Public governance strategies, driven by the 2007 financial crisis, the economic slowdown and the COVID‑19 crisis and its socio-economic consequences, reinforce the need for governments to do more with less and force countries to conduct introspective evaluations of government processes and their results. Moreover, the decrease in citizens' trust in their governments, together with an increase in inequality, particularly in Latin America, underscores the need for public policies to be more efficient, and effective as well as to avoid waste, corruption and fraud in the use of public funds.

Colombia has a sceptical, polarised civil society with low trust in its institutions. For example, the 2021 OECD Government at a Glance reports that only 37% of Colombians expressed trust in the national government, with a 14 percentage point drop in trust compared to 2007 (Figure 1.1).

There are several factors that explain trust levels. Undoubtedly, the perception of government integrity is one of the most relevant factors (OECD, 2017[2]; Murtin et al., 2018[3]). As shown in Figure 1.2, citizens in Colombia perceive a high degree of corruption in state institutions that fuels mistrust (OECD, 2018[4]; OECD, 2019[5]; Transparency International, 2019[6]). This mistrust and the perception of corruption, whether based on fact or not, has eroded various aspects of the State-citizen relationship, as well as the relationship between citizens themselves. Aspects such as polarisation and recent cases of corruption in the political class have contributed to this (Observatorio de la Democracia, n.d.[7]). As such, citizens harbour distrust towards legal institutions or the effect that should follow when blowing the whistle. According to the Global Corruption Barometer, 59% of Colombians consider it unlikely that timely action will be taken based on a reported corruption case (Transparency International, 2019[6]) and deem it unlikely that the reporting of an act of corruption will lead to the adoption of strong or appropriate remedial actions (Transparencia por Colombia, 2020[8]).

To respond to these challenges and an increasingly complex context, it is vital to take steps to restore and build trust in institutions and promote a more systematic understanding of the meaning of effectiveness and efficiency. Supreme Audit Institutions (SAIs) have the potential to help governments meet these challenges and can provide critical evidence of what works and what does not work in public governance, beyond their traditional audit role (OECD, 2016[9]).

In Colombia, the Office of the Comptroller General of the Republic (Contraloría General de la República, CGR) is the entity responsible for fiscal oversight and control and is one of the autonomous and independent bodies of the Colombian State. The CGR was created in 1923, then organised as an office for accounting and fiscal control. In 1975, with Law 20, ex ante and ex post controls were created and the authority of the CGR was expanded to supervise the individuals who manage state assets and resources and endorse public debt contracts. In 1991, fiscal control took a constitutional turn. Ex ante control was eliminated and gave way to ex post and selective control. Finally, in 2000, the responsibility process was reduced to a single step and the concept of fiscal management and the elements for fiscal responsibility were defined (CGR, 2018[10]). In 2014, in Brasilia, the CGR signed the Declaration of Commitments to the ISSAI Implementation Initiative. In developing this commitment, the principles, foundations and general aspects of the ISSAI standards for financial, compliance and performance audits carried out by the CGR were adopted and guidelines were developed for the three types of audit. New guidelines on territorial audit, complementing the others, was published and updated in 2019.

In the context of the aforementioned challenges and changes within the role of SAIs, a constitutional reform recently granted the CGR a preventive and concomitant control function that allows the identification of risks and red flags while projects and budgets are being executed to allow corrective actions to be taken in real time and in a timely manner. Following international standards, there can be three types of audit at different moments in time (prior, concurrent and subsequent) to generate audit findings with recommendations that go beyond observations made during the audit and allow the closure of identified gaps in public management. Other countries in the region have introduced or are contemplating the introduction of similar reforms (Box 1.1).

The advantages and potential of the new preventive and concomitant control by the CGR are significant. The new function is based on the premise of a non-binding, technical approach that does not intend to do more than flag certain situations or events to the audited entity that shed doubts on its performance and that warrant review by the administration itself. For example, the new function allows the CGR to monitor the level of infrastructure project expenses in real time and thus to intervene in a timely manner in case cost overruns or delays are observed without having to wait for the work to be completed and merely document the findings in an ex post audit. As such, during the COVID-19 health crisis, the CGR was able to monitor the spending of associated resources in real time. An algorithm was developed to detect the unit cost information from documents pertaining to the contracting processes and compare it to market prices. From there, presumed cost overruns were calculated and corrective actions deployed (Contraloría General de la República de Colombia, 2021[14]).

Furthermore, the new function has the huge potential, yet to be exploited, to prevent mismanagement, fraud and corruption from the outset, through the strengthening of risk management, internal control systems and public administration processes in general. Box 1.2 shows, for example, how audit recommendations have contributed to strengthening internal control in Jamaica.

