Introduction

Risk management became an essential mission for project management. Effective corruption risk management in the Iraqi construction sector will result in improved project planning, execution, and performance, as well as fewer execution issues, deviations, and claims. In Iraq, the majority of projects are experiencing high deviations in time, costs, and quality, resulting in the waste of public money through the misuse of public offices or authorities granted in private or public jobs, for achieving personal benefits at the expense of surrounding communities, and the negative consequences that damage the entity and economy of the nation. Through conducting personal interviews with some auditors and decision-makers on Iraqi construction projects, it is concluded that most projects in Iraq suffer deterioration because there is no effective monitoring by the relevant government agencies in ministries which are responsible for managing these projects. It concluded that there is not any efficient procedure in Iraq to control the corruption risk. In addition, the government establishments of risk management in Iraq lack modern technologies and scientific bases on which the project managers and engineers must depend in making the important decisions concerned with which project that must be audited, monitored firstly according to instructions and regulations. In this study, review the previous studies and reports of (FBSA) in construction industry Iraq, then evaluating the likelihood and impact of their occurrences for ensuring that the approach delivers correct ratings for the most serious risks. Then, it formulates a methodology supporting tool that gathers historical data on corruption risk in construction projects in Iraq and rephrases this data in a way that can be presented to experts to support their corruption risk management (especially risk response) decisions that include avoiding and mitigating strategies. The proposed Bow-tie XP software will be oriented to suit the employer (Ministry) corruption risk management needs. This work can be implemented in life cycle of the project based on the ISO 31000 risk management standard and the ISO 31000 Bow-tie risk management assessment from the International Organization for Standardization (ISO).

Literature review

It is difficult to identify corruption due to the fact that, in the majority of cases, it happens covertly and without the.

knowledge of records and the public eye. There is high difficulty in preventing or uncovering corruption, especially individuals who don’t have the required abilities, thorough project involvement, and access to related documents. Furthermore, the construction industry is one of the most risk-prone industries due to the difficulty of.

their activities as well as the dynamic project environment, which creates a risk atmosphere that must be considered in the risk decision process [1]. Many definitions indicate that construction projects are affected by the risk. Thus, many terms are used to compute the effects: property damages; financial loss; injuries to individuals, and even a combination of all of them [2]. The process of analysis and risk management is one of the effective and productive methods that are used in managing the construction projects for the purpose of increasing the chances of ending the project successfully in terms of cost, time, and quality and at the lowest possible problems [3].

“Risk” and “Corruption” are naturally-associated concepts. Yet, the disciplines related to anti-corruption and risk management are farther apart than what is already considered. There is a lack of risk management literature which addresses the corruption risks. For example, the 2014 World Development Report offered significant information on development risks yet not on corruption risks specifically [4]. Because there is a moral dimension to corruption and significant reputational concerns for the organization, corruption risks are frequently managed differently than other risks in development aid. A modest fraud instance in a project run by an aid agency may cause a big reputational risk for the organization, but the damage to the average citizen in a developing nation where grand corruption is common may be insignificant. In other words, depending on one’s perspective, perceptions of and tolerance for corruption risk can change. The assistance community currently lacks a systematic method for determining the appropriate level of risk mitigation investment for various types and magnitudes of corruption in various situations. However, more nuanced perspectives are emerging on the costs of corruption to persons and their surroundings, the importance of corruption control, and what works and why in reducing corruption [5].

Risk management does not aim to avoid or eliminate risks; rather, it takes a determined method to identify and identifying, and effectively managing key risks. Corruption risks are a broad category of risk, just as corruption is a broad concept that encompasses a wide range of behaviors. Corruption’s definition as “the abuse of entrusted power for private gain” isn’t always easy to operationalize and may not be shared by local counterparts. For example, patronage and “quiet corruption”—the failure of a public official to do their job and provide public services—are rarely specified in national legislation and may not be identified as corruption by citizens [6]. Once corruption’s broad concept is understood, concrete corruption risks that need to be addressed can be identified. For example, absenteeism is a more accurate term compared to quiet corruption, and it more clearly identifies the problematic behavior which must be tackled [7]. [8] stated that the main reasons for the corrupt activities were due to governmental officials, contractors, or clients [9]. stated that the cause of corruption risk in the operation and maintenance stage was fewer construction criteria, which has resulted in the creation of the necessity for expensive maintenance and repair. The first is the proactive measure taken by construction companies to prevent fraud; the second is the major types of fraud experienced by construction companies; and the third is the reaction of construction companies after being subjected to internal fraud incidents. The survey reached a total of 89 respondents as well as recommendations for preventing internal fraud and corruption problems have been developed. The efficient approaches to prevent corruption and fraud in the Turkish construction industry are: conducting efficient periodic fraud risk assessment and internal controls, establishing an effective governance structure, external and internal audits, employees’ training, creating a whistle-blower hotline [10].

