of the operating processes and circumstances that may allow corruption to happen. Corruption risk management systems should improve the efficiency and effectiveness of corruption prevention interventions, because they allow interventions to focus on the processes most exposed to risk and also facilitate the selection of prevention measures to fit the sources of risk events. Without an organized risk management system, an organization may implement corruption controls that result in an excess of measures that are not connected to the main areas of operations.
Previous studies have framed risk management as a decision-making process (Lu et al.
2012). We also know that the involvement of stakeholders
2 in decision-making helps to improve its quality by using information and solutions from various actors. It also reduces cost and delays in implementing decisions by limiting controversy, delays, or litigation (e.g. Edelenbos and Klijn
2005; Creighton
2005). It follows that stakeholder engagement is important in risk management decision-making. We therefore wondered whether stakeholder engagement could prompt the public sector to manage corruption risk.
International organizations and national anti-corruption bodies have often suggested this. For instance, in its Integrity Review of Italy, the OECD (
2013: 113) emphasized the involvement of internal and external stakeholders which, “where practicable, is a key step towards securing their input into the process and giving them ownership of the outputs of risk management. It is also important to understand stakeholders’ concerns about risk and risk management, so that their involvement can be planned and their views taken into account in determining risk criteria”. No academic studies were found that focused specifically on stakeholder involvement in ‘corruption’ risk management, although public sector scholars have investigated this issue in other areas of decision-making. The engagement of stakeholders in public decisions is typically seen as a mechanism of public governance that reshapes the traditional paradigms—mainly based on hierarchical processes—through which public policies are conceived.
Over the past few decades,
collaborative governance has been used in public organizations as an alternative to the adversarialism of interest group pluralism and the accountability failings of managerialism, following the previous failures of downstream implementation and the high cost and politicization of regulation (Ansell and Gash
2008). For the bulk of the public sector research (Frederickson
1991; Kettl
2015), stakeholder involvement in public policymaking is therefore one of the new collaborative governance archetypes for governing in democratic systems. From an accountability perspective (Gray et al.
1997), stakeholder involvement contributes to making traditional institutions and governance systems more transparent and closer to stakeholders’ expectations. The process of dialogue between public organizations and their stakeholders gives rise to relationships of mutual learning that would facilitate the convergence of actions and trust among the actors involved, laying the groundwork for legitimization (Ansell and Gash
2008; Roberts
2002). From a participatory democracy standpoint (Fung
2009; Vigoda
2002), this involvement is also a way in which public organizations and stakeholders can co-operate to set up sustainable public policies. Values such as inclusivity, equality of standing, and power between the actors involved make stakeholders feel responsible for policy decisions and enable the development of more successful public policies (Ansell and Gash
2008; Emerson et al.
2012; Fung
2009).
Stakeholder engagement in policy implementation also has roots in management practices. Research on management notes that a different style of public management is needed in public agencies that engage stakeholders in a collective decision-making process that is consensus-oriented and deliberative, and that aims to make or implement public policy or manage public programs. This new style emphasizes participation, enablement, transparency and accountability rather than hierarchy and control (Kapucu et al.
2009).
In the field of risk management research, proponents of the
inclusive governance approach assume that risk management is a complex decision-making process that requires knowledge and legitimacy (Renn
1999; Renn and Schweizer
2009; Webler
1999; Webler and Tuler
2018). Inclusive governance is based on the assumption that all stakeholders have something to offer to the risk management process, and that reciprocal communication, assessments and evaluations facilitate implementation rather than compromising decision-making and compliance with legal requirements (Renn and Schweizer
2009; Webler
1999). Stakeholder engagement is therefore a key mechanism for the complex decision-making processes involved in risk management. These processes need inputs (knowledge and values) that are not held by any single actor. The involvement of stakeholders could avoid missing important information and views, and ensure that different types of knowledge are included. Stakeholder engagement is therefore a mechanism through which all the problem-relevant knowledge and values are incorporated into the decision-making process, enhancing the effectiveness and legitimacy of risk management.
