Does stakeholder engagement affect corruption risk management?

Major international organizations such as the Organization for Economic Cooperation and Development (OECD), the United Nations (UN), and the European Union (EU) have stressed the importance of risk management as a useful mechanism to prevent corruption. Anticorruption laws or regulations have been developed around the world, both at regional and national level. These aim to support the design and implementation of proactive management of corruption risks in the public sector. This article aimed to investigate the relationship between stakeholder engagement and the extent of implementation of corruption risk management systems by public organizations. We analysed the anticorruption plans of 343 Italian administrations to explore how different categories of stakeholders (i.e. employees, governing bodies, users/citizens associations) can contribute to the corruption risk management process. We found that the involvement of external and internal stakeholders can positively affect the extent of implementation of corruption risk management systems by public organizations. We explained our results by referring to both traditional organizational theories (institutional theory and the resource-based view) and public governance theories (collaborative and inclusive governance). Institutional pressures, knowledge and values emerged as keys to understanding the results.


Introduction
The prevention of corruption is a significant challenge for the public sector. Its ability to ensure sustainability at micro and macro levels and to be resilient to corruption can be heavily affected by the level at which corruption risks are preventively managed (Bogodistov and Wohlgemuth 2017;Del Monte and Papagni 2001;Forson et al. 2016;Green 2015;Kapstein 1998;Mauro 1995;Rose-Ackerman and Palifka 2016;Smith and Fischbacher 2009;Tunley et al. 2018).
Major international organizations such as the Organization for Economic Cooperation and Development (OECD), the United Nations (UN), the European Union (EU), and the Group of States against Corruption (GRECO), as well as policymakers around the world, have stressed the importance of risk management as a useful mechanism to prevent corruption. Practical implementation of risk management has been supported by a series of standards or guidelines. For general operational risks, the two best-known and most widespread standards are ISO 31000 1 and the Enterprise Risk Management (ERM) system proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO 2007). Those systems describe risk management as a 'process' that involves clear phases: establishing the context, risk identification, risk analysis, risk evaluation, and risk treatment. This general approach to risk management has been translated into the anticorruption field by international (e.g. OECD), national (e.g., the national authorities against corruption [ANAC] in Italy) and regional bodies (e.g. the New South Wales Treasury in Australia). The growing use of integrated risk management general standards or specific guidelines for corruption risk management is designed to underpin organization-wide strategies by identifying, assessing, and responding to risks on an ongoing basis. It also enables continuous screening for new risks (Hansen 2011) and addresses the problem that a fragmented and reactive approach to risk management would not produce the intended results. These standards or guidelines identify the 'organization' as the level with the primary responsibility for managing corruption risks.
Despite the proliferation of risk management standards and guidelines, few studies have examined these standards, especially those for corruption risks. There is considerable rhetoric expressed by regulators, professional associations and consulting companies, but scholars show more caution, or even scepticism, about the use of risk management standards (Power 2009;Hansen 2011). There are still many unanswered questions. For example, we do not know if the implementation of these systems leads to the desired outcome (greater effectiveness of prevention systems), nor do we have a full understanding of how these systems are implemented in organizations and what factors can improve their implementation.
This last issue is the focus of our study. Beasley et al. (2005) observed that very little is known about the factors that affect the implementation of risk management 1 3 Does stakeholder engagement affect corruption risk… standards within organizations in the business sector. As far as can be ascertained, no studies have examined the factors associated with the degree of implementation of standards or guidelines specific to corruption risks. We suggest that this may be at least partly because corruption risks are often perceived as a technical problem or a regulatory issue. However, we believe that corruption risk management should be viewed as a decision-making process in itself.
If this is so, the implementation of corruption risk management systems can be examined within the more general context of implementation of decision-making processes, where there is a broader body of knowledge. Both traditional management theories (such as institutional theory and the resource-based view) and public governance theories (such as inclusive or collaborative governance) have been successfully applied to the study of decision-making processes. These theories are very different in their nature and structure, but agree that stakeholder engagement is relevant in shaping the decision-making process.
We therefore started from the point that corruption risk management is a decision-making process, and that relevant theories suggest that stakeholder engagement can affect decision-making processes. We developed two research questions: (1) does stakeholder engagement prompt the public sector to manage corruption risks?; and (2) how do stakeholder engagement factors affect the implementation of corruption risk management in public sector organizations?
International and national anticorruption bodies have encouraged public sector organizations to engage external and internal stakeholders in decisions about how corruption risks should be managed. However, there is still not enough research in this area. This study aimed to help to fill this gap, by empirically testing whether stakeholder involvement, as both a managerial driver and a mechanism of collaborative governance, can predict the extent of implementation of corruption risk management systems. We followed the general definition of stakeholder engagement proposed by Greenwood (2007: 317), of "practices that the organization undertakes to involve stakeholders in a positive manner in organizational activities". We therefore used the terms stakeholder engagement and stakeholder involvement interchangeably.
Our study focused on Italy, for two main reasons. First, the national government has encouraged use of an organization-wide risk management framework built on ISO 31000 risk management standards. Second, despite this effort, public corruption is perceived as profound (Transparency International 2017). The government first required corruption risk management in the public sector in 2012, through an Anticorruption Law (no. 190/2012). This law required all public sector organizations to adopt and publish a three-year anticorruption plan based on a risk management approach, and created a national authority known as ANAC (Autorità Nazionale Anticorruzione), to guide and supervise the Italian public sector's efforts to manage corruption risks. ANAC issues an annual national guideline (Piano Nazionale Anticorruzione, PNA) which provides the reference standard for public organizations to identify, assess, treat and monitor corruption risks. This study provides an analysis of the anticorruption plans of a sample of public sector organizations to explore the extent of implementation of corruption risk management guidelines issued by the national anti-corruption authority.