Corruption risks occur over the project cycle’s phases, and various tools are going to be effective in identifying, assessing, and mitigating such risks. [11] issued an anti-corruption guide providing online, free information, advice, and tools that have been designed to help individuals as well as organizations in both private and public sectors in understanding, preventing, and dealing with corruption. [12] created an Artificial Neural Network (ANN) model for the purpose of assessing the collision risks in construction projects in China. Also, the model has been utilized in real-life projects, and the evaluated results have been adequate for its users. The study created a comprehensive framework related to collusive practices in construction projects in China, which includes a total of 20 specific collusive practices associated with all the contracting parties. Such collusive practices have been categorized into 4 groups, which are contractor-related collusive practices in bidding, client-related collusive practices in bidding, supplier-related collusive practices, and contractor-related collusive practices in project construction. [13] presented a comprehensive review regarding the corruption causes from the chosen articles in the identified construction management journals for the purpose of addressing the indicated gaps. Overall, 44 corruption causes have been identified from 37 publications as well as analyzed with regard to current casual corruption factors, annual publication trends, and the thematic categorizations related to the recognized variables. In addition, the major known causes have been over close relations, bad professional ethical standards, poor working, and industrial conditions, inadequate sanctions, and poor role models.

[13] played an active role in joining worldwide efforts to combat corruption through the support of international anti-corruption initiatives, recommending to implement integrity management, promoting high ethical standards, and cooperating with the agencies that investigate the cases of corruption. This research presents the corruption risk in the initial receipt and maintenance & final receipt stage by application of Bow-tie methodology.

Some insights into the problem are provided via Bow-tie analysis. The consequences and causes associated with risk event are represented by a Bow-tie graphical representation [14]. It consists of an event tree on the right and a fault tree on the left, and it is centered on the risk event [15]. In addition, barrier thinking is applied to events and fault trees. From this perspective, the bow-tie might be utilized for analyzing protective and preventive barriers in order to lessen the severity regarding risk event’s consequences [16]. As a result, the Bow-tie might be thought of as a reactive and proactive tool which works its way through risks and its management in a systematic manner. The Bow-tie is widely used in presented works to qualitatively communicate and quantitatively evaluate risks, with fairly few papers focusing on the risk response within the Bow-tie framework.

The presented study attempts to select corrective and preventive techniques for mitigating corruption risks from the corrective and preventive viewpoints. First, in this approach, a diagram of Bow-tie is developed on the basis of the detection of consequences and risk factors (causes) associated with critical risks. Second, the probability related to losses (impacts) and risk factors of consequences are assessed in crisp values and linguistic terms, respectively. Experts or PMs are evaluating the occurrence probabilities regarding risk factors in linguistic terms. Since the assessment is one of the complicated tasks shrouded in vagueness and uncertainty, in practice, managers and experts find it easier to indicate the risk probability in qualitative linguistic terms [17]. In the majority of projects, the losses once the risks happen are specified as economic losses which involve not just the damaged property value, yet also expenses for maintenance or repair. Therefore, crisp values are utilized for describing the consequences of losses. Many studies focusing on selecting mitigation plans based on bow-tie analysis are related to our work [16] [18] [19].

More significantly, mitigating and preventive measures are associated with procedures, tasks, responsible individuals, and competencies. This shows the essential connections between the risk controls (human intervention or hardware) and the management system to assure their continuing efficiency. It depends on Risktec’s unparalleled experience in using the method of Bow-tie and it is intended to be of high importance to those who are experienced users, also users new to the approach. In addition, it summarizes the bow-tie method’s history, giving a summarization regarding the way to apply it and thoroughly describing its benefits and practical uses and possible guidelines and pitfalls for success [20]. [19] suggested a multi-objective method for implementing safety barriers on the basis of 3 phases, including parameter learning, simulation, and selection. [16] suggested a Bayesian method for constructing Bow-tie diagrams dynamically and protective and preventive barriers might be selected via AHP.

