Managing Public Procurement Risks in Greece

Given the volume that public procurement represents (12% of GDP in 2021), its strategic relevance, and the high risks associated with it, it is essential to create a culture of risk management and reinforcing the capacity of the procurement workforce within each public entity.

The general risk management framework and policy insists on the fact that the implementation of a risk management system within an entity requires the development of a corresponding risk management culture defines as ‘’the values, beliefs, knowledge, attitudes and understanding about risk shared by a group of people with a common purpose.’’ (The National Transparency Authority, 2024[1]). The development of a risk management culture is even more relevant when targeting high risk areas such as public procurement where huge amount of public money and the delivery of public services are at stake.

To create a risk management culture and to reinforce the capacity of the public procurement workforce several and different types of tools can be used, including those aiming at having a capable and trained public procurement workforce. Indeed, public procurement risk management activities follow a specific methodology that requires technical knowledge in both risk management and public procurement (OECD, 2023[2]).

• Trainings: Trainings focusing on risk management in public procurement should be developed and organized for stakeholders involved in public procurement or risk management.

EKDDA is the national capacity and training body in charge of offering training support, including on public procurement and on risk management. However, there are currently no training opportunities combining both topics and specifically tailored to managing risks in public procurement.

In February 2024, the NTA delivered a training programme with EKDDA focusing on risk management. This training was addressed to the personnel within the risk management units from ministries and other public entities, in charge of applying the risk management framework. Although not focusing on public procurement, the content of the training touched upon this topic. The training explained how the risk management process works in practice. Guidance was also provided for preparing reports on risk management and drafting the annual report by risk management bodies. The content of the training could be adapted to public procurement.

Furthermore, the GSC is involved in the development, implementation and monitoring of one project of the Recovery and Resilience Plan, namely the professionalisation of the public procurement domain of Greece in collaboration with all the relevant Ministries (Ministry of Development and Investment, Ministry of Infrastructure and Transport, Ministry of Digital Governance, Ministry of Health and Interior, as well as EKDDA and HSPPA). A working group, formed of the above-mentioned stakeholders, as well as the NTA, has already been formed to develop the appropriate architecture of the policy for the professionalisation, training and certification of the contracting authorities and contracting bodies personnel.

• Organizing awareness sessions on public procurement risk management for management staff: For the stakeholders who are not directly involved in public procurement but who are involved in the decision process, such as those at the senior management level, sessions to raise awareness of the strategic benefits of managing public procurement risks can contribute to the creation of a risk management culture in public procurement, and a better understanding of the impact that public procurement has on the entity, but also on the country’s economic and social development.

• Integrate in public procurement job descriptions risk management competencies: Greek authorities need to build on ongoing efforts to professionalise the procurement workforce as a key driver for efficiency and better procurement outcomes. These efforts should also address competency frameworks for the procurement workforce and should be reflected in the associated job descriptions.

• Develop supporting tools: Supporting tools constitutes a key pillar to strengthen the capacity-building systems of the public procurement workforce. There are useful to support public procurement officials to undertake their daily tasks effectively, and they complement training courses. The OECD suggests developing tools to promote the professionalisation of the procurement workforce. These tools include self-support tools (manuals, guidelines, and standardised templates), a one-stop shop procurement portal for the community of practice, or help desks.

  • Self-support tools:

    • This public procurement risk management framework is designed to help contracting authorities to implement a risk management system within their entity and should therefore be disseminated and promoted as a supporting tool.

    • Standardised templates: Standardised templates are ready-to-use forms that contracting authorities can use to help contracting authorities save time, avoid errors and the materialisation of some risks (such as the low participation of economic operators due to an excessive administrative burden).

  • Help desk: It is a contact point centre to assist contracting authorities and/or economic operators in clarifying their inquiries related to their daily tasks of public procurement could be set up. It is an efficient tool to provide quick and tailor-made information. A help desk can contribute to ensuring legal compliance and solving recurrent issues of daily procurement tasks, such as managing risks. In general, inquiries go through a call centre and/or a mailbox (OECD, 2023[3])

• Collaboration with knowledge centre on risk management: Finally, recently, an increasing number of countries have recognised the role that knowledge centres such as universities, think tanks or policy centres can play in promoting the professionalisation of the procurement workforce. Indeed, knowledge centres can be equipped with specialised expertise in public administration (including public procurement) and in risk management. The OECD Recommendation of the Council on Public Procurement recognises the importance of these interactions, calling upon countries to promote collaborative approaches with knowledge centres to improve skills and competences (OECD, 2023[3]). Knowledge centres could play a key role in the dissemination of a risk-based approach in public procurement.

According to the general risk management framework developed by the NTA, managers within each entity are responsible for overseeing the implementation of the framework which includes providing ongoing support, training and awareness-raising of their staff so that they understand the organization’s risk management policy and framework, their roles and responsibilities and the risks related to their area of responsibility (The National Transparency Authority, 2024[1])

This on-going support is essential within the context of public procurement and could translate into the development of supporting tools. While some tools are necessary to conduct risk management activities such as risk registries, others can support the management of the most recurrent risks in public procurement (mitigation measures).

A risk registry is a commonly used risk identification tool. It fulfils several functions, including developing and maintaining a shared understanding of risks between stakeholders, ensuring the tracking and assessment of risks, recording decisions of how risks will be treated, verifying that responsibilities for risks have been assigned to the most appropriate person within the entity/organization, and providing a holistic view of risks that can be evaluated against the entity’s overall risk appetite and risk management thresholds. Using a risk registry, each risk should be assigned to a single owner, clarifying accountability, while also identifying others associated with the risk and/or contributing to control measures (OECD, 2023[2]).To maintain the effectiveness of a risk registry, it should be updated on a set frequency and regularly reviewed with senior decision makers.