3
The remainder of the study is structured as follows. The next section contains an overview of the concepts of corruption risk management and stakeholder engagement, and is followed by a section on hypothesis development. The paper then sets out sample characteristics, methodology, data and findings, before a discussion, conclusions and implications for future research and practice.

Corruption risk management and stakeholder engagement
Corruption is broadly defined as a misuse of public office for private advantage (Lasthuizen et al. 2011;Rogow and Lasswell 1963;Rose-Ackerman 1978). There is a general consensus among scholars that it has multidimensional and detrimental effects including economic instability, social inequality, inefficiency and resource waste (Abed and Davoodi 2000;Del Monte and Papagni 2001;Lisciandra and Millemaci 2017;Rose-Ackerman and Palifka 2016).
A growing body of scholars (Graycar and Prenzler 2013;Graycar and Masters 2018;Tunley et al. 2018) have discussed how corruption prevention can be improved by identifying potential corruption risks for each function of an administration. They have viewed corruption as a 'risk to be systematically governed' (Hansen 2011). Seeing something as a risk is one of the primary ways in which a problem becomes visible and governable (Power 2007). This suggests that preventing corruption means managing corruption risk. This approach does not aim to eliminate or avoid risks altogether, but to achieve reasonable reduction of risks through a comprehensive understanding of the operating processes and circumstances that may allow corruption to happen. Corruption risk management systems should improve the efficiency and effectiveness of corruption prevention interventions, because they allow interventions to focus on the processes most exposed to risk and also facilitate the selection of prevention measures to fit the sources of risk events. Without an organized risk management system, an organization may implement corruption controls that result in an excess of measures that are not connected to the main areas of operations.
Previous studies have framed risk management as a decision-making process (Lu et al. 2012). We also know that the involvement of stakeholders 2 in decision-making helps to improve its quality by using information and solutions from various actors. It also reduces cost and delays in implementing decisions by limiting controversy, delays, or litigation (e.g. Edelenbos and Klijn 2005;Creighton 2005). It follows that stakeholder engagement is important in risk management decision-making. We therefore wondered whether stakeholder engagement could prompt the public sector to manage corruption risk.