The corruption risk management provided in this research and the developed framework of the Bow-tie model are essential, in the creation of anti-corruption policies, institutions, legislators, and industry experts rely on these policies. It also forms part of the most critical information required by academic and industrial researchers to spur additional research and the creation and introduction of effective anti-corruption strategies to help combat corruption in the near term.

Research objectives

The objectives of the research can be summarized by the following points:

  • 1. Facilitating the fundamental concepts of corruption risk at the operation and maintenance stage and its management, monitoring, and control for related parties in the construction industry.

  • 2. Detecting the main corruption risk that affects the functioning and completion of construction projects.

  • 3. Developing prioritization techniques to assess corruption risk by calculating the likelihood and impact of its occurrence would help to highlight the high level of corruption risk.

  • 4. Construct a scientific method tool that collects historical data on corruption risk in Iraqi construction projects and repackages it in a way that can be presented to experts to help them make decisions about how to manage corruption risk. The suggested Bow-tie XP software will be tailored to the demands of the employer in terms of managing corruption risk.

Research methodology

Based on ISO 31000 (2018) Risk Management Standard [21] was used to assess the corruption risk at the operation and maintenance stage, and establish corrective and preventive strategies for corruption risk responses, based upon Bow-tie analysis. The methodology will be presented in detail below as shown in Fig. 1.

Fig.1
figure 1

Framework of the research methodology based on ISO 31000

Full size image

Corruption risk at the operation and maintenance stage

This stage involves actions of inspection and routine repair works to extend the structure’s life. In some cases, the same contractors who have built a project will operate and maintain it as well. Therefore, a bribe that has been given to win the contract for the construction can cover the maintenance and operation as well. In other cases, separate bribes could be given for covering the phase of operation and maintenance stage.

For the purpose of obtaining a sufficient amount of information concerning the prevailing causes of corruption in the Iraqi construction projects at this stage, reports of (FBSA) in the construction projects were reviewed carefully, personal interviews were conducted with Iraqi senior engineers for managing the corruption risk at the operation and maintenance stage in the construction projects in Iraq.

Qualitative analysis

The qualitative risk analyses assess the possibility and consequences [i.e. impacts] of every one of the identified risks for the determination of its general significance. Utilizing those tools is helpful in correcting the biases usually presented in the plan of a project. In particular, objective and careful definitions of various probability and consequence levels can be considered as keys to result credibility. A [P × I] matrix is established for combining every risk’s probability and consequence. Those matrices are responsible for establishing whether a risk that has a specific combination of the probability and consequence is of low, moderate, or high priority of that objective, according to the probability and impact combinations as established by the project management as well as other stakeholders as can be seen from Fig. 2. In the heat map of Fig. 2. The resulting high risks are colored red, the moderate risks yellow, and the low risks green. In the Perform Qualitative Risk Analysis procedure, probability and effect scales are applied. Based on the risk score, the whole list of dangers can be sorted or prioritized. This analysis allows for a qualitative explanation of each risk’s likelihood and implications. Management may start by addressing the risks at these extremes, concentrating their efforts on the regions that will give the most value.

Fig. 2
figure 2

Impact and probability matrix [22]

Full size image

Corruption survey

As an approach to systematic data collection, questionnaire survey method for collecting professional views. This questionnaire has been divided into 2 basic parts. Part I is associated with the general data for the respondents, whereas Part II includes a list of identified causes of corruption in construction projects. The questionnaire has been performed to obtain perception-based data of corruption measurement items from 2 points of view, (a) probability (in other words, the likelihood of the occurrence of every one of the measurement items), (b) severity (in other words, the effect of the consequences of every one of the measurement items), utilizing a 5-point scale of rating [(5) very high, (4) high, (3) moderate, (2) low, and (1) very low]. A 1–5 Likert scale has been utilized in this questionnaire and has been adopted for assigning linguistic variables. This scale is a psychometric response scale questionnaire type and it is the most commonly utilized scale in the survey. In the case of responding to an item of the Likert questionnaire, the respondents specify the levels of the agreement to the statement.

Risk probability

For each of the risk occurrences, the probability must be set at a single value which is representing the best team judgment from the provided available data. In addition, the team must not be considering the effect while assessing the probability. The probability values and terms utilized in a 5-point scale to suit the likelihood of getting the risk can be seen in Table 1. Other classifications can be used according to what suits a project.

Table 1 Classification of the Probability of Risk [23]
Full size table
Risk impact

The risk impact is measuring the consequences on the project when a risk occurs. A scale that is comparable to one of risk probabilities should be set up with regard to risk impact as shown in Table 2.

