copy the linklink copied!4. Managing Risks and Supporting Accountability throughout the Public Procurement Cycle

4.1.1. ISSSTESON’s senior management could demonstrate a strong commitment to internal control and audit, ethics and integrity

ISSSTESON’s Board of Directors should establish the three lines of defence and empower the administrative units responsible for implementing them. The first line is in charge of all the operational managers of the organisation. Middle- and high-level managers are in charge of implementing controls and helping identify and prevent risks in their areas. ISSSTESON’s second line of defence should be in charge of all senior managers and, at the same time, could be organised and supervised by UPII, as the unit in charge of following up the agreements taken in COCODI. Additionally, to comply with the third line of defence, ISSSTESON could set up a new function of internal audit reporting to the board and complementing external audit.

The COCODI provides ISSSTESON an opportunity to develop efficient risk-management strategies to avoid corruption in public procurement and enhance financial sustainability, both fulfilling its mandates (health services, financial services, and pension and mortgage administration) and promoting secondary policy objectives, such as competitiveness of local enterprises in the health sector.

The fact that UPII has the responsibility to follow up on the agreements made by COCODI offers several advantages. Issues related to internal control, for example, are easily co-ordinated and managed because under the current ISSSTESON Internal Regulations (Article 18), the unit is also responsible for setting up and co-ordinating several programmes, such as: institutional planning, co-ordinating and integrating the sector programme, the institutional development programme, ISSSTESON’s annual operational and budget programme, and the annual public works plan. It is also in charge of monitoring, performance evaluation and accountability of the institute (including administrative units and deconcentrated bodies). This includes gathering statistics, reports on public funds (cuentas públicas), organisation and proceedings manuals, and implementing codes of ethics and conduct. The unit is also legally mandated to identify opportunities, propose administrative innovations and regulatory changes, and make recommendations on administrative development and management processes, including streamlining procedures.

Despite this progress, the institute’s internal control and risk management systems leaves room for improvement. ISSSTESON, for example, needs to create an internal audit function. This should be under the General Director’s first line of control and should report its findings and recommendations to the Board of Directors. The Audit Unit should also propose audit rules and plans to the Board for its approval.

copy the linklink copied!

Figure ‎4.5. ISSSTESON organisation chart for its new Audit Unit

Source: Adapted from ISSSTESON’s Internal Regulations (2015).

Integrating risk-management strategies for mapping, detection and mitigation of risks in public procurement is vital for effective internal control. The OECD Recommendation of the Council on Public Procurement (2015[4]) explicitly suggests identifying and addressing: 1) threats to the proper function of the public procurement system, 2) potential mistakes in the performance of administrative tasks, and 3) deliberate transgressions. Any risks and threats noted should be brought to the attention of the relevant officials. To prevent fraud, misuse of public funds and corruption in public procurement, public officials, and particularly procurement practitioners, need a full understanding of the potential risks. This will help them address threats and limit fraud and corruption: to detect potential deviations, to exclude corrupt suppliers/bidders, and to take action against dishonest procurement practitioners (OECD, 2009[7]).

Risk management covers two main areas: risk assessment and risk mitigation/treatment (OECD, 2009[7]). Risk assessment plays a key role in the selection of appropriate internal control measures (OECD, 2017[5]), because it consists of identifying potential risks, analysing their causes and consequences and evaluating their impact.

copy the linklink copied!

Figure ‎4.6. The risk-management cycle according to ISO 31000:2009

Source: Adapted by (OECD, 2017[5]) from ISO 31000: 2009; (OECD, 2013[8]), OECD Integrity Review of Italy: Reinforcing Public Sector Integrity, Restoring Trust for Sustainable Growth, https://doi.org/10.1787/9789264193819-en.

Integrity risks emerge in different types of procedures, as well as at different stages of the public procurement cycle. For example, in open tenders, corruption can occur when confidential information on supplier bids is selectively disclosed, allowing particular bidders access to inside information. In a direct award, corruption may arise when the assessment of quality and reliability are unfair and influenced by bribes. In a limited invitation procurement, there may be opportunities for extortion and bribery during the back-and-forth of price discussions with firms (Vian, 2002, in (OECD, 2013[1])). On the other hand, if businesses expected to compete against each other agree tacitly or overtly to raise the price of goods or services, a specific type of collusion, known as bid rigging, occurs (OECD, 2011[9]). This harms governments, because it prevents them from maximising value for public money.

Corruption can occur in the different phases of tendering. The following table illustrates actions or omissions implying risks of corruption, according to relevant activities in each phase of tendering.

ISSSTESON faces relevant risks in the procurement cycle, such as:

• Pre-tendering phase: Even when ISSSTESON develops a budget plan every year, non-competitive procedures like direct awards are not exceptions but common practice.

• Tendering phase: The lowest price and binary method are the common evaluation and award criteria in ISSSTESON’s public procurement procedures. In addition, the Law on Acquisitions, Leases and Services of the State Public Administration (Ley de Adquisiciones, Arrendamientos y Prestación de Servicios Relacionados con Bienes Muebles de la Administración Pública Estatal) establishes in its Article 24, the option to use two more criteria: evaluation by points and percentages and cost-benefit evaluation. These could be used if government entities provide justification to show that applying such mechanisms allows them to objectively assess the creditworthiness of the proposals, and/or when government entities need to obtain goods, leases or services that involve the use of highly specialised technical features or technological innovations. Interviews with the personnel involved with technical tenders in ISSSTESON, however, revealed that they fear they may be subject to sanction, because administrative units usually consider only the lowest price criterion. As a result, some confusion persists among both technical and administrative personnel over the application of the methods established by the law, which constrains procurement practitioners from making better decisions.