3
Does stakeholder engagement affect corruption risk… International organizations and national anti-corruption bodies have often suggested this. For instance, in its Integrity Review of Italy, the OECD (2013: 113) emphasized the involvement of internal and external stakeholders which, "where practicable, is a key step towards securing their input into the process and giving them ownership of the outputs of risk management. It is also important to understand stakeholders' concerns about risk and risk management, so that their involvement can be planned and their views taken into account in determining risk criteria". No academic studies were found that focused specifically on stakeholder involvement in 'corruption' risk management, although public sector scholars have investigated this issue in other areas of decision-making. The engagement of stakeholders in public decisions is typically seen as a mechanism of public governance that reshapes the traditional paradigms-mainly based on hierarchical processesthrough which public policies are conceived.
Over the past few decades, collaborative governance has been used in public organizations as an alternative to the adversarialism of interest group pluralism and the accountability failings of managerialism, following the previous failures of downstream implementation and the high cost and politicization of regulation (Ansell and Gash 2008). For the bulk of the public sector research (Frederickson 1991;Kettl 2015), stakeholder involvement in public policymaking is therefore one of the new collaborative governance archetypes for governing in democratic systems. From an accountability perspective (Gray et al. 1997), stakeholder involvement contributes to making traditional institutions and governance systems more transparent and closer to stakeholders' expectations. The process of dialogue between public organizations and their stakeholders gives rise to relationships of mutual learning that would facilitate the convergence of actions and trust among the actors involved, laying the groundwork for legitimization (Ansell and Gash 2008;Roberts 2002). From a participatory democracy standpoint (Fung 2009;Vigoda 2002), this involvement is also a way in which public organizations and stakeholders can co-operate to set up sustainable public policies. Values such as inclusivity, equality of standing, and power between the actors involved make stakeholders feel responsible for policy decisions and enable the development of more successful public policies (Ansell and Gash 2008;Emerson et al. 2012;Fung 2009).
Stakeholder engagement in policy implementation also has roots in management practices. Research on management notes that a different style of public management is needed in public agencies that engage stakeholders in a collective decisionmaking process that is consensus-oriented and deliberative, and that aims to make or implement public policy or manage public programs. This new style emphasizes participation, enablement, transparency and accountability rather than hierarchy and control (Kapucu et al. 2009).
In the field of risk management research, proponents of the inclusive governance approach assume that risk management is a complex decision-making process that requires knowledge and legitimacy (Renn 1999;Renn and Schweizer 2009;Webler 1999;Webler and Tuler 2018). Inclusive governance is based on the assumption that all stakeholders have something to offer to the risk management process, and that reciprocal communication, assessments and evaluations facilitate implementation rather than compromising decision-making and compliance with legal requirements (Renn and Schweizer 2009;Webler 1999). Stakeholder engagement is therefore a key mechanism for the complex decision-making processes involved in risk management. These processes need inputs (knowledge and values) that are not held by any single actor. The involvement of stakeholders could avoid missing important information and views, and ensure that different types of knowledge are included. Stakeholder engagement is therefore a mechanism through which all the problem-relevant knowledge and values are incorporated into the decision-making process, enhancing the effectiveness and legitimacy of risk management.
The management of corruption risks is a particular form of risk management, so it is reasonable to hypothesize that stakeholder engagement can play an important role in it. But how does stakeholder engagement affect the implementation of corruption risk management in public organizations? And which categories of stakeholders should be involved? To provide a comprehensive explanation of the stakeholders' contribution, we used the citizenship perspective proposed by Crane and colleagues (2004). They argued that stakeholders "are citizens, or that they represent citizens' interests" (Crane et al. 2004:110). Thinking about stakeholders as 'citizens' means seeing them as individuals with social, civil, and political rights that citizens might expect to have respected and protected, over and above their stakeholders' rights. However, it is also important to understand which stakeholders should be involved. Creighton (2005) noted that the qualification of an actor as a stakeholder is a relative concept that depends on the context and the specific objective.
Within the field of anti-corruption and in the Italian public sector (the focus of this study), public organizations are largely responsible for corruption risk management. Different types of organizations (for example, a local health organization or a public university) have different stakeholders, but some reviews by the national anticorruption authority show that three categories have usually been involved (ANAC 2015, 2018): -Employees, -Governing bodies, -Organizations that represent specific groups such as users, professionals, and businesses.
These three types of stakeholders make different contributions to the corruption risk management process. Using the categories proposed by Renn and Schweizer (2009), we can describe the possible contributions of different stakeholders to the knowledge (about risks, their causes and their impacts) and values (criteria to assess the risk treatment measures and attitude towards risk) required by the corruption risk management process.
Employees may provide knowledge about the internal context. They are familiar with the organization's operational processes and other internal issues. Their knowledge is essential to correctly identify, analyse, evaluate and treat corruption risks related to operational processes. They may also contribute on values, providing the criteria for assessing the feasibility and cost of prevention measures.
Governing bodies (the structure and form of which will vary between types of organization) can provide an essential contribution in what Renn and Schweizer 1 3 Does stakeholder engagement affect corruption risk… (2009) described as 'values'. They may intervene in assessing the desirability and feasibility of possible risk treatment measures as well as in defining the level of risk tolerance.
Organizations that represent specific groups such as users, professionals, or businesses may contribute to knowledge as well as the values necessary to make effective, efficient, fair and sustainable decisions about corruption risks. For example, local health organizations may involve patient advocacy organizations to provide data and information to identify the operational processes with the greatest risk of corruption (for example, providing data on the main disruptions detected by civic audits conducted by these associations). They could also suggest specific prevention measures that would make sense to users. The participation of these organizations can also improve 'the variability of values', which is necessary to define the attitude toward risks at the heart of the corruption prevention strategy.