Furthermore, preventive control can also be of great help in promoting transparency, strengthening accountability and ensuring results. To achieve these objectives, preventive control should not only focus on the identification of shortcomings and findings, but should also allow the accumulation of lessons learned that later can contribute to generate significant changes in the management of public entities and, ultimately, achieve the objectives of public policies and provide efficient and effective public services to citizens.

The objective of this OECD report is to support the CGR in the implementation of this new mandate. It identifies opportunities for its improvement and explores the potential for its preventive use as well as the construction of a national control system in Colombia. The report reviews the efforts carried out since this new faculty was established and analyses the legal and institutional changes for its implementation, including the important role of the Directorate of Information, Analysis and Immediate Reaction (Dirección de Información, Análisis y Reacción Inmediata, DIARI). Additionally, it analyses the relationship between preventive control and internal control and risk management in public administration. Finally, the report sets forth recommendations related to the generation and articulation of a fiscal management policy in Colombia to ensure the continuity of preventive control and promote a coherent control system in the country.

In Colombia, preventive and concomitant control is based on the premise of being a function that consists of observing, inspecting and verifying the execution of a programme, project or operation so that the results obtained can be continuously compared with those expected. The different legal instruments related to this new function have made clear that unlike ex post control, its function is not to determine observations and findings or initiate fiscal responsibility processes (Figure 1.3). Rather, its role is focused on eliminating potential risks and foreseeable damages. To this extent, it is not intended to pass judgement on the activity of the financial manager (“gestor fiscal”), but to prevent damages through an effective mechanism (Corte Constitucional, 2020[15]). Preventive and concomitant control may also perform other functionalities still to be exploited, which will be set out in this report. Among other things, preventive control could contribute to more efficient spending and better management of public finances, or allow more timely and informed risk-related decisions.

Legislative Act 04 of 2019 amends articles 267, 268, 271, 272 and 274 of the Political Constitution to strengthen the constitutional and legal regime of fiscal oversight and control, incorporating, among others, article 267 on constitutional concomitant and preventive control, exclusive to the Office of the Comptroller General of the Republic, to complement ex post and selective control to guarantee the defence and protection of public goods. Concomitant and preventive control does not imply co-administration, it is of an "exceptional" nature and will be carried out in real time through permanent monitoring, thus allowing the audit function to be implemented in real time "through the use of information technologies, with the active participation of public oversight and the articulation with internal control”. The reform establishes the function of the CGR to warn public servants and individuals who manage public resources of the existence of imminent risks in operations or processes. It attributes the issuance of such "warnings" (advertencias) to the exclusive remit of the person of the Comptroller General (Gomez Lee, 2020[16]). The reform also allows the control of fiscal management to be carried out at all administrative levels and with respect to all types of public resources, including not only national but also territorial entities.

In turn, Constitutional Court ruling C-140/20 has warned about the limits of this new function. In this sense, preventive and concomitant control cannot influence management decisions to the point of instituting a system of co-administration or co-management, which is expressly prohibited by constitutional amendment. It also establishes that the concept of "warning" should allow not only the identification of the risks which loom over some projects, but should also give financial managers and executives the opportunity to carry out corrective actions prior to the generation of damages. Finally, it determines that the General Warning System (Sistema General de Advertencias, where the warnings issued by the CGR are recorded) must be used only for the purpose of preventing damages and, furthermore, to exercise control over risks and not over particular actions.

The Constitutional Court has emphasised that the new preventive control is not ex ante control such as the one that was eliminated in Colombia via the 1991 Political Constitution. At that time, the National Constituent Assembly decided to exclude the concept of ex ante control as it was considered ineffective and harmful, given that, according to the social imaginary, it had become an arbitrary co-administration system (González Zapata and Mosquera Perea, 2019[17]). According to the report of the fifth commission of public finance and the budget of the constituent authority:

“…ex ante control, standard in Colombia, has been disastrous for the public administration because it has distorted the objective of the Office of the Comptroller General by allowing it to abuse a certain co-administration, resulting in the comptroller having vast unipersonal power and has also lent itself to a cumbersome bureaucratic process that degenerates into corruption.”

However, since the constitutional change, academics and control entities have been vocal about the imminent need to establish more preventive tools and the possibility of identifying damages to public assets before they materialise (PGN, 2012[18]) (Uprimny Yepes and Sánchez Duque, 2012[19]) (Avellaneda y Asociados, 2019[20]). The constitutional reform set forth in Legislative Act 4 of 2019 was established based on this logic.