• Post-award phase: ISSSTESON uses an electronic system of Sonora’s Ministry for Control (Evidence System) to monitor the progress of contracts (http://sevi.sonora.gob.mx). However, ISSSTESON does not have a monitoring strategy, evaluation method, and a record of the performance evaluation of each contract and supplier.

4.1.2. To address corruption, COCODI and UPII should have clear functions of risk management and internal control

COCODI, through UPII, should communicate better to the different areas of the institute the risk assessment methodologies, consisting of at least the following elements:

4.2.1. Integrity framework

The integrity framework is a systemic, comprehensive approach involving instruments, processes and structures for encouraging integrity and preventing corruption in public organisations. It involves interdependence and co-ordination between internal elements of the system (instruments, processes and structures). Governments may organise these internal elements into four functions: determining and defining integrity; guidance towards integrity; monitoring integrity; and enforcing integrity. These should attempt to strike a balance between a rule-based and a value-based approach (OECD, 2009[16]).

In Mexico and its federal states, the preference has commonly been for rules-based approaches in integrity policies. On 11 May 2017, the state of Sonora endorsed its Law on the Local Anti-Corruption System (Ley del Sistema Estatal Anticorrupción del Estado de Sonora, or LLLACS), a set of revised and newly expressly enacted laws, notably the Law on the Local Anti-Corruption System and the State Responsibilities Law (Ley Estatal de Responsabilidades). The first establishes the principles and general rules of the integrity framework of the state of Sonora, as well as the public entities that constitute the system and their mandates (see Box ‎4.6). The second establishes the principles and obligations of the adequate performance of public officials; it differentiates between serious and less serious administrative offenses by public officials, the sanctions applicable, as well as the procedures for their application and the powers of the competent authorities to impose them.

On 1 June 2017, the State Government of Sonora issued its Code of Ethics and Conduct, as well as the Integrity Rules for public officials of the State Public Administration. According to Article 5 of the LLACS, the public entities of the State of Sonora are mandated to create and maintain structural and regulatory conditions that allow for the proper functioning of the state as a whole, and the ethical and responsible performance of each public servant. ISSSTESON, as a decentralised body with legal personality and its own budget, is to abide by this legal framework.

Article 5 of the LLACS establishes guiding principles that govern the public service: legality, objectivity, professionalism, honesty, loyalty, impartiality, efficiency, effectiveness, fairness, transparency, economy, integrity and merit. On the other hand, Article 7 of the State Responsibilities Law establishes that public officials will observe, in the exercise of their employment, position or commission, the principles of discipline, legality, objectivity, professionalism, honesty, loyalty, impartiality, integrity, accountability, effectiveness and efficiency. Article 4 of the Code of Conduct and Ethics for Public Servants of the State of Sonora Public Administration (Código de Ética y Conducta para los Servidores Públicos de la Administración Pública Estatal) establishes and defines the values that all public servant of the State of Sonora must observe in their activities, which are: honesty, legality, collaboration, connectivity, efficiency, integrity, gender equality, accountability, respect, service, sustainability and transparency. The State of Sonora’s framework for integrity promotes 21 values or principles (Figure ‎4.7).

copy the linklink copied!

Figure ‎4.7. Principles and values in the State of Sonora’s Law and Ethics Code

Source: Information from Article 5, LLACS; Article 7, State Responsibilities Law and Article 4, Ethics Code.

Twenty-one values or principles are mentioned in the three legal instruments. Only four (19%) are mentioned in all three. Seven principles (33%) are mentioned in two of the instruments, and the remaining ten (48%) are mentioned only in one. The table below shows which values are mentioned in which instruments.

The State of Sonora recently passed ten rules for integrity, including: i) public performance, ii) knowledge of regulations and their applicability, iii) developing duties, iv) use and distribution of material, human and financial resources, v) public information, vi) public procurement, permits, licences, authorisations and concessions, vii) relationship with co-workers, vii) relationship with public entities, ix) relationship with society, and x) co-operation with integrity. The sixth rule establishes that public officials, directly or indirectly, in charge of public procurement, permits, licenses, authorisations and concessions, should be transparent, neutral and legal, that they should conduct their decisions according to social needs and the public interest, and that they should guarantee the best conditions for the State. To advance public officials’ commitment to the Ethics and Conduct Codes and the rules of integrity, each public official must sign a Commitment Letter.