External stakeholder involvement
External stakeholders are usually very interested in corruption risks. Around the world, citizens, users, professional and business organizations have become increasingly interested in the management of corruption risks (Hansen 2011). This can be easily understood by considering the significant negative effects of corruption on the economy and society.
External stakeholders, and especially users/citizens associations and professional/ business unions, can contribute to several stages of the risk management process (establishing the context, risk identification, risk analysis, risk evaluation and risk treatment). They can report cases of maladministration, enhancing the probability of identifying, evaluating and monitoring corruption cases. They can contribute by sharing information and best practices to deflect corruption, and improve transparency and accountability in particular sectors.
Management theories such as institutional theory (Di Maggio and Powell 1983;Meyer and Rowan 1977;Scott 1987) and the resource-based view (Barney 1991;Kraatz and Zajac 2001;Newbert 2007) suggest that stakeholder engagement may have an effect on the risk management process. Institutional theory suggests that the involvement of external stakeholders in risk decision-making would give a voice to multiple perspectives, enabling public organizations to see institutionalized prescriptions on corruption risk management as a stimulus to implementing anticorruption programs (Ashworth et al. 2007;Oliver 1991;Dacin et al. 2002). The resourcebased view emphasizes the role of resources for organizations (Barney 1991). Social capital and knowledge may be particularly important. Through the involvement of external stakeholders, the organization can create and use specific knowledge and social capital, which can improve decision-making processes, and particularly the implementation of the risk management process.
The literature on collaborative governance (Chrislip and Larson 1994) also suggests that involving external stakeholders who will benefit or be harmed by the outcome of a certain public policy is a starting condition for successful collaborative arrangements. When stakeholders perceive that their involvement in decision-making has an impact on policy outcomes, they are given a stronger incentive to collaborate voluntarily (Futrell 2003). Leach et al. (2005) emphasized that if stakeholders feel that their engagement and participation have contributed to the final decision and actions, they are more likely to be satisfied with the outcome of their engagement. Laird (1993) argued that collaboration can improve stakeholders' capacity to understand and analyse issues. Using the theoretical lens of collaborative governance (Ansell and Gash 2008;Murdock et al. 2005), the dialogue and feedback arising from stakeholder involvement enriches the resources within public agencies, especially knowledge, competences and ideas. This stimulates public trust and shared understanding on how to contextualize and manage corruption. The inclusive governance theory (Renn 1999;Renn and Schweizer 2009;Webler 1999;Webler and Tuler 2018) suggests that involving external stakeholders can improve risk management implementation by increasing knowledge and legitimacy. We therefore hypothesized: Hypothesis 1 The involvement of external stakeholders is positively related to the extent of implementation of corruption risk management by public organizations.

Internal stakeholder involvement
The two main categories of internal stakeholders considered in this study were employees and governing bodies. As discussed in Sect. 2, both can play an important role in different phases of the risk management process.
Institutional theory suggests that isomorphic pressures lead organizations to conform with the institutional prescriptions of the environment in which they operate (Pick et al. 2012). Today, the implementation of corruption risk management systems is strongly encouraged by international institutions, strongly regulated at national level and often requested by anti-corruption bodies and civil society organizations (Hansen 2011). However, despite this, modern societies have seen a gradual decrease in confidence in politics and government (Dalton 2005). Governing bodies-which generally consist of political representatives in the public sector-are particularly sensitive to these institutional pressures. When the implementation of corruption risk management systems is a widespread expectation, governing bodies are more likely to be affected by institutional forces, such as guidance from anticorruption bodies, because they gain particularly strong advantages in reputational terms. Based on this theoretical approach, we would expect governing bodies to push for full compliance with the corruption risk management standards most accredited in the political environment. This obviously does not require the members of the governing body to be motivated by a desire to reduce corruption: it might be a mere opportunistic calculation or an unconscious reaction to institutional pressures.
Internal stakeholders hold significant resources for the implementation of corruption risk management. The resource-based view can therefore help us to better understand the possible effects of their involvement in that process. This approach has shifted the emphasis from external factors toward internal resources, and provided legitimacy for the claim that people and their competencies are strategically important (Prahalad and Hamel 1990). Competencies are 'collective learning' and involve multiple levels of 'people functions'. Employee involvement can be a mechanism for developing this collective learning, especially within processes like corruption risk management that are characterized by technical and ethical complexity. The involvement of employees can allow the implementation of the different phases of risk management through mobilization of their specific knowledge (e.g. on processes, or risks and their sources) and can also start a 'collective learning process' that increases the organization's implementation capabilities.
A proactive involvement of internal stakeholders in all stages of the anticorruption decision-making processes would prompt connections and interactions between the political and operational levels. Collaborative governance theories suggest that this will result in access to information, knowledge exchange, mutual understanding, reinforced relationships, and development of trust and a sense of belonging to the organization (Ansell and Gash 2008;Emerson et al. 2012). All these informal interpersonal norms of trust and reciprocity reinforce the structural and relational dimensions of the organization's social capital, guiding interactions among internal stakeholders and reinforcing confidence in the legitimacy and efficacy of collaborative dynamics. This helps to make internal stakeholders commit to successful organizational results and outcomes. We therefore hypothesized:

Hypothesis 2
The involvement of internal stakeholders is positively related to the extent of implementation of corruption risk management by public organizations.

Sample
The study aimed to examine the relationship between stakeholder engagement and the extent of implementation of corruption risk management systems. The empirical analysis used a sample of Italian public administrations. The sample was selected using stratified random sampling with the types of administrations as strata. The types of administrations considered were regions, health authorities, provinces, municipalities and their unions, public universities, and chambers of commerce. The sample size of each stratum was not proportionate to its population size (disproportionate stratification), because proportionate allocation would not have resulted in enough cases in some strata. Once we had selected a sample, we obtained the anticorruption plans for the period 2017-2019 3 by checking the websites of the 343 sampled administrations. Legislative Decree No. 33/2013 requires all public organizations to provide a section on "transparent administration" on their websites, which includes details of corruption risk management. This made it possible to use a uniform approach in analysing the extent of implementation of corruption risk management systems. Documents were found for all the sample administrations.

