Supreme audit institutions can contribute to promoting substantial improvements in public management. In Colombia, the Office of the Comptroller General of the Republic (CGR) has implemented a new preventive and concomitant control function that identifies risks while projects and budgets are being executed. This report reviews the reform so far and highlights its potential for strengthening the public administration and thus enhancing the impact and relevance of CGR’s work. It addresses strategic considerations and provides recommendations on issues such as how to improve internal co-ordination within the CGR, promote behavioural changes, improve co-ordination with internal control units, and use data and innovative technologies for auditing. The report also points to the need for a sound and long-term fiscal management policy in Colombia.
Preventive and Concomitant Control at Colombia's Supreme Audit Institution
Abstract
Executive Summary
The role of supreme audit institutions (SAIs) has gradually expanded beyond traditional fiscal control. In particular, SAIs can provide critical evidence on what works and what does not work in public governance, and thus inform and promote substantial improvements in public management whilst responding to a crisis of trust in many countries and increasingly complex socioeconomic contexts.
In Colombia, a constitutional reform approved in 2019 gave the Office of the Comptroller General of the Republic (CGR) a preventive and concomitant control function that allows identifying risks and red flags while projects and budgets are being executed. With this new mandate, the CGR can take measures in real time and issue “warnings” and “alerts” to public managers to allow them to take corrective actions, tackle fraud and corruption and thus to meet the expectations of citizens.
Ensuring the effective implementation of the preventive and concomitant control function is crucial to its success. This report reviews the reform and related efforts by the CGR. It identifies opportunities for improvement and explores the potential for building a modern and resilient control system that responds to present and future challenges.
Main findings
The new preventive control is “exceptional”, not binding, and allows risks to be managed in real time. With the creation of the Directorate of Information, Analysis and Immediate Reaction (DIARI), the CGR can monitor, through data analysis, outstanding issues such as the level of execution of infrastructure projects and intervene in a timely manner if they observe cost overruns or delays (real-time surveillance). For example, during the COVID-19 health emergency, the CGR was able to monitor resources in real time by comparing market prices and calculating alleged cost overruns, allowing for timely corrections in public procurement.
However, challenges and opportunities remain. In particular, this study highlights the following:
There are still concerns associated with the abuses of ex ante control in Colombia, eliminated by the 1991 constitutional reform, and with the excessive use of “warnings” during the last decade. Likewise, a collaborative and preventive audit culture is lacking both in the CGR and in the administration. This makes it difficult to take advantage of the new preventive control and undermine its acceptance and ownership.
There is a high degree of confusion among public officials, both in the CGR and in the public administration, regarding the difference between "alerts" and "warnings" and their relationship with the preventive and concomitant control. Many officials associate preventive control only with alerts. However, the main regulations on preventive control do not refer to "alerts" and it is not clear at what stage an alert can become a warning.
The excessive formality in issuing “warnings” may be counterproductive for a mechanism that seeks to spur transformation in the public administration through the timely correction of detected issues. In addition, “warnings” can be communicated solely and exclusively by the Comptroller General. In the future, this could entail a risk of a possible abuse of the new function as well as a risk for the Comptroller General.
In Colombia, there is no unified, homogenised and open information system in the public sector. This implies that control entities often have their own isolated information systems. The availability and quality of data can vary significantly, thus affecting its use for analytics.
Preventive control is currently focused on the timely detection of cost overruns and unfinished infrastructure projects. However, there is a lot of potential to make better use of the analytical capacity of the DIARI to strengthen risk management, internal control systems and public administration processes in general.
There is a need to improve the co-ordination between the Internal Control Units (UCI) and the CGR. In particular, there is concern on the part of the UCI about the scope of their role, the excessive requests for information by the CGR, as well as the feedback on the information they provide. At the same time, there is an opportunity to strengthen and support the work of the UCI with the information generated by the preventive control of the CGR.
Finally, there is a concern in various sectors of society regarding the continuity of the new mandate over political cycles, in particular given the absence of a public policy of fiscal control that generates a long-term vision and that ensures the institutional continuity of this new way of exercising fiscal control.
Main recommendations
To address the challenges identified, the report provides a series of concrete recommendations to strengthen the use of preventive and concomitant control in Colombia:
Use the new function of preventive and concomitant control to generate synergies with public entities and thus overcome barriers of mistrust generated by the historic experiences with ex ante control.
Clarify the differentiated use of criteria and the functionality of “alerts” and “warnings”, including issuing audit guidelines that broadly outline the practices associated with preventive control.
Review the process of generating warnings to avoid excessive formality, taking into consideration the need to review the current regulatory framework, as well as the internal processes and procedures for its implementation. In this sense, consider increasing the checks and balances associated with the final decision when issuing a warning.
Promote a strategy that integrates and leverages the work of the DIARI in relation to preventive and concomitant control within the CGR, including the implementation of data quality models.
Strengthen the relationship of the CGR with key actors of preventive and concomitant control such as the UCI and promote fluid communication that allows them to use preventive and concomitant control to identify and manage risks within the public administration.
Promote a long-term vision of fiscal control in Colombia to provide a solid foundation for the continuity of initiatives such as the new preventive and concomitant control mechanism and the related institutional reforms and modernisations promoted in recent years.