In in 2014, the State of Sonora issued an Anti-Corruption Law in Public Procurement, which applies to public procurement processes at the state and municipal levels. It establishes the responsibilities and sanctions that will be imposed on any person or business (enterprises, suppliers and public servants who participate, directly or indirectly, in the procurement process) for infractions related to public procurement in the state or its municipalities. The law also stipulates that the sanctioning procedure be conducted by the control bodies with the objective of determining responsibility for participation in public procurement and application of the corresponding sanctions. Article 6 establishes that participants in a public procurement process shall conduct themselves ethically, with truth and honesty in all acts and attitudes, without giving rise to acts of corruption throughout the whole procurement process until its completion, and refraining, at all times, from offering, lending, giving, conditioning, delivering or any other action that resembles, by itself or by a third person, for any reason, benefits, services, money or any other good to any public servant in the recruitment procedure.

Likewise, in June 2018, Sonora’s Ministry for Control issued a guide to identify and prevent conflicts of interest in the State Public Administration (Guía para identificar y prevenir la actuación bajo conflicto de interés en el ejercicio de la función pública en la Administración Pública Estatal). This is intended as a tool to provide advice to public servants and contribute to the identification, prevention and management of conflicts of interest faced in the work environment or outside it. Its specific objectives are:

• Establishing general guidelines to facilitate the understanding, identification and correct management of conflicts of interest that public servants of the State Public Administration should follow;

• Helping instil a culture of transparency, accountability, the rule of law, ethics and public integrity, by introducing tools to prevent conflicts of interest;

• Harmonising criteria to identify, prevent and manage conflicts of interest in the ministries and agencies of the State Public Administration.

Under this general framework and based on the Guidelines for Establishing and Operating Committees for Integrity, Ethical Practices and Good Government of the State Public Administration (Lineamientos para la Integración y Funcionamiento de los Comités de Integridad, Prácticas Éticas y Buen Gobierno de la Administración Pública Estatal), published on 26 June 2017 in the State Official Gazette, ISSSTESON approved its own integrity programme in December 2017 and established its Committee for Integrity, Ethical Practices and Good Government (Comité de Integridad, Prácticas Éticas y Buen Gobierno, or CIPEBG) on 8 June 2018. This committee’s main objective is to strengthen the fundamental values and principles inspiring public servants to respect the law and reject corruption, and to promote conduct that dignifies and appreciates public service. The institute’s General Director is the Committee’s President, and it also includes a vice-president, a technical secretariat that serves as the liaison with the Ministry for Control and the representatives of the different administrative units. The committee’s Annual Report 2018 reports a compliance index of 93.3% with its programme of work (see Box ‎4.7).

As part of ISSSTESON’s Integrity Programme, it published its own Code of Ethics and Conduct and Integrity Rules (Código de Ética y Conducta y Reglas de Integridad del ISSSTESON) in August 2017 (see Box ‎4.8). This follows the code and rules applicable to all state public officials, and although some guidelines directly apply to the public procurement function, ISSSTESON could complement its efforts with an integrity framework tailored specifically for the procurement workforce.

Given the general framework and ISSSTESON’s own Code of Ethics, and taking into account the rules of action established in the Law on Acquisitions and the Law of Public Works of the State of Sonora (Ley de Obras Públicas del Estado de Sonora), ISSSTESON should develop a specific Code of Conduct and specific guidance for procurement officials. This should conform with the legal provisions of the Anti-Corruption Law in Public Procurement and should also ensure that specific provisions for public procurement are included in the codes developed by hospitals and clinics. A Code of Conduct for procurement officials would have the advantage of being tailored to the specific risks of the procurement cycle in the health sector.

The Internal Regulations of ISSSTESON (Article 18, Fraction XX) grants the UPII authority to co-ordinate and lead direct actions for the promotion of values in the institute; elaborate in collaboration with the administrative units and deconcentrated bodies the corresponding Ethics and Conduct Codes for the authorisation of the Ministry for Control; and keep them updated and co-ordinate their dissemination with the support of the Social Communication Liaison Unit.

With the participation of public officials and stakeholders, ISSSTESON’s UPII should design a Code of Conduct or Ethics to emphasise the specific conduct expected in public procurement and prioritising the values to be observed. This would guide the conduct of procurement practitioners when they face ethical dilemmas. This unit should also set up an annual programme to train public procurement officials and regular and potential suppliers, focusing on communicating the priority values and identifying conflicts of interest and mechanisms for reporting corruption.

The UPII should guarantee the creation of rules-based and values-based codes on the public procurement cycle, and where applicable, phase by phase, on the following themes:

• prioritised values for public procurement, whenever possible, by phase of the procurement cycle

• conduct expected during the public procurement cycle

• conflict-of-interest policy, in line with the Guide, to identify and prevent conflicts of interest in the State Public Administration, issued by the Ministry for Control

• gifts and gratuities policy

• post-employment arrangements.

In drafting the Code of Ethics and Conduct of Procurement officials, ISSSTESON should consider the new national and state anti-corruption legal frameworks and the statements regarding values, conflicts of interest, gifts and gratuities and post-employment arrangements, especially Mexico’s General Law of Administrative Responsibilities (Ley General de Responsabilidades Administrativas, or LGRA) and the State Responsibilities Law (Ley Estatal de Responsabilidades).

4.3.1. Public consultation on reforms in the public procurement system

The experience of OECD member countries indicates that open and inclusive policy making can help governments better understand and respond to the changing needs of society, to use ideas and resources from civil society and business to confront complex policy challenges, to lower costs and improve policy outcomes, and to reduce administrative burdens on policy implementation and service delivery (OECD, 2017[21]).