Data collection
The primary source of data was the websites of all the public organizations included in the sample. They provided all the information about the implementation of corruption risk management systems. To examine the extent of implementation and gather information on stakeholder involvement in the process of risk management, we carried out a content analysis of the anticorruption plans related to the period 2017-2019. In line with previous literature on content analysis, the number and the characteristics of the coders were considered to ensure the reliability of the data collection process. First, we used two coders and assessed inter-coder reliability. As suggested in literature, we developed a coding scheme to guide coders in the analysis of content, and discussed this with the two coders before they started work. The coders worked independently to make judgments about the same material (total overlapping). The few discrepancies in coding were re-analysed and the differences resolved by a subsequent discussion (Hackston and Milne 1996;Milne and Adler 1999;Neuendorf 2002;Potter and Levine-Donnerstein 1999). Krippendorff (1980) asserted that it is very important that coders are familiar with the phenomena under consideration and that the individuals who take part in the development of the coding scheme are not the same people who carry out the coding. Using the same people for both elements is common but questionable and unreliable. It is not possible to distinguish whether the data generated under these conditions are the products of the coding scheme or of the analysts' conceptual expertise, especially when the analysts have certain conclusions in mind. It is therefore advisable to use external coders, so we chose coders who were both expert in the field and external to the research group. The two external coders had previously operated as coders and conducted a research project on behalf of the Italian National Authority Against Corruption. However, they did not know the aim of our research project and were external to the research group. The data collection followed an iterative process in several steps: skimming (superficial examination), reading (in-depth examination), and interpretation and synthesis through coding (Bowen 2009). The documents, related to the period 2017-2019, were analysed during the period January-March 2018.
Data on organizational size (number of employees) were from 2016, and were collected using the Annual Census (Conto Annuale) published by the State General Accounting Department. Using this source instead of the websites of each administration enabled us to collect more reliable data and to reduce collecting time and costs.

3
Does stakeholder engagement affect corruption risk…

Dependent variable
Our dependent variable was the extent to which public organizations had implemented the corruption risk management guidelines from the Italian national anticorruption authority (extent-impl). To ensure a systematic approach to data collection and construction of the dependent variable, we applied a protocol. First, we followed an iterative process (skimming, reading, coding) that combined elements of content analysis and thematic analysis (Bowen 2009). The first phase was a first-pass document review, to identify meaningful and relevant text or other data. The second part involved a more focused and systematic review of the data and the coding of information.
To measure the extent of implementation of the corruption risk management guidelines, we created a composite index, with several indicators. We defined each indicator using the fundamental steps of the risk management process required by the ISO 31000 standard, adapted for use in Italy by the national anti-corruption authority (National Anticorruption Plan 2015). This enabled us to measure the degree to which each public organization had implemented the articulated and complex process of risk management suggested by the reference guidelines.
The following components of the corruption risk management process were measured: 1 External context: we considered factors related to the environment, influences and relationships between internal and external stakeholders. We also considered the existence of a link between known information and the risk of corruption. 2 Internal context: whether the plan identified areas that are particularly exposed to the risk of corruption, because of their nature or peculiarities. The National Anticorruption Plan indicated four general areas and suggested identifying other specific areas based on the nature and activities of the administration. We considered both general and specific areas. 3 Process mapping: we assessed whether operating processes had been identified, described and reported with a clear identification of the process owners, organizational responsibility, phases of activity and resources. 4 Risk analysis: the covered the identification of all events and causes that can generate corruption within processes and phases, and the relationship between them. 5 Anticorruption measures: the anticorruption plan is expected to identify all the measures that can be used to prevent corruption. We evaluated the situation before the inclusion of general and specific measures and then how prevention measures had been planned. Following the guidelines of the National Anticorruption Plan, each measure was evaluated to see whether the time period, supervisors, monitoring indicators and expected values had been identified.
1 3 6 Monitoring system: the anticorruption plan and all the anticorruption measures included in it should be controlled periodically. Each plan should report modalities, intervals, supervisors and the results of the monitoring. 7 Coordination with performance management: we considered the level of coordination and integration between the performance plan and the anticorruption plan. Coordination supports the efficacy of anticorruption efforts.
We then considered the operationalization of the indicators, and the attribution of a score to each indicator. We set up a coding scheme in the form of a scorecard using a series of dichotomous descriptors. The dichotomous nature of these descriptors enabled us to decrease the subjectivity of the researchers in collecting and codifying data. Every descriptor was chosen to assess a different degree of the study elements. The whole measurement system drew on the principles of ISO 31000 and the National Anticorruption Plan 2015. Finally, we assigned a different weight to each descriptor. This meant that greater implementation of the guidelines on corruption risk management would result in a higher score for the indicator. More details about the scoring systems are provided in the Appendix.
The last step was to calculate the composite index representing the extent of implementation of the corruption risk management guidelines by each organization. The score for the different indicators was calculated using different scales, so a normalization process of the scores was required (through the minimum-maximum method). After the normalization process, all the indicators assumed a score of between 0 and 1. The composite index was computed as the average of the normalized scores of the ten simple indicators.

