Document details

Hlacs, A., Wells, H., Damásio, B., Vasconcelos, C., Sturm, N. F., Gonçalves, A., & Batista, P. (2025). Using digital technology to strengthen oversight of public procurement in Portugal: The use of data analytics and machine learning by the Tribunal de Contas. (pp. 1-33). (OECD Working Papers on Public Governance; No. 83). OECD Publishing. https://doi.org/10.1787/43add03b-en --- This report was funded by the European Union

The digital transformation of oversight and integrity institutions is crucial for enhancing transparency, efficiency, and accountability in the management of public procurement and public funds. Prioritising the digital transformation of institutions responsible for oversight and audit helps these institutions improve service delivery and foster citizen engagement. Oversight and integrity institutions that can integrate advanced digital technologies and analytics, including artificial intelligence (AI), are in a better position to detect, prevent, and address corruption and misconduct. Given the complexity and volume of data that institutions, including supreme audit institutions (SAIs), are required to consider, the adoption of digital tools to streamline processes and to improve data and risk analysis is necessary. The Tribunal de Contas (Court of Auditors, hereafter TdC) is Portugal’s SAI and is responsible for overseeing the proper management and legal use of Portugal’s public resources. It plays a critical role in ensuring the regularity, efficiency and cost-effectiveness of public procurement in Portugal. The OECD and NOVA University Lisbon (Universidade) helped TdC develop and refine a risk assessment methodology, including the development of a data-driven risk model to undertake audit assessments. The initiative aims to improve the TdC’s identification of risks and the early detection of irregularities through advanced data analysis and machine learning (ML), a form of artificial intelligence (AI). The methodology developed marks a significant milestone in the TdC’s digital transformation. The risk indicators include a mixture of rule-based (red flags for simple rule violations, such as no competition in a high-value contract”), inference-based (red flags for patterns or repeated behaviour, such as “the same company always wins”), and model-based (red flags found by smart systems that learn from past data to spot unusual activity) indicators and require access to external data sources. This initiative has been selected as an example to highlight the implementation considerations and challenges (such as data quality) that oversight and integrity institutions must consider when developing a model. Several good practices have been identified during the development of the risk assessment methodology that underline the importance of shared understanding and commitment to addressing these challenges when developing and implementing any data-driven audit risk model. For example, improving the quality and accuracy of data and committing to investing in knowledge sharing and enhancing staff expertise and skills. Collaboration, sharing, and access to data across multiple institutions require stakeholders to be identified early and to be proactively and routinely engaged in the development of an audit risk model. Data custodians need to be involved in the model’s critical appraisal and review. Data-driven audit risk models should not remain static: ongoing enhancements and updates to a model may involve the development and implementation of more advanced indicators of risks. Finally, opportunities for automation and scalability of the data-driven risk assessment and its continuous optimisation (for example, feature engineering or updates to the data pipeline) provide further opportunities to ensure the sustainable implementation