One tool for encouraging participation in procurement is to organise public consultations about any reforms to the procurement system. Such consultations should be conducted in a transparent, inclusive fashion, soliciting the participation of business associations, civil society organisations, regular and potential suppliers, procurement officials, as well as citizens and enterprises in general.

Engaging the private sector and civil society in any proposed changes to the public procurement system aims to align the expectations and understanding of both suppliers and procurement officials.

The standard process for formulating changes in public procurement should allow for public consultation and, at the same time, set up the rules for how to conduct such consultations. These should include details of how the consultations should be organised, which channels can be used (for both active and passive consultation), how far-reaching the consultation process should be, and how to disclose the comments received and the answers given by the procurement authority, as well as the outcome of the consultation and the justification for the decisions taken.

The procurement authorities should consider (OECD, 2009[18]):

• establishing rules of public consultation in the standard process of formulating changes to the public procurement system,

• promoting public consultation,

• inviting comments from the private sector and civil society,

• taking into account the input, comments and feedback received, if relevant and applicable,

• publishing the results of the consultation phase,

• explaining the decisions taken,

• designing programmes to build the capacity of relevant stakeholders to understand changes to the public procurement system.

The State of Sonora has a Regulatory Improvement Law (Ley de Mejora Regulatoria para el Estado de Sonora), which establishes a procedure for the review, improvement and citizen participation in the preparation of the regulatory framework in agencies and entities of the state’s public administration. The regulatory procedure mandates state regulators to draft a Regulatory Impact Analysis (RIA) for each regulatory proposal issued, including the following elements:

• the reasons for issuing the new regulation;

• the alternatives considered, the reasons for rejecting them and the solution proposed;

• the potential risks of not issuing the regulatory proposal;

• the legal basis of the regulatory proposal, the regulatory background and the coherence of the regulatory proposal with the legal system in force;

• the costs and benefits of the regulatory proposal;

• identification and description of the formalities created by the regulatory proposal;

• the resources and mechanisms to ensure compliance with the regulation.

The State of Sonora’s Commission for Regulatory Improvement (Comisión de Mejora Regulatoria de Sonora, or COMERS) is charged with implementing a regulatory improvement process like the one in force at the federal level in Mexico. Under its Regulatory Improvement Law, COMERS is to publish the RIA and the regulatory proposals in online forums, as soon as they are received by the Commission, so stakeholders can send their comments, suggestions and observations. As in the federal regulatory improvement process, if regulatory proposals do not involve compliance costs or delays for citizens and enterprises, the agencies and entities of the State Public Administration are not obliged to draft an RIA.

ISSSTESON has no standardised procedure for revising its rules on procurement. The State of Sonora has a Regulatory Improv2ement Unit, COMERS, but ISSSTESON does not appear to comply with the requirement to review and analyse regulatory proposals or use other tools for regulatory improvement, such as public consultation and RIA. It does not solicit proposals or comments from civil society and business associations to improve the public procurement system when amending regulations or issuing new ones.

As a good practice, ISSSTESON should develop an internal policy to subject procurement-related rules to the regulatory quality requirements and controls established in the Regulatory Improvement Law of the State of Sonora, which are not necessarily applied to ISSSTESON at present.

ISSSTESON would benefit from setting up an internal protocol or procedure to subject itself systematically to COMERS’ regulatory impact process when developing new procurement rules or modifying the existing ones, even in cases where there are no compliance costs for citizens and enterprises. ISSSTESON could benefit from COMERS’ expertise and by further public consultation, letting stakeholders access more information about procurement regulatory proposals and encouraging them to engage more actively in the process.

If COMERS does not have the capacity to receive and process ISSSTESON’s public procurement regulatory proposals, ISSSTESON would need to establish and regulate an internal standard process (regulatory impact process) to follow each time it revises one or more elements of its public procurement system. The standard process should include an early regulatory public consultation process for all the stakeholders (internal and external, foreign and domestic), formalising the policy for letting stakeholders comment on draft procurement regulations. ISSSTESON should also formally disclose to all its stakeholders, and publish online, both the standard process and the rules for early regulatory consultation.

ISSSTESON could consider the following questions in designing its internal standard process:

• When should it apply the internal standard process to consult with external stakeholders about reforms to procurement regulations? For instance, whenever new procurement rules are issued or if the existing ones are reformed by ISSSTESON.

• Who is in charge of the internal standard process? It might be advisable to designate ISSSTESON’s Institutional Planning and Innovation Unit for this role.

• What kind of public procurement rules would be subject to the standard process? For instance, would all rules relative to procurement that will be issued, or only the amended procurement rules with compliance costs for enterprises or citizens?

• What kind of analysis should be drawn up to present the procurement regulatory proposals? For instance, ISSSTESON could adopt the structure proposed by OECD for the RIA (Box ‎4.14).

• Where and when should the procurement regulatory proposals and their RIA or analysis be published? For instance, on ISSSTESON’s website, or on a special website created for the standard process?

• How long should the regulatory public consultation last? Most OECD countries guarantee minimum periods of public consultation of more than four weeks (OECD, 2015[23]).