Independent variables
The independent variables were about stakeholder engagement. The concept of stakeholders has been variously defined in the literature (Freeman 1984;Creighton 2005). All those definitions share broadness and high inclusivity. Stakeholder engagement can also be considered a multidimensional variable so it is worth operating some distinctions among stakeholders, to better study the phenomenon. Like previous studies, we made a broad distinction between internal and external stakeholders (Freeman 1984;Jones 1995). The first category included the actors operating within the organization, such as employees and governing body. The second category included external actors such as citizens or organizations representing collective interests, for example entrepreneur organizations and trade unions.
These two broad groups of stakeholders can affect organizational decision making in different ways: • Involvement of internal stakeholders (internal_inv). We considered both employees and the governing body. These stakeholders have different power to influence organization decision making, so we decided to consider them separately. Previous literature on stakeholder analysis had classified stakeholders by their level of interest in the organization's activities and power to influence the organization's strategic intent, decision-making or performance (Freeman 1984;Eden and Ackermann 1998). Drawing on Crane et al. (2004), we assumed that the relationship between organization and stakeholder is modelled by citizenship thinking. Stakeholders are therefore either citizens or represent their interests. This approach led us to classify internal stakeholders by considering their power in influencing organizational decision-making. Employees have less power than administrative and political bodies in influencing strategic intent, decision-making or performance. Some studies have suggested that the number of stakeholders involved also matters in evaluating stakeholder engagement, especially when they have the same interest (Greco et al. 2015). Increasing the number of stakeholders increases the institutional pressures. We therefore decided to measure involvement of internal stakeholders in corruption risk management using an ordinal variable with values ranging between 0 and 3, where 0 indicated the absence of involvement, 1 the involvement of employees, 2 the involvement of the political and administrative body, and 3 if both employees and the political and administrative body were involved in the process. • Involvement of external stakeholders (external_inv). Some scholars have considered different levels of external stakeholder involvement. Sanoff (2000), drawing on Deshler and Sock (1985), distinguished between pseudo-participation, which involves informing, manipulation and consultation, and genuine participation, which happens when stakeholders are involved in decision-making. Wang (2001) measured three dimensions: the use of participation mechanisms, involvement in service or management functions, and involvement in administrative decision-making. Leach et al. (2005) distinguished participation process and participation outcomes. Yang and Callahan (2007) considered the use of participation mechanisms and citizen input in strategic decision-making. This distinction was made because a lot of organizations adopt forms of stakeholder involvement, but the outcomes of participation are rarely used to improve decision-making and involvement is therefore largely a token gesture (Yang and Callahan 2007;Greco et al. 2015). We distinguished between the absence of external stakeholders' involvement, the presence of an involvement process, and whether the involvement outcome results in changes in decision-making about corruption risk management. We decided not to distinguish external stakeholders by the power they can exercise on the organization. Our sample was composed of different types of administration (regions, health authorities, provinces, municipalities and their unions, public universities, and chambers of commerce), which have different kind of stakeholders. The power that stakeholders can exercise also varies between organizations and not only by the type of organization. We therefore considered both involvement process and outcome. Corruption can be managed successfully by providing external stakeholders with the opportunity to participate in policy formulation and decision-making, regardless of the kind of stakeholders involved (Campos and Pradhan 2007). We therefore decided to measure involvement of external stakeholders in corruption risk management using an ordinal variable with values ranging from 0 to 2, where 0 indicated the absence of involvement, 1 that external stakeholders were involved in the process but their involvement did not modify the Anticorruption Plan, and 2 if exter-nal stakeholders were involved and their participation resulted in changes to the administrations' corruption risk management and Anticorruption Plan.
The source of information about the independent variables was once again the Anticorruption Plan of each administration. Most previous studies have collected data about stakeholders' involvement through surveys (see, for example , Wang 2001;Yang and Callahan 2007). This method, as Yang and Callahan themselves recognized, could be a limitation because it relies on managerial perceptions and is therefore subject to response bias. They called for more objective measures of stakeholder involvement. A documentary analysis of anticorruption plans offers a less subjective method to investigate stakeholder involvement in anticorruption risk management. When stakeholder participation is used, this will be documented in the anticorruption plan, which will report comments or suggestions received. Broadly speaking, suggestions from stakeholders are mainly about environmental specificities that are considered risk factors or proposals to improve risk management. Anticorruption plans also report whether comments or suggestions received from stakeholders have been considered in writing the program, with reasons for this decision.