Table 2 Classification of the Impact of Risk [24]
Full size table

The (probability-impact) matrix method or qualitative assessment, it is believed, provides a clear picture of the impact of each risk because it is based on the evaluation of the two factors of likelihood and impact, and it has been used by the researcher in the qualitative risk analysis process.

Responders characteristics summery

The characteristics of the respondents presented in Table 3 reveals that 27% of respondents are 8–14 years, 50% of respondents are 15–18 years, 10% of respondents are above 20–22 years, and 13% of the respondents are 36–40 years of experience.

Table 3 Years of experience of the respondents
Full size table

While Table 4 shows the level of education that 60 % of respondents are B.Sc., 3 % of respondents are Diploma, 23 % of respondents are M.Sc., 7% of respondents are PhD. and 7% of the respondents are CPA.

Table 4 Level of education of the respondents
Full size table

The results in Table 5 show the education specialization that 50% of respondents are civil engineering, 13.3% of respondents are mechanical engineering, 6.67% of respondents are electrical engineering, 3.33% of the respondents are architecture engineering, 16.67% of the respondents are law, 6.67% of the respondents are control and auditing and 3.33% of the respondents are accounting.

Table 5 Education specialization of the respondents
Full size table

The results in Table 6 show the factional rank that 23% of respondents are asst. Chief Engineer, 27% of respondents are chief senior engineer, 7% of respondents are chief Engineer, 7% of the respondents are legal Adviser, 3% of the respondents are senior financial sergeant, 17% of the respondents are senior engineer, 3% of the respondents are assist. legal adviser, 3% of the respondents are financial sergeant, 7% of the respondents are legal and 3% of the respondents assist legal adviser.

Table 6 Factional rank of the respondents
Full size table

The results in Table 7 show the cost of project managed/auditing that 7% of respondents are (11–50 million $), 43% of respondents are (50–150 million $) and 50% of respondents are (more than 150 million $).

Table7 The cost of project managed/auditing
Full size table

Analysis of the corruption survey results

The computer program (SPSS) will be used to process the data, to apply the following equations; the respondents’ answers will be used to compute the likelihood and effect ratio for each type of risk:

$${\text{Risk probability rate}} = \frac{{{\text{Total}} \left( {{\text{probability}} {\text{of}} {\text{risk}} {\text{occurring}} * {\text{weight}} {\text{value}}} \right)}}{{{\text{The}} {\text{number}} {\text{of respondents}}}}$$
(1)
$${\text{Risk}} {\text{impact}} {\text{rate}} = \frac{{{\text{Total}} \left( {{\text{impact}} {\text{of}} {\text{risk}} {\text{occurring}} * {\text{weight}} {\text{value}}} \right)}}{{{\text{The}} {\text{number of respondents}}}}$$
(2)

whereas:

Probability and impact of the occurrence of the risk = Standard values for each of respondents

$${\text{Risk}} {\text{Score}} = {\text{Risk}} {\text{probability}} {\text{rate}} * {\text{Risk}} {\text{impact}} {\text{rate}}$$
(3)

Cronbach’s coefficient alpha was used to examine the reliability of the data gathered from the questionnaire survey using SPSS 17.0. The test result indicated a Cronbach’s alpha score of 0.812, indicating that the responders had a high level of internal consistency.

Operation and maintenance stage

One of the most important stages for detecting any potential corruption is the post-construction stage. One of the most common approaches for detecting corruption risk and behavior is to conduct a project audit variation. Because the malfeasance would be purposefully hidden, a thorough and thorough assessment of the final project is required. At this stage, the contractor must, based on a disclosure made by the engineer or his representative before the “maintenance period” expires, to carry out all the repairs, modifications, reconstructions, avoid and complete deficiencies, defects, cracks that the engineer may request to fix in writing from the contractor. The contractor shall notify the engineer in writing of the end of the maintenance period and that he has completed all deficiencies and the works have been maintained as required under the contract and a “receipt certificate” shall be issued by the owner within thirty days of the end of the maintenance period”. The corruption risks are presented in Table.8 and Fig. 3 for this stage.

Table 8 Corruption risk rating at the initial receipt and maintenance and final receipt stage [Risk register]
Full size table
Fig. 3
figure 3

Corruption risk rating at the operation and maintenance stage

Full size image

The corruption risk is concerned in Table 8 and Fig. 3, the first risk (CR3) is (Releasing the well-executed letter of guarantee for the contracting after the initial receipt, that is, before the end of the maintenance period and the final receipt of the project) that is violation of [Article -Ten 2-] Implementation Guarantee which stipulates [The letter of guarantee remains in effect and will not be released until after the issuance of the final acceptance certificate and the “contractor” should fulfiled all its obligations under the contract scored (0.4992).