• Through which channel(s) should stakeholders send their comments? Online or face to face, including information and communications technology (ICT) tools used for consultation: for example, by email, on a government website, in virtual discussions or on social media) as well as face-to-face consultation? ISSSTESON could use such means as advisory groups or preparatory committees; meetings for formal and informal consultation with selected groups; and focus groups.

• How and when will ISSSTESON give feedback on comments received? It could consider establishing an obligation to produce a report on the regulatory public consultation processes.

• What should the report of regulatory public consultation include? Ideally, it would include feedback on the comments received, indicating the input considered, explanations of the option(s) chosen, and if applicable, the new version of the regulatory proposal.

• Where could stakeholders find the report on regulatory public consultation? This might either be on ISSSTESON’s website or on a special website created for the standard process.

• How will the institute publicise the new regulation(s) issued and the date of entry into force? It would be advisable for ISSSTESON to include in the internal standard process an obligation to design a communications strategy for the new procurement regulation that is to be issued or amended, to inform the relevant stakeholders. The strategy could include programmes to build the capacity of relevant stakeholders to understand changes in the public procurement system.

In addition to setting up a RIA process for public procurement issues, ISSSTESON could consider a programme to reduce red tape and streamline administrative burdens in public procurement procedure. The aim would be to increase participation of suppliers and small and medium enterprises (SMEs) in public procurement. The institute could call on all suppliers involved in one or more tenders in the recent past, and even those that were not awarded, with the goal of consulting them on the key problems faced in the tender process, and specifically, about the opportunities for improving procurement formalities.

4.3.2. Encouraging dialogue between procurement authorities, suppliers and business groups

Another way to encourage stakeholders (internal and external) to participate in the public procurement system is transparent and regular dialogue between procurement authorities and suppliers and business associations. Dialogue with the relevant stakeholders adds a level of scrutiny that can help identify problems (bottlenecks in processes and possible risks of corruption and collusion) and opportunities for improvement in the procurement process. It can also help improve tender design.

Procurement authorities should encourage such dialogue to give potential suppliers a better understanding of their needs and give procurement officials information on market capabilities that can help them develop more realistic and effective tender specifications (Table ‎4.4). Such interactions should also ensure that foreign companies participating in tenders receive transparent and effective information. These interactions between potential suppliers and procurement officials should be subject to appropriate fairness, transparency and integrity safeguards (OECD, 2009[18]).

Several effective tools can be used to manage dialogues with relevant stakeholders (internal and external), which can be structured depending on the phase of the procurement cycle (Table ‎4.5). Stakeholders can be involved at any point of the procurement cycle, as long as the procurement authorities conduct themselves with high standards of integrity (fairness, openness, transparency, equal access and treatment, non-discrimination, providing the same information to all suppliers) and maintain records of any discussions, lists of attendees and information shared, as well as questions and answers.

In the pre-tendering phase, it is advisable for procurement authorities to organise capacity-building workshops on the legal framework of public procurement, the anti-corruption system and potential penalties. Specialised training could be organised to communicate to potential suppliers the purchasing needs (for instance, the annual procurement programme), as well as tips and practical sessions on how to elaborate bid proposals, among other themes that suppliers request and consider necessary.

It would be advisable for ISSSTESON to organise discussions about draft calls for tender, to solicit relevant input from suppliers to improve tender documents and develop effective tender specifications. It would also be beneficial to establish supplier training desks (either physical or online) to provide assistance to suppliers.

At the same time, and with the aim of obtaining information from the market, procurement authorities could introduce such activities as: RFIs, inviting suppliers to “show and tell” events, and organising industry days. This would encourage buyers to discuss their needs and allow suppliers or industry representatives to offer information about their products or services, as well as to explain how the industry works, analyse possible solutions, and identify suppliers able to offer the goods and services that procurement authorities need.

In the tendering phase, the procurement authority could organise one press conference with industry and external stakeholders to present the tender and another to communicate results. As noted earlier, the participation of the media and relevant external stakeholders enhances the level of scrutiny and promotes a level playing field, which in turn increases transparency and accountability. Clarification meetings with all potential suppliers are desirable. The number of meetings needed will depend on the size of the tender and the technical specifications of the purchase, but at least one is called for. Suppliers who are interested in submitting a bid or who have submitted an expression of interest can participate in clarification meetings. In the same vein, procurement authorities could hold a question-and-answer session or send a list of all questions and their answers to all suppliers.

The Law on Public Works and Related Services of the State of Sonora (Ley de Obras Públicas y Servicios Relacionados con las Mismas para el Estado de Sonora) establishes in Articles 44 and 46 that the call for tenders should include the date, time and place where the clarification meeting will take place. Although the Law on Acquisitions does not explicitly include an obligation to hold a clarification meeting, ISSSTESON follows as good practice the requirement established in the Law on Public Works and usually includes a clarification meeting in its calls for tender.

In the post-award phase, it is desirable to let suppliers know who has been successful and publish a contract award notice. Procurement authorities can also hold debriefings with unsuccessful bidders to address their concerns and receive feedback on the tender process. Debriefings are also useful to let suppliers know why their proposals were unsuccessful, to help them develop capacity and lend transparency and trust to the process. To manage contracts, the procurement authority could organise clarification meetings with the supplier awarded a contract. These meetings are helpful to explain the contract terms, defined times, organisation mechanisms, and so on. Opinion surveys on tenders are also a good way of obtaining feedback on the process and identifying opportunity areas for future tenders.