A risk registry is an essential tool when managing risks in public procurement as it enables to aggregate into a single document all the risks identified throughout the various phases of public procurement and throughout procurement procedures. In fact, in the context of public procurement, using a risk registry enables to:

• Have a shared and consolidated overview of the risk exposure of the different public procurement projects.

• Ensure that all risks are under control and that an assessment is available for each of them.

• Ensuring that the exposure to public procurement risks is aligned with the risk management policy defined by each public entity (risk appetite/ risk tolerance).

• Ensure the traceability of risks.

• Check that risk responsibilities are assigned to the people most competent to deal with them throughout the various phases of public procurement (OECD, 2020[4])

According to the general risk management policy and framework developed by NTA, at the level of the public entity, the risk registry shall record the information concerning the risk management of the entity. Through the risk registry, the entity is able to gather all the information on the potential risks to which it is exposed, analyse them and at the same time draw conclusions on the level of overall risk it faces at any given time (The National Transparency Authority, 2024[1]). The risk registry contains the following information:

• Risk identifier

• Risk category

• Risk description

• Potential source of risk

• Parties involved

• Inherent risk probability

• Inherent risk impact

• Level of inherent risk

• Existing control activities

• Type of control activities

• Probability of residual risk

• Impact of residual risk

• Level of residual risk

• Residual risk acceptable or not

• Short-term mitigation measures (additional control activities)

• Long term mitigation measures (additional control activities)

• Responsible for approving the mitigation measures

• Justification for amendment

• Responsible for implementing measures

• Type of additional control activities

• Implementation deadline

• Monitoring risk officer

• Risk status

For a meaningful management of public procurement risks, it is strongly recommended for contracting authorities to use the risk registry template developed by the NTA and to add one column ‘’Risk area’’ in order to specify the relevant risk area (or areas). This would enable entities to identify all risks specific to public procurement. The exact steps on how to fill this registry are described in each section of Chapter 3.

Furthermore, updating the risk registry is an ongoing process, which must be explicitly defined by the entity and includes updating existing risks, adding new ones, and reviewing the entire registry. The risk management body is responsible for the maintenance, continuous monitoring and updating of the risk registry for the organization for providing guidance to the other departments. To assist the entities, a Risk Registry Template, and instructions on how to maintain and update it are established by a joint decision of the Ministers of Interior and Digital Governance and the Governor of the National Transparency Authority (The National Transparency Authority, 2024[1]).

The OECD developed a Risk Registry to be used as a reference and as a source of inspiration by those involved in the identification and management of public procurement risks. This risk registry which is provided in Annex A:

• covers the whole public procurement cycle (needs analysis, market engagement, market analysis, procurement planning, preparation of tender documents, preparation of technical specifications, publication of calls for tender, preparation and submission of bids, clarification of tender documents, tender opening, evaluation of tender, issuance and signing of contract, monitoring contract performance, modification of contract, ordering, payment).

• is tailored to the Greek context

• is aligned with the general risk management framework and policy.

• includes information regarding the risks identified by Greek entities and the OECD

• classifies the risk, mentions its root cause, and suggests examples of potential mitigation measures, focusing on integrity risks.

In terms of methodology, a questionnaire was sent to a wide range of relevant stakeholders, including the NTA, HSPPA, GSC, other contracting authorities, audit and control bodies including the Court of Audit, civil society organizations, and businesses in November 20231. This questionnaire included a dedicated section to identify relevant risks related to different activities and phases of the procurement cycle. The questionnaire also requested entities based on their different experiences to identify the risk category and to suggest potential mitigation measures. The OECD cleaned the responses received between January and April 2024 (review and rewording of risks to ensure consistency and harmonization, review of the category of risks to align with the different categories of risks with those mentioned in the general risk management framework and policy). The registry was also enriched by findings from OECD reports and reports from the Hellenic Court of Audits and added additional input based on its experience and knowledge of the Greek public procurement system in particular in relation to the MAPS assessment concluded in 2022 (OECD, 2022[5]).

A consultation was organised on XXX 2024 to present the draft risk management framework applied to public procurement and the draft risk registry where participants were invited to provide input to the draft registry. This registry is made available in Annex A of this document.

Furthermore, it is recommended that this public procurement risk registry be updated regularly in consultation with a wide range of stakeholders (refer to 1.3).

Certain risks in public procurement were often identified by the different public procurement stakeholders and these risks have often similar root causes. Similar findings were mentioned in the MAPS assessment conducted between 2018- 2022 (OECD, 2022[5]). To mitigate the occurrence of such risks, it's crucial to equip stakeholders with adequate tools for implementing preventive measures. Since many risks originate in the initial stages of the procurement process, especially during the planning and the needs and market analysis, it could be relevant to develop tools that support procurement practitioners during these stages. This ensures that the procurement stakeholders have the capacity to anticipate and address risks early on, thereby preventing potential issues from arising later in the procurement process such as poor competition, the use of non-competitive procedures, contract amendments, etc.

These tools can take different forms and should be tailored and adapted to the needs of the stakeholders involved in the procurement process (checklists, templates, etc.).

[2] OECD (2023), “Managing risks in the public procurement of goods, services and infrastructure”, OECD Public Governance Policy Papers, No. 33, OECD Publishing, Paris, https://doi.org/10.1787/45667d2f-en.

[3] OECD (2023), “Professionalising the public procurement workforce: A review of current initiatives and challenges”, OECD Public Governance Policy Papers, No. 26, OECD Publishing, Paris, https://doi.org/10.1787/e2eda150-en.

[5] OECD (2022), MAPS Assessment of Greece Public Procurement System.

[4] OECD (2020), Guide de management des risques dans les marchés publics en Tunisie.

[1] The National Transparency Authority (2024), Model Policy and Framework for Risk Management.