Control variables
The following control variables were used: -Geographical location (north_it, centr_it, south_it): we included three dummy variables for geographical location in Northern, Central and Southern Italy. -Experience in the development of anticorruption plans (experience): we checked for the presence of these programs on the websites of the sampled administrations. We computed a summative variable considering the documents for the years: 2013-2015, 2014-2016, 2015-2017 and 2016-2018. The variable assumed a value between 0 and 4. -Organization size (size): this was assessed as the total number of employees. -Category of public administration (health_aut, local_aut, functional_aut): we included three dummy variables that indicate three different kind of public administrations: health service authorities; local and regional authorities; functional autonomies.

Data analysis
To test the hypotheses, we carried out a multivariate analysis using an ordinary least squares (OLS) regression model. This enabled us to understand the effects of stakeholder engagement (independent variables) on the extent of implementation of the corruption risk management process (dependent variable), keeping the other variables under control.
The results of Pearson's correlation analysis are shown in Table 1. Table 2 shows the results of the OLS regression analysis. This regression model included the dependent variable (extent-impl), the two independent variables that consider the involvement of external stakeholders (external_inv) and internal stakeholders (internal_inv) separately, and all the control variables. The results of the OLS regression show that our model fits the data quite well (the F value was significant at the 0.001 level).
The absence of any severe multicollinearity amongst the independent variables was confirmed by examining the variance inflation factor, which had a mean value of 1.51 and maximum value of 2.17. Breusch-Pagan testing showed that the variance of errors was constant for each value of the independent variable (p-value = 0.53). All this meant that the assumptions in the OLS model were respected.
The regression model showed that there was a positive and statistically significant (p < 0.01) relationship between the dependent variable and the two independent variables (external_inv and internal_inv). This suggests that higher levels of external or internal involvement are associated with a greater degree of implementation of the corruption risk management process by public organizations. This supports both our hypotheses (H1, H2).
There were several significant results on control variables. Experience in the development of anticorruption plans seemed to have a positive and significant impact on the extent of implementation of the corruption risk management process. Size showed a significant relationship with the dependent variable. The territorial context (geographical location) was also quite relevant, as was the type of organization (the extent of implementation of the corruption risk management process of local and regional authorities showed lower compliance than the other categories).
To test the robustness of our results, we ran the model without the control variables. The relationships between the dependent and independent variables were still significant. These models were not included in the article, for reasons of brevity.

Discussion
Our findings confirm that the involvement of both internal and external stakeholders is positively related to the extent of implementation of corruption risk management by public sector organizations. These results can be explained using different theoretical perspectives.
First, we think that institutional theory explains why the involvement of an internal actor such as the governing body is related to extent of implementation of corruption risk management by public organizations. The implementation of corruption risk management systems is required by anti-corruption bodies and civil society organizations, which shape the institutional and political context for the political representatives in the governing bodies. These representatives are therefore particularly sensitive to these institutional pressures. They therefore encourage full compliance with the corruption risk management standards most commonly accredited in their institutional environment (in our study, the guidelines of the national anticorruption authority), to improve their reputation and gain political advantages. This does not necessarily mean that they are motivated by the desire to reduce corruption, however, because their behaviour can be the result of opportunistic motivation or a simple reaction to institutional pressures. The resource-based view provides a convincing explanation of why the involvement of employees is related to the extent of implementation of corruption risk management. Employees hold fundamental resources for the implementation of the corruption risk management process, and possess relevant competencies for its different phases. Employee involvement is probably a mechanism for distributing and developing these skills. The involvement of employees can improve the implementation of risk management through the mobilization of specific knowledge (e.g. on processes, risks and their sources). By involving groups of employees (for example through internal meetings or training activities), it is also possible to activate a 'collective learning process' that improve implementation capabilities.
Public governance theories (collaborative governance and inclusive governance) help to explain our results on external stakeholder involvement. These stakeholders are interested in how public sector organizations prevent integrity violations because corruption affects their lives and communities. Verdenicci and Hough (2015) noted that corruption is a collective action problem. To tackle it, high social capital and social trust are necessary. In line with collaborative governance research (Chrislip and Larson 1994;Kapucu et al. 2009;Kraatz and Zajac 2001;Newbert 2007;Page 2010), our result suggests that the involvement of external stakeholders (especially users/citizens associations and professional/businesses unions) in risk management processes can contribute to several stages of the risk management process (establishing the context, risk identification, risk analysis, risk evaluation and risk treatment). The dialogue and feedback arising from this involvement may enhance public trust, allowing a shared understanding of how better to contextualize and manage the problem of corruption. Involving external stakeholders can also improve risk management implementation because it helps to develop knowledge and legitimacy (Renn 1999;Renn and Schweizer 2009;Webler 1999;Webler and Tuler 2018). We found that organizational experience in anticorruption had a positive effect on the extent of implementation of corruption risk management. In line with the resource-based view (Newbert 2007), this may be because this experience enables public officials, and in turn public organizations, to better deal with corruption risk management processes. Organizational size was also significantly and positively related to anticorruption implementation. Institutional theory suggests that larger organizations comply with anticorruption regulations better than smaller ones, because larger organizations are under greater scrutiny and more careful to manage their reputation and legitimacy (D'onza et al. 2017).