Verbal debriefings and meetings can improve suppliers’ relationship with procurement authorities and the quality of their offers, while giving them valuable insights. They must, however, be used judiciously, under clear guidelines, to reduce any risks and costs associated with breaches of integrity. To increase the benefit of discussions, and to mitigate potential risk, procurement authorities should develop guidelines or protocols to establish a clear framework that governs the process. The amount and type of information dispensed will depend on the circumstances of the contract and the market situation (OECD, 2018[19]).

The procurement authority should ensure that no competitive advantage, for whatever reason, is afforded to any suppliers. Special attention should be paid when sharing any information, at any point, to ensure that all suppliers receive the information. For example, if a tender is anticipated, particular care should be taken in interactions with external stakeholders and suppliers.

ISSSTESON has no mechanisms of participation for stakeholders to provide comments, information and ideas for improving tenders. The only such mechanism noted was the clarification meeting that ISSSTESON is mandated to conduct as part of the procurement procedure mandated by the Law on Public Works. In these meetings, suppliers can seek clarifications and ISSSTESON officials can obtain elements to correct and/or clarify the calls for tender. Clarification meetings are conducted in person and the participation of potential suppliers is optional, but they usually participate so their questions can be answered. Information on the meeting is uploaded to the e-procurement system, Compranet. At present, however, ISSSTESON has no systemic, regulated participation scheme for the entire public procurement cycle.

4.3.3. ISSSTESON should introduce stakeholder participation at all phases of the procurement cycle

Meanwhile, ISSSTESON should develop protocols and a clear procurement framework to regulate precisely when each participation tool can be used and what kind of information can be shared, depending on the phase of the procurement cycle and the participation tools selected. ISSSTESON could identify the best channels for communicating with potential suppliers.

ISSSTESON does not at present have guidelines for elaborating draft tenders, other than what is mandated by law. Consequently, procurement practitioners usually rely on previous tenders or the experience and opinions of Sonora’s Ministry for Control. Even though the ministry’s mechanism of control must be maintained, ISSSTESON could develop guidelines to elaborate draft tenders with the aim of harmonising criteria and facilitating the work of procurement practitioners.

4.3.4. Involvement of external stakeholders in the procurement system for ensuring scrutiny

To enhance public policies, trust in government is necessary to improve government relations with citizens. Consultation and active participation provide government with an informed basis for policy making. At the same time, they ensure more effective implementation, as citizens become better informed about the policies and are involved in their development. Involving citizens in public issues creates greater acceptance for the political outcomes, since when governments endorse openness, citizens tend to perceive them as worthy of their trust. Making governments more transparent and accountable enhances the basis for active citizenship, which in turn leads to a stronger democracy (OECD, 2001[26]).

(OECD, 2001[26]) defines active participation as the participation of citizens in policy discussions, for instance, by proposing policy options. At the same time, the responsibility for formulating policy and the final decision rests with the government. Engaging citizens in policy making involves an advanced two-way relationship between government and its citizens, based on the principle of partnership.

Given the risk of corruption in procurement operations, it is good practice for governments to enlist representatives of civil society, academics or end users in reviewing the integrity and functioning of the procurement process, as well as involving the media and the wider public through awareness-raising programmes and communication campaigns. The role played by oversight institutions such as Congress and the Supreme Audit Institution (at national or subnational level) through their reports is particularly helpful for enhancing public scrutiny of public procurement (OECD, 2009[27]).

Involving external stakeholders as observers of the procurement system, and introducing open-data strategies throughout the public procurement cycle encourages citizens’ active participation in public procurement. The OECD Recommendation of the Council on Public Procurement (2015[4]) suggests introducing “direct social control” and “community monitoring” mechanisms to encourage citizens’ active participation at key decision-making points. The following box shows some of the actions governments can take to involve external stakeholders.

Procurement practitioners should take at least two steps: i) introduce “direct social control” mechanisms with legal and direct channels, to allow external observers to inform control authorities of potential irregularities or corruption; and ii) design confidential, accessible complaint mechanisms to reduce potential user intimidation (OECD, 2009[27]).

Direct social control mechanisms involve an independent expert monitor in the procurement process. This expert may be from civil society, the academy or an end user, or commercially contracted. The external independent expert usually has access to all documents and meetings on the procurement process.

Procurement authorities should set up strict criteria to define when direct social control mechanisms may be used, as well as for selecting an external observer. Criteria for determining when direct social control mechanisms should be used include the value (especially for high-value procurement), complexity and sensitivity of the procurement. External observers should be subject to systematic verification to confirm they have no conflicts of interest and are aware of restrictions and prohibitions on potential conflicts of interest, such as the handling of confidential information. Governments should support these initiatives by ensuring timely access to information and providing clear channels to allow the external observer to inform control authorities in the case of potential irregularities or corruption (OECD, 2009[27]).

At the federal level, Mexico has a successful mechanism of direct social control, “social witnesses”, documented in OECD integrity reviews (Box ‎4.19).