During the interviews carried out within the framework of this project, it became clear that there is a high level of concern or confusion among the public administration and the CGR regarding the differences between preventive and ex ante control. As such, it was evident that the perceptions that continue to affect the relationship between public entities and the CGR, as well as fears related to co-administration, still exist.

Although the historical reasons that led to a profound rejection of ex ante control are understandable, the concept of a preventive control is very different. The new norm does not affect the principle of separation of powers, it precisely establishes the limits, precautions and prohibitions under which the new preventive and concomitant control must be exercised (Corte Constitucional, 2020[15]). In this context, the new powers that were attributed to the Comptroller General are not absolute powers. On the contrary, far from usurping and replacing public powers, they have precise limits and are part of the competencies that exist in other American countries and that are common practice in other regions (Gomez Lee, 2020[16]).

Indeed, according to the reform, the new preventive and concomitant fiscal control model must comprise five main characteristics:

• It must not involve co-administration, it will be carried out in real time through permanent monitoring of cycles, use, execution, contracting and impact of public resources, using information technologies and with the active involvement of social control and the support of internal control.

• It is exceptional and non-binding.

• It does not dictate on the advisability of the decisions of the administrators of public resources.

• It will be implemented in the form of a "warning" to the financial manager.

• Its implementation and co-ordination will fall exclusively to the Comptroller General of the Republic in specific matters.

Undoubtedly, preventive and concomitant control is a useful tool to ensure timely fiscal control and is a valuable instrument in the fight against corruption. That is why its use must be enshrined within the framework of the restrictions of Legislative Act 04 of 2019. As such, the investment of time and resources into its implementation must be ensured, including adequate communication strategies that generate trust between public institutions, citizens and other stakeholders. All of this is needed to reinforce the understanding of the existing legal framework and to allow entities to understand that this reform is a platform to improve their processes and of the control systems. As such, even when the decision making of public servants is based on their discretion and the framework of the regulations that regulates their competences, they must also consider compliance with the mission objectives of their function. In this framework, a SAI alerting of a risk should not override that ability but rather constitute a parameter to be taken into account with seriousness and due care in the final decision making of the public servants.

To this end, the CGR could consider, firstly, reinforcing knowledge and understanding of the concept of preventive and concomitant control, making a clear distinction from the concept of ex ante control. This could be achieved through the promotion of the new function to generate trust in public or private institutions that administer public resources. As such, to avoid confusion related to ex ante control, it is necessary to continue proactively communicating the particularities of preventive control and to make available a guide or jurisprudential line that outlines the practices associated with preventive control, including examples of which actions actually constitute ex ante control and may constitute co-administration and which actions are typical of preventive and concomitant control. This undertaking could contrast these practices with the current regulatory framework, aiming at further strengthening the control and surveillance of public resources and the transformation of the rules that regulate it (Torres Calderón and Montes Arrieta, 2020[21]).

Secondly, the CGR could promote a cultural change to allow the effective implementation of the new preventive and concomitant control. The legal reform is only the first step in a transformation process related to fiscal control. To achieve this transformation, it is necessary to work on promoting cultural change both within the Comptroller's Office (Chapter 2) and also within other state entities (Chapters 3 and 4). Promoting such change is an incremental process that requires efforts at different levels. Various aspects will be covered in the following chapters. However, it is worth emphasising here that in addition to communication efforts, discussions should be held within the CGR and with its Departmental Management Offices (Gerencias Departamentales Colegiadas) with regard to the different roles fulfilled by the CGR, including on preventive and concomitant control.

Thirdly, opening of a dialogue at the state level in Colombia could be considered to analyse the possibility to enable the CGR to provide constructive recommendations to public administrations on how to address and mitigate the risks or problems identified in audits or during preventive control. At the moment, ruling C-103 of 2015 of the Constitutional Court establishes the prohibition of issuing recommendations for ex post control, considering them as co-administration. However, according to the international practice of SAIs and ISSAI 100, formulating constructive recommendations to take corrective actions is part of the Fundamental Principles of Public Sector Auditing (INTOSAI, 2019[22]). Making recommendations is not co-administration as long as the auditor is careful not to assume management responsibilities, particularly in relation to defining public policy objectives, for example. Aiming at increasing the value and benefit of SAIs, the International Organization of Supreme Audit Institutions (INTOSAI), in guideline P-12 of its third principle, seeks to:

• “identify themes, common outcomes, links, root causes and audit recommendations; and discuss them with key stakeholders”;

• “without compromising its independence, provide advice on how the results and opinions of its audits should be used, so that they have a greater impact; for example, through the provision of advice on good practice”;

• “report as appropriate on subsequent action to be taken following their recommendations” (INTOSAI, 2019[23]).

