Mysterious activity LOGS and Procurement Compliance

Procurement must always guarantee four key principles: fairness, transparency, non-discrimination, and auditability. These principles are not only legal obligations but fundamental building blocks of trust, legitimacy, and efficiency in public spending.

As part of our Digital Procurement course, we hosted on 29 July 2025 an online workshop for 15 professionals working in procurement from various backgrounds—IT specialists, legal experts, economists, and consultants—to explore how digital tools, system design, and AI can support procurement compliance in real-world practice.

Activity LOGS: A Powerful but Underused Ally

The session was led by Marek Matuš, Chief Technology Officer at Apitea, who guided participants through the technical side of how procurement software Promitea can enforce transparency and auditability—with activity logs (audit trace) playing a central role.

Every click, edit, submission, or reassignment within the procurement software generates a log entry which is stored in real time and accessible to auditors. These logs provide an objective trail of procurement process and decision-making, allowing compliance managers, auditors, or even external reviewers to trace back any irregularity or deviation from standard procedure.

Marek illustrated this with compelling real-world examples of "suspicious behaviours" detectable through logs:

•  Frequent deadline extensions just before closing tenders,
• A user repeatedly modifying selection criteria without justification,
• Same person acting as requestor and approver in critical steps,
• Or repeated instances of evaluation forms being re-opened after scoring was completed.

These are not necessarily signs of fraud—but they are strong signals that warrant attention, and that systems should be able to flag.

 

AI in the Service of Compliance

Our discussion naturally progressed toward the use of generative AI to analyse system logs and workflows. AI has the potential to identify patterns of irregularities more efficiently than manual reviews.

Even more interestingly, we explored how AI could detect inefficiencies and cases where users consistently have to override settings, re-enter data, or correct previous steps. These aren’t signs of misbehaviour, but rather signs of poorly designed processes or unclear rules, which in turn cost the company a lot of money.

 

Prevention First: Design and Culture Matter

The panel discussion agreed that prevention is better than investigation. The last section  of the workshop focused on how to leverage activity logs to design better systems and processes as well as governance structures that reduce the risk of irregularities occurring in the first place.

Suggestions from the group included:

• Clear and segregated user roles within the system,
• Enforcing mandatory approval chains that cannot be bypassed,
• Limiting permissions and tracking exceptions,
• Regular log audits using smart filters and alerts, enhanced by the AI.
• And perhaps most importantly, building a culture where people understand that logs are not there to “catch” them, but to protect them.

People are not always tempted by malicious intent. Sometimes, the temptation arises from time pressure, unclear rules, or cumbersome procedures. That’s why systems and policies must be built not just to catch, but to guide.

In conclusion, procurement compliance is not a single feature or a one-time audit—it is a continuous process, supported by smart tools, thoughtful system design, regular analysis, and a proactive culture.

         

*Funded by the European Union. However, the views and opinions expressed are solely those of the author(s) and do not necessarily reflect those of the European Union or the Education, Audiovisual and Culture Executive Agency (EACEA). Neither the European Union nor the EACEA can be held responsible.