The management of corruption risks is a particular form of risk management, so it is reasonable to hypothesize that stakeholder engagement can play an important role in it. But how does stakeholder engagement affect the implementation of corruption risk management in public organizations? And which categories of stakeholders should be involved? To provide a comprehensive explanation of the stakeholders’ contribution, we used the citizenship perspective proposed by Crane and colleagues (
2004). They argued that stakeholders “are citizens, or that they represent citizens’ interests” (Crane et al.
2004:110). Thinking about stakeholders as ‘citizens’ means seeing them as individuals with social, civil, and political rights that citizens might expect to have respected and protected, over and above their stakeholders’ rights. However, it is also important to understand which stakeholders should be involved. Creighton (
2005) noted that the qualification of an actor as a stakeholder is a relative concept that depends on the context and the specific objective.
Within the field of anti-corruption and in the Italian public sector (the focus of this study), public organizations are largely responsible for corruption risk management. Different types of organizations (for example, a local health organization or a public university) have different stakeholders, but some reviews by the national anti-corruption authority show that three categories have usually been involved (ANAC
2015,
2018):
These three types of stakeholders make different contributions to the corruption risk management process. Using the categories proposed by Renn and Schweizer (
2009), we can describe the possible contributions of different stakeholders to the knowledge (about risks, their causes and their impacts) and values (criteria to assess the risk treatment measures and attitude towards risk) required by the corruption risk management process.
Employees may provide knowledge about the internal context. They are familiar with the organization’s operational processes and other internal issues. Their knowledge is essential to correctly identify, analyse, evaluate and treat corruption risks related to operational processes. They may also contribute on values, providing the criteria for assessing the feasibility and cost of prevention measures.
Governing bodies (the structure and form of which will vary between types of organization) can provide an essential contribution in what Renn and Schweizer (
2009) described as ‘values’. They may intervene in assessing the desirability and feasibility of possible risk treatment measures as well as in defining the level of risk tolerance.
Organizations that represent specific groups such as users, professionals, or businesses may contribute to knowledge as well as the values necessary to make effective, efficient, fair and sustainable decisions about corruption risks. For example, local health organizations may involve patient advocacy organizations to provide data and information to identify the operational processes with the greatest risk of corruption (for example, providing data on the main disruptions detected by civic audits conducted by these associations). They could also suggest specific prevention measures that would make sense to users. The participation of these organizations can also improve ‘the variability of values’, which is necessary to define the attitude toward risks at the heart of the corruption prevention strategy.
5 Data analysis
To test the hypotheses, we carried out a multivariate analysis using an ordinary least squares (OLS) regression model. This enabled us to understand the effects of stakeholder engagement (independent variables) on the extent of implementation of the corruption risk management process (dependent variable), keeping the other variables under control.
The results of Pearson’s correlation analysis are shown in Table
1.
Table 1
Descriptive statistics and bivariate correlations (n = 343)
Extent-impl | 0.52790 | 0.21410 | 1 | | | | | | | | | | |
External_inv | 0.70554 | 0.75172 | 0.110* | 1 | | | | | | | | | |
Internal_inv | 1.39650 | 0.96439 | 0.098 | −0.371*** | 1 | | | | | | | | |
North_it | 0.48979 | 0.50063 | −0.010 | −0.140** | 0.015 | 1 | | | | | | | |
Centr_it | 0.20117 | 0.40146 | 0.091 | 0.100* | −0.108* | −0.492*** | 1 | | | | | | |
South_it | 0.30904 | 0.46277 | −0.068 | 0.069 | 0.078 | −0.655*** | −0.337*** | 1 | | | | | |
Experience | 2.68129 | 1.03070 | 0.209*** | −0.0411 | 0.021 | 0.043 | −0.059 | 0.005 | 1 | | | | |
Size | 692.918 | 2343.78 | 0.201*** | 0.064 | −0.005 | −0.062 | 0.125* | −0.041 | 0.051 | 1 | | | |
health_Aut | 0.07580 | 0.26507 | 0.118* | 0.068 | −0.061 | −0.038 | −0.034 | 0.071 | −0.018 | 0.369*** | 1 | | |
Local_aut | 0.83090 | 0.37538 | −0.295*** | −0.053 | −0.009 | 0.022 | 0.032 | −0.052 | −0.261*** | −0.273*** | −0.635*** | 1 | |
Functional_aut | 0.09329 | 0.29127 | 0.272*** | 0.006 | 0.066 | 0.006 | −0.011 | 0.002 | 0.353*** | 0.016 | −0.092 | −0.711*** | 1 |
Table
2 shows the results of the OLS regression analysis. This regression model included the dependent variable (
extent-
impl), the two independent variables that consider the involvement of external stakeholders (
external_inv) and internal stakeholders (
internal_inv) separately, and all the control variables. The results of the OLS regression show that our model fits the data quite well (the
F value was significant at the 0.001 level).