Thus, such recommendations could be of great use to the operators of fiscal control and to the public administration and could help promoting a more positive and constructive relationship between the CGR and the administration. This function operates on a recurring basis in other countries, where SAIs provide feedback and recommendations to the public administration based on their audit findings and thus contribute to improving public management by offering possible avenues for corrective actions and risk mitigation. EUROSAI recently published a report on good practice in following up on audit recommendations which could inspire and inform changes in Colombia (EUROSAI, 2021[24]).

Finally, it is crucial to assertively measure the achievements and results of the preventive and concomitant control of the CGR. In particular, the detection and opening of cases should not be the main indicator for its effectiveness. While it is important to show short-term results that reflect the number of public resources recovered, it is recommended to move towards the use of indicators that measure impacts and results related to effective service delivery and structural changes in the public administration. Such changes can not only help mitigate future risks, but can also provide an estimation of public resources saved thanks to preventive and concomitant control and/or the negative consequences that could arise without its existence. For example, through the analysis of the risks detected, SAIs can develop and communicate “macro control reports” in which, in an aggregate and systematic way, they can warn about the need for changes in public management processes, which include reviews of the processes aimed at improving the performance of public entities. In other words, showing the advantages of taking risks into account in a timelier manner also helps to prevent them from materialising.

Indeed, the evolution of the role of SAIs in promoting good governance has led to a diversification of their strategic objectives, their audits and their advisory role to include the delivery of evidence-based information and insight into public policy decision making, as a complement to traditional supervisory activities (OECD, 2016[9]). Performance audits or data-driven dashboards that track or predict economic changes are just a few examples of these activities.

Thus, the impact of a SAIs in terms of relevant results could be measured, for example, in terms of:

• Estimates of savings made due to the measures implemented.

• Increases in revenue.

• Reductions in costs.

• Increased satisfaction with the provision of public services provided by the public administration.

• The provision of legal security by guaranteeing compliance with legal frameworks.

• Improvements in the achievement of other policy objectives, e.g. related to the SDGs (environmental quality, education, health, gender equality, fight against corruption and integrity, etc.).

One of the most important characteristics of preventive and concomitant control is the way in which it is implemented in theory and in practice. Legislative Act 4 of 2019, Art. 267 refers to its implementation only "in the form of a warning to the financial manager". As such, Decree 403 of 2020 develops the provisions of articles 267 and 268 of the Political Constitution for the strengthening of fiscal control. Article 67 of said Decree also states that the conducting of preventive and concomitant control shall be manifested through the issuance of "warnings" by the Comptroller General of the Republic. This warning relates to the event or risk identified and is based on monitoring exercises and the permanent monitoring of public resources. Whenever the event or risk may impact more than one entity or object of control, a “general warning” may be issued.

In turn, through Art. 56 of Resolution 762 of 2020, the general conditions of “the permanent monitoring of public resources” and the conditions for the implementation of preventive and concomitant control were developed. In this document, the scope of preventive and concomitant control was expanded, rendering the process of permanent monitoring of public resources as an early alert and as a prior step to the “warnings”. This activity consists of identifying (with the support of the Internal Control Units (Unidades de Control Interno, UCI) of the public administration and social control, among others) early alerts as information for control exercises. The following sections describe these two concepts of "warnings" and "alerts" and analyse them in more detail.

The concept of “warning” is not new to the CGR. On the contrary, it is set forth in the reform of Law Decree 267 of 2000 (Art. 5) establishing the function of warnings for operations or processes being implemented to prevent serious risks that could compromise public assets and exercise ex post control over the events identified. On several occasions, particularly during the 2013-2015 period, the CGR had used tools with similar functionalities to those of preventive and concomitant control. In particular, reports were prepared that highlighted the enormous fiscal risks to public assets of some government operations. Warning mechanisms were used in these reports, such as the one carried out in the case of the sale of Telecom to Telmex and of the Ministry of Mining regarding the exploitation of gas in La Guajira (CGR, 2012-2014[25]).

