Chapter 1

Expand and train the existing normative body, including the internal regulations of the CGR related to the processes and procedures associated with alerts and warnings, emphasising the differences and functionalities of each one.

Consider the unification of normative instruments (Decrees, Resolutions and Executive Regulatory Resolutions) into a single normative body and the unification of terms and concepts (e.g. the difference between early warnings issued by the CGR and early warnings issued by internal control) that help to clarify the role and functionalities of the different stages of the process.

Generate an audit guide or an illustrative booklet aimed at entities, Departmental management and dependencies of the CGR where the operation of the two mechanisms and the actors that intervene in each one is explained, through examples and case studies, including examples of which actions may constitute co-administration and which are specific to preventive and concomitant control.

Consider opening a dialogue at the State level in view of incorporating the possibility for the CGR to generate constructive recommendations to public administrations on how to address and mitigate the risks or problems identified in audits or during preventive control.

Assertively measure the achievements and results of the preventive and concomitant control of the Comptroller's Office, incorporating the use of indicators that measure impacts with respect to structural changes in public administration.

Consider establishing checks and balances in decision making regarding the warning mechanism. In particular, analyse the possibility of including with the publication of the warning supporting documents or a synthesis of the decision-making process, as well as a space for internal deliberation within the CGR that supports the final decision issued by the Comptroller General.

Chapter 2

Consider measuring the progress of the quality of data received and incorporating said component into the methodology of the Data Governance Model currently being designed.

Promote, via the technical talks with the public administration and based on the technologies used by DIARI, the standardisation of a database model that allows the interoperability of high volumes of information, in such a way as to facilitate its automation.

Continue joint work with the Office of the Attorney General of the Nation to achieve greater diligence on the part of the agencies that regulate public spending in the management and loading of fiscal management information.

Promote, through the current interaction spaces (work tables and feedback reports), the automation by the entities of all their processes, in order to be able to have structured and better quality information.

Work on the cleaning of data and feedback with other actors, including at the territorial level, private administrators and parafiscal funds.

Communicate not only internally, but externally, the role of the "Data and Information Governance Committee" in such a way that it helps in the unification of the same technological standard in all Comptrollers, to facilitate the interaction of internal data.

Based on the model of the CGR's Data Governance Committee, ensure that the public administration determines the design and implementation of an intersectorial committee (governing body) for the management and quality of data for all entities.

Develop a unified view for data and analytics, including one that reflects audit and governance trends related to big data. This policy vision can be included and aligned with the next National Development Plan, providing broader goals for digital transformation.

Establish indicators and a theory of change regarding data and analysis, focusing on results and not simply output (for example, indicators that reflect prevention, mitigation or recovery of loss).

Develop an action plan to ensure the relevance of analytical initiatives and the reliability of results, particularly for new methodologies and systems under development.

Use the data governance framework to help establish key areas to focus on and identify priorities.

Incorporate tools aimed at preventive work, including the identification of risks in public administration, as well as the adequate communication thereof to financial managers. This work can in turn leverage the use of prospective models and incorporate information available within the different areas of the CGR (such as that produced, for example, by performance audits and sectorial studies).

Promote learning, inclusion and experimentation by using data and new techniques, including developing a baseline to measure the impact of the CGR in relation to the new data analytics strategies and with regard to the results and advantages thereof.

Raise awareness among CGR officials about data analytics and how it contributes to risk analysis in order to develop technical capacities and promote staff specialisation.

Generate internal co-ordination through meetings between the DIARI and the General, Sectorial and Territorial Delegate Comptrollers' Offices in order to identify and make use of the internal information from the Comptroller's Office, including audit reports from previous years.

Co-ordinate with the territorial level in such a way that they receive the same information shared with other dependencies of the CGR, in particular through the generation of links and the strengthening of capacities in the Departmental Management Offices.

Take advantage of the new preventive and concomitant control to strengthen sectorial studies and performance audits.

Encourage a behavioural and cultural change, leveraged on the current institutional framework of the CGR, which helps to understand and internalise the preventive function in the CGR in public administration and citizenship.

Include case study guides from previous exercises, as well as some international practices in the matter, in the permanent monitoring procedure public resources for the exercise of concomitant and preventive fiscal control (Process VIG 01 PR 001).

Analyse the possibility of having an internal, non-binding committee where some of the most relevant cases, risks identified and best ways to approximate the different situations would be discussed. In particular, this committee could count on input not only from the areas directly involved, but also from other relevant actors where applicable.

Continue with the feedback exercises of the DIARI to General, Sectorial and Territorial Delegate Comptrollers related to the usefulness, relevance and usage of the information they produce.

The DIARI could have closer communication with different areas of the CGR, including the Departmental Management Offices, via the sending of analysis reports they produce, as well as by providing training to them on the use and interpretation of the information produced.