ISSSTESON encourages the participation of “Citizen Commissioners”, who are responsible for providing input on public perception of health services. Selected by Sonora’s Ministry for Control, they are typically senior citizens and retirees who have worked for ISSSTESON and are familiar with its services. Citizen Commissioners receive compensation, and the result of their work is presented to senior officials.

Citizen Commissioners, however, do not participate in procurement processes. ISSSTESON, with Sonora’s Ministry for Control, could thus consider adding new functions for Citizen Commissioners and adapting the mechanism to create social witnesses or external observers of public procurement processes.

To this end, ISSSTESON and the Ministry for Control should develop strict criteria to define when Citizen Commissioners may assist public procurement processes, and the profiles and requirements they need to participate. In addition to senior citizens and retirees (as end users), representatives of civil society and other experts might be invited to participate.

A local college, Kino University, has created an anti-corruption education programme, called “You can succeed without being corrupt” (“Se puede alcanzar el éxito sin ser corrupto”.) This offers an opportunity to link academia and students with procurement practitioners and increase awareness of integrity in society at large.

Although civil society, the media and chambers of commerce have not yet engaged in oversight activities, ISSSTESON could invite them to participate in the review of open public procurement processes. This would enhance their awareness of integrity and increase their expertise in procurement.

4.4.1. ISSSTESON should develop guidelines for internal and external audits with the Ministry for Control

ISSSTESON has a Supervisory and Audit Committee that is charged with analysing, integrating and co-ordinating internal control duties with the internal and external audit information. Every three months, ISSSTESON’s General Director sends the committee a report on the financial management of the funds of the institute. It is also charged with obtaining from the Superior Institute of Audit and Control (Instituto Superior de Auditoría y Fiscalización, or ISAF), information related to the financial status and results of the audits, as well as the inspections and visits to ISSSTESON. The committee participates as a contributor of the Ministry for Control in the audit and review procedures conducted in ISSSTESON.

The Supervisory and Audit Committee (Comité de Vigilancia y Fiscalización) monitors the expenditure of the institute and the investment of its resources, and supervises their application. Members of the committee may not be members of ISSSTESON’s Board of Directors or hold any position in the institute, with the exception of the General Director, who acts as Technical Secretariat of the Committee, with the right to speak but not to vote. Committee members perform their duties on an honorary basis.

Oversight of monitoring and evaluation activities of the institute is carried out by a Public Commissioner appointed by Sonora’s Ministry for Control and an internal control body. Both bodies are part of ISSSTESON organisational structure, but they make technically independent decisions and opinions and are accountable to the Ministry for Control.

The Public Commissioner evaluates the general performance and functions of the institute, analyses ISSSTESON’s expenditure efficiency and, in general, requests information and performs the acts required for the proper performance of its functions. The Public Commissioner participates in the Procurement Committee, as well as ISSSTESON’s Board of Directors.

The Internal Control Body (Órgano Interno de Control, or OIC), which aims to support and enhance the management of the institute, carries out its functions in accordance with guidelines issued by Sonora’s Ministry for Control. The OIC also collaborates with ISSSTESON in observation of other oversight entities. The OIC has a legal department in charge of complaints, a department in charge of audits and one more to carry out its administrative functions.

The OIC has an annual audit plan, which may be adapted if, during the year, certain complaints are received or if circumstances warrant a special review or supervision. The OIC works in two types of evaluations: performance and financial evaluations. Some of them may be ex officio and should be included in the annual audit plan and others may be requested and based on complaints from beneficiaries.

4.4.2. ISSSTESON and its oversight bodies should agree on internal and external audit plans

Agreement on the audit plans could benefit from publication on an online system that also publishes the audit reports and their results, principal auditing observations and recommendations, as well as the follow-up on implementing and enforcing the audit recommendations. This would enhance the institute’s accountability.

ISSSTESON should be aware that complaints communicate useful information to the procurement system and can help identify challenges in the process, the barriers to entry and the risks of corruption that suppliers are experiencing. Complaints are a source of input for improving the procurement system.

The State Government should set up a system to gather and handle all complaints, in a fair, timely and transparent way. An effective public procurement complaints system should permit complaints regarding, at the least: i) infringements of public procurement rules, ii) public procurement procedures, iii) contract award decisions, and iv) the interpretation of contract clauses in managing the contract.

A public procurement complaints system should consider establishing mechanisms for challenging procurement decisions. These are usually called “remedies to challenges” and may be organised into two or more levels of challenges. First, the procurement system could include an alternative dispute settlement mechanism (i.e. conciliation), encouraging informal problem solving and preventing formal reviews. Secondly, it could establish a formal review process conducted by the procuring entity and, in a third instance, by a body with enforcement capacity independent of the respective procurement authorities.

“Remedies to challenges” should be provided at an early stage of the decision-making process, before the contested contract is signed. A good practice in OECD member countries is a mandatory standstill period between the contract award and the beginning of the contract, to allow legal actions by the harmed bidder to allow a reasonable chance of being reinstated in the procurement procedure (OECD, 2009[27]; OECD, 2009[29]).

To encourage transparency and accountability, it is always desirable to have clearly defined procedures for submission and resolution of complaints, as well as for follow-up. It is advisable to maintain an online portal updated with the procedures, decisions or resolutions taken from complaints and statistics about number of challenges filed and the types and the number of sanctions imposed each year.