Said provision was in force for more than 15 years until the Constitutional Court declared it at odds with the limits established for fiscal control in 2015, given that the figure was the subject of arduous debates about its role, in particular co-administration and its aforementioned overuse. According to the Constitutional Court, the warning constituted a modality of ex ante control and, in the words of the Court, contained the “capacity to influence the decisions and the course of the processes and operations of the administrative authorities subject to surveillance, insofar as the course of actions can be transformed” (Corte Constitucional, 2015[26]). This could be understood as favourable as it can prevent any detriment to public assets, but it could, in turn, affect the independence of ex post audits to be carried out because these could be flawed due the previous intervention made. Thus, the CGR's warning mechanism was incorporated into the internal control system, which was called upon to generate the appropriate mechanisms to ensure fiscal management to be efficient, equitable and effective or that it takes into account the assessment of environmental costs (González Zapata and Mosquera Perea, 2019[17]).

For this reason, the 2019 reform brings back the mechanism, adding the checks and balances mentioned in the previous section, including conceptual clarity related to its exceptional nature and the explicit prohibition of co-administration. Thus a “warning”, as established in article 68 of the aforementioned Decree and Resolution 762 of 2020, Art. 32, is a non-binding statement by which the Comptroller General of the Republic warns a financial manager about the detection of an imminent risk of loss of public resources and/or a negative impact on public assets or interests, so that the financial manager can autonomously evaluate the adoption of measures deemed appropriate to exercise control over the events and prevent damages from materialising or spreading.

As such, Art. 69 of Decree 403 of 2020 establishes the methodology and a criterion of necessity according to the analysis of the following specific matters to which is pertains: a) social significance; b) high environmental impact; and c) high economic connotation.

In turn, the applicable phases Art.34 of Resolution 762 of 2020 are as follows:

• Planning phase, determining the follow-up activities to be carried out, the implementation milestones thereof, the objectives, expected results, success criteria and the risks of the process in question.

• Implementation phase, the application of procedures to obtain pertinent information, analysis thereof and determining the foreseeable results and the effectiveness of the controls with regard to risks identified or unforeseen adverse situations.

• Internal reporting phase, where the selected management milestones, risks identified, working documents and media, as well as conclusions and recommendations are presented to the legal office in order to be submitted for consideration by the Comptroller General.

This Resolution specifies the step-by-step process for generating warnings (Figure 1.4) and stipulates that, based on the aforementioned internal report to the Legal Office, the warning issued shall include the legal basis, a succinct exposition of the facts and the identification of the imminent risk of loss of public resources and/or negative impacts on public assets or interests.

The vast majority of stakeholders interviewed for this study related preventive and concomitant control to the “early alerts” issued by the CGR over the last year. Art. 4 of Resolution 762 of 2020 states that the Directorate of Information, Analysis and Immediate Reaction (Direccion de Información, Analisis y Reacción Inmediata, DIARI) and the General and Sectorial Delegated Comptrollers' Offices (Contralores Delegados Generales y Sectoriales) will be able to generate and send early alerts to the corresponding dependencies of the CGR, territorial comptrollers, other competent public authorities and citizens for the purpose of promoting social control interventions.

Early alerts are understood as a “brief and succinct reports of the preliminary detection of any possible risks of affectation or loss of public resources, which serve as an input to the exercise of fiscal control and do not constitute warnings to the fiscal manager”. In this sense, the alert can come from social participatory forums, from exchanges with internal control or from other sources, such as the data analytics work carried out by the DIARI. Early alerts are established on the basis of the collection and analysis of information on financial management in all its stages and cycles, as well as the development or execution of the processes or decision making of control subjects, without intervening therein or causing interference. This allows to obtain useful information to monitor and analyse the risks and controls associated with the planning, use, execution, contracting and impact of public goods, funds or resources and to carry out the preventive and concomitant or ex post fiscal control.

According to the interviews conducted for this study, the “early alerts” target various stakeholders. First, they are redirected for the purposes of social control to working groups with entities and citizens. Second, they are sent to other control entities (territorial comptrollers, prosecutor's office, attorney's office, superintendencies) for the purpose of investigating the facts presented and finally they are shared with other dependencies of the CGR for the purpose of contributing to other fiscal management exercises with the same alerted entity (audits, improvement plans).

Even though, from the executive branch, different tools with similar objectives have existed throughout history in Colombia, none had allowed for an institutionalisation of this permanent monitoring. An example of this are the Visible Audits (Auditorías Visibles) and Democracy Watch (Vigías de la Democracia) programmes in departments and municipalities and the "White Elephants" application developed by the National Government's Transparency Secretariat.

• The Visible Audits and Democracy Watch programmes, in which citizens actively participated, were designed by the National Government to control the use of resources in the departments and municipalities that receive royalties derived from crude oil. These tools sought to ensure that public infrastructure projects were executed in accordance with the provisions of the contract for each project and to avoid irregularities in their execution and construction processes (DNP, 2021[28]).