Conclusions
The study investigated a neglected aspect of public corruption prevention, looking at the implementation of the corruption risk management process by public sector organizations. It discussed if and how the implementation of corruption risk management is affected by the engagement of stakeholders. Public sector organizations all have a unique corruption risk profile, so the implementation of a risk management process is not an easy task.
Using an empirical analysis, we found that the involvement of internal and external stakeholders in the anticorruption decision-making process contributes to the extent of implementation of corruption risk management. In the previous section we discussed how both traditional management and public sector theories can explain our results. The impact of internal stakeholders can be best explained using an organizational perspective, but the influence of external stakeholders is better understood in a collaborative governance framework. These perspectives are very different in their nature and structure, but they share the idea that stakeholder engagement is relevant in shaping the decision-making process. The study therefore benefits significantly from the reconceptualization of the implementation of corruption risk management as a decision-making process. Previous studies have suggested that stakeholders have the chance to influence the decisionmaking process, and our analysis shows that corruption risk management is one of the fields where this happens. Different types of stakeholders can make different contributions to the corruption risk management process. However, their involvement generally improves the quality of decision-making, making it possible to use information and solutions from various actors, and to reduce cost and delay in implementing decisions by limiting controversy, delays, or litigation (Edelenbos and Klijn 2005;Creighton 2005).
On a practical level, the study encourages public sector organizations to transform their current governance system and decision-making mechanisms (traditionally based on hierarchical mechanisms) into participatory processes. This will change adversarial relationships among stakeholders into more cooperative ones, and enable corruption risk management processes that are inclusive, shared, sustainable and empowered. In particular, organizations should empower all stakeholders to be aware of the current anticorruption choices and procedures, giving them the opportunity to advance their own point of view on an equal footing with other participants.
On a theoretical level, our study has exposed some clear gaps in the existing research and enabled us to make suggestions for further research. Future research on corruption prevention could address the issue of stakeholder involvement in other ways. For instance, it might test the effect of stakeholders' level of commitment to collaboration on the success or failure of particular organizational anticorruption outcomes. Future scholars could also adopt a contingency approach (Ansell and Gash 2008;Emerson et al. 2012) to empirically investigate what type of contingency conditions (for example, incentives to participate or institutional design) might explain the relationship between stakeholder engagement and anticorruption efforts.
The study also had some limitations that could provide avenues for future research. First, the analysis considered the anticorruption plans for a limited period of time (one edition). Our investigation of stakeholder engagement was therefore cross-sectional and not longitudinal. It will be important to carry out some longitudinal analysis in future research. Second, our research adopts a 'quantitative' approach. This had several advantages, but did not allow us to analyse the 'qualitative' aspects of the implementation of the corruption risk management process and stakeholder involvement (especially in the measurement of variables). It would be interesting to vary the research method to capture some qualitative aspects that this study could not address. Other methods of data collection, such as interviews with public managers and/or risk officials, and other research approaches, such as network analysis, could help in studying this issue in more depth.
The analysis of the external context has been realised using socio-environmental data. There is no evidence about the risk of corruption 2 The analysis of external context has been realised in a general manner 1 Internal context There is a risk area called "Hiring and training employees" There is a risk area called "Measures that increase the legal scope without direct or immediate economic effects" 1 There is a risk area called "Measures that increase the legal scope with direct or immediate economic effects" 1 There is a risk area called "Public contracts" 1 There is a risk area called "Roles and positions" 1 There is a risk area called "Asset, profits and loss management" 1 There is a risk area called "Controls, checks, inspections and penalties" 1 There is a risk area called "Legal affairs" 1 There are other specific risk areas 1 Process mapping For each process, phases and/or activities and supervisors can be identified For each process, both phases and/or activities, but not supervisors, can be identified 2 For each process only the supervisors, but not phases and/or activities, can be identified 2 Phases and/or activities and/or supervisors have been partially identified (less than 50% of processes) 1 Phases and/or activities and/or supervisors have been partially identified (more than 50% of processes) 1 1 3 Does stakeholder engagement affect corruption risk…    Coordination with performance management The plan defines the same operational and strategic goals for anticorruption prevention as the performance plan 2 The plan defines the broad need to coordinate with the performance plan 1 a All the descriptors are dichotomous and assume the value '1' if the characteristic is indicated in the plan, and '0' otherwise