The second risk (CR6) scored (0.4303). The third risk (CR7) scored (0.4089). The fourth risk (CR11) scored (0.3614) that is violation of the contracting conditions for civil engineering works [25] which speculate when the work is completed, the contractors must lift and remove equipment, surplus material, dirt, and temporary work “of any kind,” from the site of the construction leaving “the site” and “permanent work” in its entirety cleanness and in a decent condition the “engineer” will be satisfied]. The fifth risk (CR4) scored (0.32), this result is line with findings [27]. The sixth risk (CR12) scored (0.2408) this indicates [no period in the contract of the construction for the correction of the infrastructure defects] stated [21]. The seventh risk (CR5) is (The initial acceptance record includes the implementation of some items which contradict the technical specifications, and the sums have been deducted from non-compliance in the standard. This deduction does not match the size of the damage achieved) that is violation of the contracting conditions for civil engineering works [Article 40] which stipulates [authorizes the work owner to lift the defective works, equipment, or invalid materials, at the expense of the “contractor”, if the latter refuses to do these works] scored (0.216). The eighth risk (CR8) scored (0.1804), this result is line with findings [12, 26, 27] was ranked twelve as a collusive practice in construction project in China. The ninth risk (CR2) is (A deficiency in the work of the preliminary receiving committee is noted without defining all deficiencies accurately nor requiring the contractor to repair them) that is violation of the contracting conditions for civil engineering works which stipulates [The contactors must lift and remove, from the site of the construction, equipment, surplus material, dirt and temporary works of any kind at the end. The contractor must leave the “site” and the “permanent work” in its entirety and should clean it and make it in a decent condition which would satisfy the “engineer”], that risk rating is moderate with risk score (0.1144), this result was in line with findings [27, 28] and was ranked as the three in terms of severity, scored at (3.8) in a construction project in China.

Implementation of Bow-tie methodology on the corruption risk

Professional risk management all over the world found value in the implementation of this method with the use of the Bow-tie XP, one of the easy-to-use and powerful tools. The software is available [29]. The Bow-tie methodology is performed with the use of the steps that have been illustrated in Fig. 4 [30].

Fig. 4
figure 4

Bow -tie Creation Flow Chart [30]

Full size image
Fig. 5
figure 5

Application the Bow-tie software on the corruption risk at the operation and maintenance stage

Full size image

In fact, this process is typically more iterative compared to what that linear sequence suggests) with the following elements:

  • Hazard: the Bow-tie begins with hazard.

  • Top Event: the loss of control over the hazard.

  • Threats have been illustrated on left side (typically the side of the prevention) of the diagram of the bowtie.

  • Consequences of the losses of the control of a hazard have been illustrated on right side (typically the side of the mitigation) of the diagram of the Bow-tie.

  • Barriers of Mitigation which have been depicted on the right of top event are representing the barriers of the mitigation, mitigating top event (in other words, reducing the scale of and potentially stopping the unwanted aftermaths).

  • Barriers of Prevention on the diagram’s left side represents the barriers of the prevention that prevent the threats from causing top events.

  • Factors of Degradation may be implemented on the mitigation barrier as well as the prevention barrier and those may result in impairments or failure of a barrier that they are attached to.

  • Controls of Degradation participate in the mitigation of the components of degradation, which help the maintenance of main path-way barrier at its designated function. The controls of the degradation may, but don’t always do, satisfy, the independent, auditable and effective, criteria for the barriers.

In this research, The Bow-tie XP software, which focuses on the environment under which organizations work and seeks to develop defenses to avoid or minimize hazards, is commonly used. Based on this assessment, the risk analysis technique was revised and used for construction projects in a systematic manner, the corruption risk on a high scale will be addressing by the application of the Bow-tie XP software as presented in Fig. (5).