• In 2014, the National Government's Transparency Secretariat launched the application for the identification and georeferencing of “white elephants.” In this case, it sought to identify and monitor public works whose construction was halted or abandoned. With the application, users could take photographs of unfinished public works and enter information about the entities responsible for them, which could be completed by different people. This was followed by a kind of "alert" from the Transparency Secretariat to the contracting entity about the inappropriate use of resources and the possibility of generating a plan for their correction.

However, these tools have been disappearing, leaving an institutional vacuum in relation to the generation of alerts on the mismanagement of public resources in real time. As a result, the preventive and concomitant control of the CGR represents an opportunity not only to institutionalise a set of good practices and initiatives already developing albeit haphazardly, but to add high-quality technical and technological elements, making use of specialised human resources and multidisciplinary teams that use technology intensively (photogrammetry, drones and georeferencing, among others) to obtain appropriate and sufficient evidence for appropriate interventions.

As mentioned above, the new powers of the CGR seek more preventive action as it relates to the sources and uses of public resources, intervening long before the damage to public assets has materialised and is irreversible (DNP, 2021[29]). However, adjustments to the practical use of this new control are necessary to ensure its success.

First and as evidenced throughout the interviews conducted for this study, there is confusion among public officials, both from the CGR and from State entities, regarding the "alert" and "warning" mechanisms and its relationship with preventive and concomitant control. In particular, it became clear that the majority of those interviewed, at the national and territorial level, had seen and were aware of preventive control solely and exclusively through the use of alerts; an example of this were the interviews at the territorial level where there was no knowledge of the role of warnings in preventive and concomitant control or even the role of DIARI in generating alerts.

Part of this confusion may be due to the regulatory dispersion related to preventive and concomitant control, which contains regulatory provisions in various sources (Legislative Act, Decree, Resolution and Executive Regulatory Resolution). As such, the fact that the main regulatory bodies of preventive and concomitant control do not refer to “alerts” (Legislative Act 4 of 2019 or Decree 403 of 2020) may contribute to the misperception. An example of this was the misunderstanding that the public administration identified in the remit of the Sectorial Delegate Comptrollers to issue alerts, since giving its confusion with the warnings, would be of absolute competence of the Comptroller General. However the two occur at different times and fulfil different functionalities. This is why explaining and teaching about the particularities of each one will contribute to changing the perception of third parties with regard thereto, in particular to recognise that the mechanism has the potential to go beyond a follow-up of unfinished works or "white elephants".

Second, the interviews revealed problems within procedural aspects. In particular, there is an internal and external misunderstanding regarding the processes and procedures applicable to each functionality. To better understand the operation of preventive and concomitant control, it is necessary to refer to Decree 403 of 2020 (Art. 58) and Resolution 762 of 2020, which establish procedures for the generation of “alerts” and “warnings”. In the fiscal surveillance macro process VIG 01 PR 001 there is a clear differentiation between the criteria and processes for alerts and warnings, helping to clarify the indiscriminate references to "concomitant and preventive control" or to the "permanent monitoring of public resources" within the legislation. However, in the interviews conducted for this study, most of the relevant stakeholders were unaware of this macro process and even the particularities of the legislation. For this reason, reinforcements are required through training activities to provide clarity on the entire chain of actors involved in preventive control within the CGR, including aspects related to its practical implementation. An example of this problem was the aforementioned general lack of clarity about which stage determines when an alert can become a warning or even the role of such relevant actors as the DIARI, which the vast majority of actors in the territory were unaware had a role in preventive and concomitant control. As such, experts consulted for this study highlighted a fundamental issue related to the lack of criteria in the evaluation when converting "alert" reports to "warning" reports, signed by the Comptroller.

Third, in procedural terms, an additional issue merits attention and is related to the final decision-making role, which falls solely and exclusively to the Comptroller General. Several interviews conducted for this study highlighted the need to find a mechanism that prevents the final decision from falling exclusively to one person, avoiding the risk of possible abuses of the mechanism in the future, as well as the risk incurred by whoever holds the position of Comptroller General. This internal deliberation process on the use of the warnings could benefit from the use of a sort of technical committee to support the final decision of the Comptroller General or the publication of minutes on the meetings that led to the final decision. In this vein, objective criteria could perhaps be established or the rationale be more documented regarding the application of a warning. As explained before, these measures could protect decision makers, protect the mechanism from being used with political motives in the future and afford additional legitimacy towards external actors.

