The Greek government spent nearly 9 million euros to hire external contractors to audit its own internal accountability mechanisms.
Of the total amount of €8.9 million, €7.6 million was allocated through direct awards. The audit covered 666 public entities, of which 385 awarded relevant contracts to 99 external contractors. In fact, 65.5% of both the number and the value of the contracts went to the eight largest contractors, who operate throughout the country.
However, the most alarming finding of the Court of Auditors’ report on Internal Control Systems (ICS) in public sector entities, as part of the 2025 Annual Audit Program, regarding contracts awarded to external contractors is something else. Not a single negative opinion was expressed in 152 reports by external evaluators. In other words, not a single case where an entity was deemed not to meet the requirements for adequate internal control.
And this, even though the Court of Auditors’ most recent report itself paints a completely different picture of how the public sector operates. According to the data, only 19% of public entities have a functionally mature internal control system, that is, mechanisms with substantive process mapping, documented risks, active safeguards, and adequately staffed internal control units.
In other words, four out of five Greek public sector entities continue to operate without a comprehensive control mechanism, leaving critical functions exposed to mismanagement, operational failures, and fiscal risks.
Nearly 7 out of 10 agencies have documented fewer than half of their critical operational processes, while less than 10% have completed a full mapping. In several cases, organizations that appear to be compliant are unable to confirm whether the documented procedures are actually implemented. The report also identifies instances of using generic templates or copying procedures from other organizations without adapting them to the actual needs of each entity.
The picture is similar in the Internal Audit Units. Despite institutional progress, approximately one in three agencies that established such units never staffed them. And even where staff are present, their operation is not taken for granted. Constant staff transfers undermine continuity and raise questions about the actual independence of the audit.
At the same time, many units do not incorporate risk assessment into their planning, do not take strategic priorities into account, and fail to audit critical areas, such as budget execution or the reliability of financial reports.
The manner in which contracts are awarded to external partners also raises additional questions. According to the Court of Auditors, the five largest contractors appear to specialize primarily in municipal projects, while some are also active in the hospital sector.
In fact, the audit revealed 23 cases of entities that have awarded contracts to external contractors for whom conditions of conflict of interest or impediments to appointment apply.
At the same time, external contractors appear to receive higher rates of positive opinions even in entities where no recorded conflict of interest statement exists. Furthermore, in the same cases where no documented conflict of interest policy exists, no negative opinions are recorded.
Conversely, in organizations where an internal audit function operates—regardless of whether it is supported by an external partner—the percentage of positive opinions is significantly lower, while negative opinions are also expressed.
A similar pattern is observed in cases where qualified opinions are issued. In these cases, it is observed that external contractors issue qualified opinions at higher rates (26.5%) compared to SMEs, which are either assisted by an external contractor (17.95%) or operate independently (5.98%).