This model incorporates causes, faults, preventative and remedial actions, and consequences into one model. Corruption risk in this stage in construction projects, that can be divided types of threats and consequences into four categories technical, financial, legal, managerial. It can be observed that the most of corruption from governmental officials, clients who worked in the government ministries who violated legislation for the instructions for implementing governmental contracts No. 1 for the year 2008 and the contracting conditions for civil engineering works, lack commitment legal frame and managerial procedures by application the transparent and integrity by ignoring rules and passing illegal procedures Sometimes, a barrier was used to prevent the threat from the same user, to mitigate the consequences, because the correction of that threat could not be done unless the prevention barrier was applied. Because of all the causes of corruption that result from the employee’s behavior within the organization, a type of barrier (behavioral) was used when inputting. From the results of Bow tie, the barrier is stated (forming the audit committees to study the actual need to a project before the execution) as prevention barrier, every ministry in Iraq must form committees by the internal control department in the ministry to be responsible for the work of these committees in order to facilitate the audit and follow-up process, reduce violations related to (instructions for implementing government contracts, contracting conditions for civil engineering work, instructions for implementing the budget for each year, and others), manipulation, and defects of project completion to achieve proper implementation.

When these risks and their effects occur, which must be referred to the investigation committees according to Article 16 of the law of (FBSA) [The Bureau shall be bound by the news of the Public Prosecution, the Integrity Commission, or the competent investigative bodies, each according to their specialization for every financial violation it finds if it constitutes a crime], referred to in the barrier, that means here (by each ministry that an investigation committee is formed to impede the violations committed by stakeholders and take legal measures against them and the work of the committee formed by the Board of Financial Supervision is followed up to take the necessary action against those causing harm. In the case of the waste of public money, that refers to the integrity commission directly and conducting the necessary investigation. Other ways were stated in prevention and mitigated barrier through (FBSA) experts depend on the laws and instructions for this. The inclusion of diverse experts’ perspectives helps inspire dialogue and debate, which are two of the most important advantages of multi-decision maker participation in corruption risk processing management. Making decision makers’ sounds heard and engaging their viewpoints and fears in a risk management process is a vital contribution to multi-decision maker involvement for successful corruption risk management processes, according to our findings.

The Bow-tie methodology is considered to have high flexibility for corruption risk management. At the same time, its adaptability might be improved by using some tools. Bow-tie, based on the system approach, allows auditors and engineers responsible for developing the project plan and the necessary requirements at the operation and maintenance stage, on which the project will be built, to raise awareness about the causes of corruption and the consequences that could not be avoided in the project’s progressive stages. The conception of threats, consequences, and barriers in the diagrams of the Bow-tie facilitates the comprehension of the protection and prevention actions needed to reduce corruption risk.

Monitoring and review

Based on ISO 31000, monitoring and review is part of the risk management process and involves regular and planned checking or surveillance. This corruption risk management process step is the only way to determine if the system of management control is actually achieving the policy objectives. It informs management and stakeholders as to the effectiveness of the operational boundaries and management controls and the performance of the system of management control. The Bow-tie used to develop monitoring and review activities such as inspections, conformity assessments, and performance audits with laws, instructions issued to achieve transparency and integrity in the life cycle of construction project in the Iraqi construction sector.

Conclusion

By using Bow-tie methodology for corruption risk treatment that built-in risk features specify threats, analysis outcomes, and associated risks, making it easier to integrate into an organization’s broader work model. It permits actual steps to be taken to detect and manage corruption-related risks, as well as to demonstrate that all essential measures should be taken to reduce these risks to the lowest level reasonably achievable. The risk register of the corruption risk provided at the operation and maintenance stage and the developed framework of the Bow-tie model is essential, in the creation of anti-corruption policies, institutions, legislators, and industry experts rely on these policies. It also forms part of the most critical information required by academic and industrial researchers to spur additional research and the creation and introduction of effective anti-corruption strategies to help combat corruption in the near term. The Bow-tie model was chosen as a suitable model for this study because it is used by experts and engineers in the construction industry for prospective risk analyses on corruption. By applying the method to corruption risk in construction projects in Iraq. The structure of the model allows for the assessment of risks by identifying weak and strong points, and those relationships can be easily visualized because the model has the ability to give an impression of how the risk of corruption and applying transparency has been regulated. Risk analysis with the Bow-tie model may be considered as one of the suitable methods. The Bow-tie diagram can be used as a reference standard for project reviews and decisions regarding the development of avoidance or mitigation standards and guidelines. Bow-tie analysis can be used to identify gaps, redundancies, or duplication of measures within existing standards and guidelines in relation to instructions and regulations. Constructive suggestions for combating or eliminating the identified hazards are led via applying bow tie methodology. Also, it contributes to excellent understanding regarding hazard protection and prevention needed for corruption risks in the construction industry.