Finally, even though these two functions have great potential, there is still no clarity on how alerts or warnings could serve to provide feedback and leveraging processes in public administration, like, for example, in Spain where there is a model that allows the identification of risk factors through automated reviews carried out in conjunction with the public administration (Box 1.3). Unfortunately, in Colombia the limits and formalities of both figures have contributed little to interrelations with the public administration, which according to interviews conducted by the OECD, continue to see this tool as a form of control, rather than a way of identifying and correcting risks in a preventive manner.

Thus, preventive and concomitant control, by way of the “alerts” generated through the DIARI and Sectorial Delegate Comptrollers, in its link to internal control, could be more focused on supporting risk management within the public administration and even allow entities to reschedule their audit plans based on these risks. An example of this was evidenced in the interviews conducted for this study, where Medellin’s Mayor's Office deemed the given alert very useful for the reprogramming of its Annual Audit Plan. Another example of the potential of the mechanism is the predictive pre-contractual and contractual risk model for monitoring State contracting that is conducted via the classification of contracts based on key concepts, integration of sources, data preparation, calculation of risk levels and visualisations (Contraloría General de la República de Colombia, 2021[14]). This predictive model would have the potential to leverage improvements in the management of public administration.

In this regard, the CGR could consider the following recommendations:

• Disseminate and train on the existing legal framework, including the internal regulations of the CGR related to the processes and procedures associated with alerts and warnings, emphasising the differences and functionalities of each one. The CGR could even consider the unification of normative instruments (Decrees, Resolutions and Executive Regulatory Resolutions) into a single regulatory framework and the unification of terms and concepts (e.g. the difference between early warnings issued by the CGR and early warnings issued by internal control) that help clarify the role and functionalities of the different stages of the process.

• Generate an audit guide or an illustrative booklet aimed at entities, Departmental Management Offices and dependencies of the CGR where the operation of the two mechanisms and the actors that intervene in each one are explained, through examples and case studies. This would be a great opportunity to highlight the difference between the warning and alert processes and the differentiated objectives with ex post control. This guide will also make it possible to highlight the role of the DIARI in the process and help to generate appropriate channels of communication between the different areas of the CGR. The guide or booklet could also serve to make more strategic use of preventive control, concentrating on the task of identifying risks and not only serving as an instrument for detecting problems in a timelier manner. In this way, it could be used to leverage the processes of identification, management and feedback, for the risks identified in the public administration and thereof contribute to the planning and execution stages of internal audits or even, through an analysis of historical information, identify recurring problems in the planning and execution of public resources.

• Consider establishing checks and balances in the decision‑making process with regards to the warning function. In particular, analyse the possibility of including supporting documents or a synthesis of the decision-making process in the publication of the warning, as well as a forum for internal deliberation within the CGR that supports the final decision issued by the Comptroller General.

[20] Avellaneda y Asociados (2019), Entrevista: Colombia necesita un Código de control y responsabilidad fiscal, Ambito Juridico, https://avellanedaayasociados.com/colombia-necesita-un-codigo-de-control-y-responsabilidad-fiscal (accessed on 10 September 2021).

[27] CGR (2020), Resolucion 762/2020.

[10] CGR (2018), Historia y Contralores - Contraloría General de la República, https://www.contraloria.gov.co/contraloria/la-entidad/historia-y-contralores (accessed on 6 September 2021).

[25] CGR (2012-2014), Funciones de Advertencia - Política de tratamiento de datos personales - Contraloría General de la República, https://www.contraloria.gov.co/politica-de-tratamiento-de-datos-personales/ (accessed on 27 October 2021).

[14] Contraloría General de la República de Colombia (2021), Una Contraloría para Todos: informe de Gestión 2020-2021.

[15] Corte Constitucional (2020), C-140-20 Corte Constitucional de Colombia, https://www.corteconstitucional.gov.co/relatoria/2020/C-140-20.htm (accessed on 19 July 2021).

[26] Corte Constitucional (2015), C-103-15 Corte Constitucional de Colombia, https://www.corteconstitucional.gov.co/RELATORIA/2015/C-103-15.htm (accessed on 5 November 2021).

[28] DNP (2021), Auditores Ciudadanos, https://auditoresciudadanos.dnp.gov.co.

[29] DNP (2021), CONPES 4045, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/4045.pdf (accessed on 8 September 2021).

[24] EUROSAI (2021), Follow-up of the implementation of audit recommendations: Best practices guide, issued by the project group, European Organisation of Supreme Audit Institutions (EUROSAI).