Table 2
Results of the OLS regression analysis
External_inv | 0.044** |
Internal_inv | 0.035** |
North_it | 0.033 |
Centr_it | 0.071* |
Experience | 0.028* |
Size | 0.000** |
Health_aut | 0.079 |
Functional_aut | 0.162*** |
Cons | 0.314*** |
R2 | 0.17 |
Prob > F | 0.000 |
N. of obs. | 343 |
The absence of any severe multicollinearity amongst the independent variables was confirmed by examining the variance inflation factor, which had a mean value of 1.51 and maximum value of 2.17. Breusch–Pagan testing showed that the variance of errors was constant for each value of the independent variable (p-value = 0.53). All this meant that the assumptions in the OLS model were respected.
The regression model showed that there was a positive and statistically significant (p < 0.01) relationship between the dependent variable and the two independent variables (external_inv and internal_inv). This suggests that higher levels of external or internal involvement are associated with a greater degree of implementation of the corruption risk management process by public organizations. This supports both our hypotheses (H1, H2).
There were several significant results on control variables. Experience in the development of anticorruption plans seemed to have a positive and significant impact on the extent of implementation of the corruption risk management process. Size showed a significant relationship with the dependent variable. The territorial context (geographical location) was also quite relevant, as was the type of organization (the extent of implementation of the corruption risk management process of local and regional authorities showed lower compliance than the other categories).
To test the robustness of our results, we ran the model without the control variables. The relationships between the dependent and independent variables were still significant. These models were not included in the article, for reasons of brevity.
6 Discussion
Our findings confirm that the involvement of both internal and external stakeholders is positively related to the extent of implementation of corruption risk management by public sector organizations. These results can be explained using different theoretical perspectives.
First, we think that institutional theory explains why the involvement of an internal actor such as the governing body is related to extent of implementation of corruption risk management by public organizations. The implementation of corruption risk management systems is required by anti-corruption bodies and civil society organizations, which shape the institutional and political context for the political representatives in the governing bodies. These representatives are therefore particularly sensitive to these institutional pressures. They therefore encourage full compliance with the corruption risk management standards most commonly accredited in their institutional environment (in our study, the guidelines of the national anticorruption authority), to improve their reputation and gain political advantages. This does not necessarily mean that they are motivated by the desire to reduce corruption, however, because their behaviour can be the result of opportunistic motivation or a simple reaction to institutional pressures.
The resource-based view provides a convincing explanation of why the involvement of employees is related to the extent of implementation of corruption risk management. Employees hold fundamental resources for the implementation of the corruption risk management process, and possess relevant competencies for its different phases. Employee involvement is probably a mechanism for distributing and developing these skills. The involvement of employees can improve the implementation of risk management through the mobilization of specific knowledge (e.g. on processes, risks and their sources). By involving groups of employees (for example through internal meetings or training activities), it is also possible to activate a ‘collective learning process’ that improve implementation capabilities.
Public governance theories (collaborative governance and inclusive governance) help to explain our results on external stakeholder involvement. These stakeholders are interested in how public sector organizations prevent integrity violations because corruption affects their lives and communities. Verdenicci and Hough (
2015) noted that corruption is a collective action problem. To tackle it, high social capital and social trust are necessary. In line with collaborative governance research (Chrislip and Larson
1994; Kapucu et al.