Analyse the possibility of creating a specialised unit to allow the intersectorial analysis of the information collected by the Sectorial Delegate Comptrollers for the purposes of preventive and concomitant control.

Consider establishing concomitant and preventive control working groups as provided in Art. 38 of Resolution 762 of 2020 and in accordance with the needs of the CGR and the Sectorial Comptrollers' Offices.

Give the role of performing audits to the DES, as part of the process of evaluating public policies, which today is conducted by the DES themselves, ensuring co-ordination with the fiscal surveillance areas as appropriate..

Advance in updating the new Performance Audit Guide which incorporates the criteria and standards of ISSAIS 300 (3000, 3910, 3920) and Law Decree 403 of 2020.

Re-establish and restore the profiles required in the DES, in particular to provide the missing information related to performance audits.

Consolidate a team of mentors to carry out training programmes in performance audits, ensuring that those who receive the training have the appropriate profile for said functions.

Develop a strategy for citizen participation and that in turn contributes to the ODSs through mechanisms of dialogue, participation and accountability with citizens, which reflect a citizen vision for control and provide sustainability to audited public policies.

Continue training the General, Sectorial and Territorial Delegate Comptrollers Offices on the scope of preventive and concomitant control, as well as the use of the information produced by the DIARI. This could even be extended to risk analysis and public administration management, examining the capacity of the public administration to achieve the expected results.

Make use of the Centre for Fiscal Studies (CEF), which is in charge of high-quality training in matters of surveillance and control for the management of public resources, in to carry out internal training processes conducive to generating periodic programmes of the tasks of preventive control, including in the identification and management of corruption risks.

Consider implementing measures aimed at day-to-day learning via superiors and peers, identifying and raising awareness among internal leaders who can become vectors of change.

Establish the internal performance objectives of preventive control, which at the moment do not have a methodology to be measured.

Strengthen the preventive control groups within the Sectorial Delegate Comptrollers Offices. In particular, establish management of preventive control at the second level of the Delegate. This will mean that even when the auditor may act in both directions, the preventive function is clearly differentiated both internally and externally.

Chapter 3

Clarify the role of the UCIs in relation to identifying early warnings for preventive and concomitant control, taking into consideration the limits of their role and functions, in particular, the contributions in the identification of specific acts of corruption.

Incorporate the information produced by "alerts" or "warnings" as additional elements for planning internal audits, in particular through feedback to the UCI.

Create adequate communication channels with the UCI in order to fine-tune co-operation mechanisms, so that requests for information from the UCIs are streamlined and requests for the same documents by multiple units of the CGR are avoided

Generate citizen empowerment processes and establish their role in preventive and concomitant control more clearly.

Make certain actions taken to generate alerts, processes and organisation charts associated with preventive control more visible.

Promote collaboration agreements between social organisations, including universities and the CGR to collaborate in citizen technology initiatives or rely on external control activities and empower citizens as partners in the promotion of open data.

Share the risks identified with public entities and agencies to serve as examples for reviewing risk maps, updating them and strengthening controls; as a source of knowledge and preventive mechanism for entities

Conduct feedback processes to UCIs on the quality of the information collected and produced by them.

The Office of the Auditor General of the Republic may be invited to take part in the actions to strengthen the two controls and, in particular, make use of the information it produces through the "red flag" system.

Continue with the creation of the SACI, as a source of support for the exchange of information between the UCIs and the CGR.

Strengthen the Internal Control Units in their entirety, assigning the necessary resources and support for the fulfilment of their functions, including on the territorial level

Chapter 4

Ensure the co-ordination and continuity of preventive control in Colombia through a public policy of fiscal management.

Include a long-term vision on fiscal control in Colombia in the next National Development Plan, including aspects related to preventive and concomitant control, as well as tools to strengthen the institutional image of the CGR among citizens.

Promote exercises of institutional continuity that promote the reduction of auditor rotation and promote specialisation among them, including in General, Sectorial and Territorial Delegate Comptrollers and senior managers.

Consider the possibility of extending the management period of the Comptroller General of the Republic to avoid administrative and personnel changes every 4 years.

Empower the Departmental Management Offices in all fiscal control cycles, with special emphasis on the role they play in preventive and concomitant control

Consider a public policy that even goes beyond the 4 years of the PND and guides the actions of the entire sector. In particular, this policy could be designed as a Ten-Year Plan for Fiscal Management,

Consider making the internal structure associated with preventive and concomitant control more visible, as well as visualising its more technical aspects.

Put the General Public Warning System (SIGAP) into operation.

Make use of the National and Regional Moralisation Commissions as spaces for co-ordination with the public administration with regard to fiscal management in Colombia.

Make use of the spaces provided by the CRM not only to make the advantages of preventive and concomitant control visible but also to use them as a source of feedback to the executive branch on patterns detected or alerts identified on the territorial level.