[16] Gomez Lee, I. (2020), El control fiscal concomitante y de advertencia | Ámbito Jurídico, Ambito Juridico, https://www.ambitojuridico.com/noticias/analisis/administrativo-y-contratacion/el-control-fiscal-concomitante-y-de-advertencia (accessed on 19 July 2021).

[17] González Zapata, A. and L. Mosquera Perea (2019), “Del control previo y perceptivo al posterior y preventivo: estudio de la trayectoria en el control fiscal en Colombia (1991-2019)”.

[30] Government of Spain (2018), Official Gazette (Boletín Oficial del Estado),, https://www.boe.es/eli/es/o/2018/04/09/hfp371.

[23] INTOSAI (2019), INTOSAI-P 12 The Value and Benefits of Supreme Audit Institutions: Making a difference to the lives of citizens, AuditInternational Organisation of Supreme Audit Institutions (INTOSAI).

[22] INTOSAI (2019), ISSAI 100 Fundamental Principles of Public-Sector Auditing, International Organisation of Supreme Audit Institutions (INTOSAI), https://www.issai.org/pronouncements/issai-100-fundamental-principles-of-public-sector-auditing/ (accessed on 17 May 2021).

[3] Murtin, F. et al. (2018), “Trust and its determinants: Evidence from the Trustlab experiment”, OECD Statistics Working Papers, No. 2, https://doi.org/10.1787/869ef2ec-en.

[7] Observatorio de la Democracia (n.d.), De qué va la polarización en Colombia, 2019, https://obsdemocracia.org/2019/05/21/de-que-va-la-polarizacion-en-colombia/ (accessed on 6 September 2021).

[1] OECD (2021), Government at a Glance 2021, OECD Publishing, Paris, http://dx.doi.org/10.1787/1c258f55-en.

[5] OECD (2019), La Integridad Pública en América Latina y el Caribe 2018-2019: De Gobiernos reactivos a Estados proactivos, OECD, Paris, https://www.oecd.org/gov/integridad/integridad-publica-en-america-latina-caribe-2018-2019.htm.

[4] OECD (2018), Integrity for Good Governance in Latin America and the Caribbean: From Commitments to Action, OECD Publishing, Paris, https://dx.doi.org/10.1787/9789264201866-en.

[2] OECD (2017), Trust and Public Policy: How Better Governance Can Help Rebuild Public Trust, OECD Public Governance Reviews, OECD Publishing, Paris, https://dx.doi.org/10.1787/9789264268920-en.

[9] OECD (2016), Supreme Audit Institutions and Good Governance: Oversight, Insight and Foresight, OECD Public Governance Reviews, OECD Publishing, Paris, https://dx.doi.org/10.1787/9789264263871-en.

[18] PGN (2012), “Modelo de Gestión de la Función Preventiva de la Procuraduría General de la Nación”.

[11] Shack Yalta, N. (2019), Modelo de Control Concurrente como eje central de un enfoque preventivo, célere y oportuno del Control Gubernamental en el Perú, Contraloría General de la República del Perú, Lima.

[12] Shack, N., L. Portugal and R. Quispe (2021), “El Control Concurrente: Estimando cuantitativamente sus beneecios NELSON SHACK LUIS PORTUGAL RICHAR QUISPE”, Documento de Política en Control Gubernamental, Contraloría General de la República del Perú, Lima, https://doc.contraloria.gob.pe/estudios-especiales/documento_trabajo/2021/Paper_Control_Concurrente_2021_9JUL2021.pdf (accessed on 10 September 2021).

[13] TCU (2018), Manual Acompanhamento TCU, https://portal.tcu.gov.br/data/files/BC/B4/76/F4/A4A1F6107AD96FE6F18818A8/Manual_acompanhamento.pdf.

[21] Torres Calderón, J. and M. Montes Arrieta (2020), Normas constitucionales y legales del control fiscal en el marco de la evaluación integral de las contralorías territoriales, http://dx.doi.org/10.15332/dt.inv.2020.01098.

[8] Transparencia por Colombia (2020), La denuncia de la corrupción y la protección al denunciante en Colombia, http://www.transparenciacolombia.org.co (accessed on 6 September 2021).

[6] Transparency International (2019), Global Corruption Barometer - Latin America, https://www.transparency.org/en/gcb/latin-america/latin-america-and-the-caribbean-x-edition-2019 (accessed on 6 September 2021).

[19] Uprimny Yepes, R. and L. Sánchez Duque (2012), “Constitución de 1991, justicia constitucional y cambio democrático: un balance dos décadas después”, http://journals.openedition.org/cal 71, pp. 33-53, http://dx.doi.org/10.4000/CAL.2663.