2009; Kraatz and Zajac
2001; Newbert
2007; Page
2010), our result suggests that the involvement of external stakeholders (especially users/citizens associations and professional/businesses unions) in risk management processes can contribute to several stages of the risk management process (establishing the context, risk identification, risk analysis, risk evaluation and risk treatment). The dialogue and feedback arising from this involvement may enhance public trust, allowing a shared understanding of how better to contextualize and manage the problem of corruption. Involving external stakeholders can also improve risk management implementation because it helps to develop knowledge and legitimacy (Renn
1999; Renn and Schweizer
2009; Webler
1999; Webler and Tuler
2018).
We found that organizational experience in anticorruption had a positive effect on the extent of implementation of corruption risk management. In line with the resource-based view (Newbert
2007), this may be because this experience enables public officials, and in turn public organizations, to better deal with corruption risk management processes. Organizational size was also significantly and positively related to anticorruption implementation. Institutional theory suggests that larger organizations comply with anticorruption regulations better than smaller ones, because larger organizations are under greater scrutiny and more careful to manage their reputation and legitimacy (D’onza et al.
2017).
7 Conclusions
The study investigated a neglected aspect of public corruption prevention, looking at the implementation of the corruption risk management process by public sector organizations. It discussed if and how the implementation of corruption risk management is affected by the engagement of stakeholders. Public sector organizations all have a unique corruption risk profile, so the implementation of a risk management process is not an easy task.
Using an empirical analysis, we found that the involvement of internal and external stakeholders in the anticorruption decision-making process contributes to the extent of implementation of corruption risk management. In the previous section we discussed how both traditional management and public sector theories can explain our results. The impact of internal stakeholders can be best explained using an organizational perspective, but the influence of external stakeholders is better understood in a collaborative governance framework. These perspectives are very different in their nature and structure, but they share the idea that stakeholder engagement is relevant in shaping the decision-making process. The study therefore benefits significantly from the reconceptualization of the implementation of corruption risk management as a decision-making process. Previous studies have suggested that stakeholders have the chance to influence the decision-making process, and our analysis shows that corruption risk management is one of the fields where this happens. Different types of stakeholders can make different contributions to the corruption risk management process. However, their involvement generally improves the quality of decision-making, making it possible to use information and solutions from various actors, and to reduce cost and delay in implementing decisions by limiting controversy, delays, or litigation (Edelenbos and Klijn
2005; Creighton
2005).
On a practical level, the study encourages public sector organizations to transform their current governance system and decision-making mechanisms (traditionally based on hierarchical mechanisms) into participatory processes. This will change adversarial relationships among stakeholders into more cooperative ones, and enable corruption risk management processes that are inclusive, shared, sustainable and empowered. In particular, organizations should empower all stakeholders to be aware of the current anticorruption choices and procedures, giving them the opportunity to advance their own point of view on an equal footing with other participants.
On a theoretical level, our study has exposed some clear gaps in the existing research and enabled us to make suggestions for further research. Future research on corruption prevention could address the issue of stakeholder involvement in other ways. For instance, it might test the effect of stakeholders’ level of commitment to collaboration on the success or failure of particular organizational anticorruption outcomes. Future scholars could also adopt a contingency approach (Ansell and Gash
2008; Emerson et al.
2012) to empirically investigate what type of contingency conditions (for example, incentives to participate or institutional design) might explain the relationship between stakeholder engagement and anticorruption efforts.
The study also had some limitations that could provide avenues for future research. First, the analysis considered the anticorruption plans for a limited period of time (one edition). Our investigation of stakeholder engagement was therefore cross-sectional and not longitudinal. It will be important to carry out some longitudinal analysis in future research. Second, our research adopts a ‘quantitative’ approach. This had several advantages, but did not allow us to analyse the ‘qualitative’ aspects of the implementation of the corruption risk management process and stakeholder involvement (especially in the measurement of variables). It would be interesting to vary the research method to capture some qualitative aspects that this study could not address. Other methods of data collection, such as interviews with public managers and/or risk officials, and other research approaches, such as network analysis, could help in studying this issue in more depth.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.