Procurement authorities also have to design and implement a whistle-blower protection framework in public procurement. Whistle-blower protection refers to legal protection from discriminatory or disciplinary actions for employees who disclose to competent authorities, in good faith and on reasonable grounds, wrongdoing of any kind in their workplace, including in both public and private sector organisations (OECD, 2016[32]).

Employees in both public and private sectors can access up-to-date information concerning workplace practices and are usually the first to recognise wrongdoing. However, if the organisation has no mechanism to protect those who report wrongdoing, employees may be subject to intimidation, harassment, dismissal and violence by their colleagues or superiors (OECD, 2016[32]). Fear of reprisal is an important reason for potential whistle-blowers to avoid reporting wrongdoing. An organisational culture that creates “fear of consequences or risk aversion” can be less oriented towards ethics and integrity results.

Whistle-blower protection frameworks (and a regulatory framework that is actively implemented) give employees positive incentives to help authorities deter and detect wrongdoing, as corrupt acts, fraud and mismanagement. As part of this framework, a legal obligation for public officials to report corruption and other criminal offences could be set up, as well as criminal sanctions for those who fail to report.

ISSSTESON and Sonora’s Ministry for Control have set up mailboxes to collect complaints from suppliers and citizens. Suppliers seldom use them, however, because they fear being singled out and being excluded from upcoming bids or procurement processes. ISSSTESON does not receive many appeals or complaints, because providers do not want to challenge the government. Suppliers also often do not know where and how to file a complaint or appeal.

OIC staff collect citizen complaints (complaints, suggestions and recognitions) from the mailboxes every Monday. After review, they are turned over for investigation to the corresponding ISSSTESON division and have a deadline of five working days to provide a response to the OIC. In all cases, ISSSTESON’s General Director is copied. After assessing the responses, the OIC determines if they are adequate and, if so, are sent by certified mail to the person who filed the complaint. If complainants are not satisfied with the response, they have a few extra days to ask for additional information or clarifications. The OIC produces a monthly report for the General Director detailing the status of the complaints, suggestions and recognitions received, classifying the information by subject and the administrative unit concerned.

The State of Sonora’s Anti-Corruption Law in Public Procurement lists at least seven types of infringements in public procurement (Box ‎4.23). The law requires individuals to report these to the corresponding control body. It also mandates all those participating in the procurement process and all public servants to report, in writing, the actions or omissions they are aware of in the exercise of their functions that could be sanctioned under the Law. If they fail to comply with this obligation, they may be sanctioned.

According to the Anti-Corruption Law on Public Procurement of the State of Sonora, the complaint letter shall contain the facts and any other information about alleged infringements, the identification data of the alleged suspect; and the evidence for the alleged infringements.

Even though the Anti-Corruption Law on Public Procurement of the State of Sonora establishes a complaint and sanction system for state and municipal public procurement, Sonora does not have whistle-blower protection and witness protection mechanisms. The current legal framework protects neither external whistle-blowers nor ISSSTESON public officials who wish to report wrongdoing.

To prevent violation of public procurement laws, internal control bodies can sign collaboration agreements with individuals and corporations who participate in public procurement, as well as with chambers of commerce or industrial and trade organisations, to help them develop self-regulatory mechanisms, including the implementation of internal controls and an integrity programme to advance an ethical culture, as well as mechanisms for complaint and protection of whistle-blowers (Anti-Corruption Law on Public Procurement of the State of Sonora, Articles 32-33). No evidence, however, suggests that collaboration agreements have been signed or that mechanisms or programmes for complaints and protection of whistle-blowers have been set up between ISSSTESON and its stakeholders.

As for developing a system of effective and enforceable sanctions for government and private-sector procurement participants, Sonora’s Anti-Corruption Law on Public Procurement establishes an administrative sanctioning procedure to be set up by internal control bodies. It also determines administrative sanctions, as well as mechanisms to reduce penalties.

Administrative sanctions could be economic sanctions that are equivalent to from one to 50 000 measurement and updating units (unidades de medida y actualización) or 30% to 35% of the amount of the contract awarded to both individuals and companies, as well as being barred from participating in public contracts in the State of Sonora for a period of not less than six months and no more than ten years in the case of individuals and 20 years for companies. A person who has committed any of the offences sanctioned by the Anti-Corruption Law on Public Procurement of the State of Sonora, or participates in carrying it out, can benefit from a reduction in penalties if he/she confesses his or her responsibility. The benefit may reduce the penalty by between 30% to 50% of the amount of the sanction.

ISSSTESON and its oversight bodies should take the opportunity afforded by the local anti-corruption reform to review, harmonise and adapt its procurement regulatory framework with Mexico’s General Law of Administrative Responsibilities. ISSSTESON and the state government could consider developing a clear legal framework protecting whistle-blowers, and creating simple, transparent mechanisms for filing complaints. They should also consider introducing a clear mechanism facilitating follow-up of any complaints submitted, from the submission of complaints until the final decision is made. An online platform for this purpose would be desirable. Finally, ISSSTESON should develop a communications strategy for the sanctions system and its procedures, to publicise complaints about public procurement processes, the consequences of acting improperly, and remedies for challenging mechanisms.