The CoST Infrastructure Transparency Initiative (CoST, infrastructuretransparency.org) defines an Assurance Process as independent third-party verification of infrastructure disclosure data. First published in the CoST Handbook (2012, revised 2019) and applied across CoST's 21 member countries, the process is consistently misused: most implementation teams treat assurance as bureaucratic overhead rather than an investigative tool. This article explains what the CoST Assurance Process requires and how to design one that actually produces findings.
What the Assurance Process Requires
CoST's Assurance Process involves three roles: a Multi-Stakeholder Group (MSG) that commissions and oversees the exercise, an Assurance Team of independent engineers and civil society representatives who verify disclosed data, and a Data Standards Specialist who maps disclosures to the CoST Infrastructure Data Standard (CoST IDS, infrastructuretransparency.org/approach/). The CoST IDS defines 40 minimum disclosure items across project preparation, procurement, and implementation phases.
| Phase | Key Activity | Output |
|---|---|---|
| 1. Disclosure review | Assurance Team checks portal data against CoST IDS minimum items | Data completeness score per project |
| 2. Physical verification | Engineers visit sites, measure works, review payment records | Physical vs reported progress gap |
| 3. Assurance Report | MSG publishes findings, flags discrepancies, makes recommendations | Public report with specific corrective actions |
Why Well-Designed Exercises Produce Findings
IDS threshold
15% of original contract value
CoST Uganda's published assurance reports (infrastructuretransparency.org/programmes/uganda/, covering 2016–2021) consistently identified variation orders exceeding the CoST IDS threshold (15% of original contract value) in road construction contracts. The findings named specific contracts, procuring entities, and amounts, because the Assurance Team reviewed payment records, not just portal data. CoST Honduras (infrastructuretransparency.org/programmes/honduras/) found completion certificates issued for incomplete works, a finding only possible through physical site verification, not document review alone. CoST's 2021 Annual Benchmarking exercise (infrastructuretransparency.org/resources/) compared findings rates across member countries and documented that programmes with physical site visits in their methodology identified more substantive discrepancies than those limited to documentary review.
What Makes an Exercise Performative
Performative exercises share identifiable characteristics: the Assurance Team reviews only documents already on the portal; physical site visits are omitted; procuring entities select which projects are reviewed; the published report lists compliance rates without naming specific discrepancies; civil society is invited to MSG meetings but excluded from the Assurance Team itself. Each characteristic systematically degrades investigative value. An Assurance Team reviewing only portal data can confirm that portal data exists, it cannot detect whether the data is accurate.
The Counterargument: Assurance Costs Too Much
Governments argue that full assurance exercises, physical site visits, independent engineering review, are unaffordable for frequent implementation. A typical exercise covering 20 projects requires three to four months of engineer and civil society time. This is a genuine constraint in low-capacity environments.
CoST addresses this through sequenced verification rather than elimination. The OC4IDS Implementation Handbook (2020, infrastructuretransparency.org/resources) describes a tiered approach: annual documentary review for all projects above a disclosure threshold, with physical site visits targeted to a sample flagged by documentary review, specifically those showing variation orders above 15%, completion certificates without progress milestones, or beneficial ownership concerns. Targeted physical verification concentrates investigative effort where it matters most at lower overall cost. The Uganda programme implemented this sequenced approach across six assurance cycles between 2016 and 2021 (infrastructuretransparency.org/programmes/uganda/).
What to Do Before Commissioning an Exercise
Confirm three prerequisites before commissioning a CoST Assurance exercise. First, that the portal publishes data against the CoST IDS minimum items, without this baseline, the Assurance Team has no standard to assess against. Second, that the MSG includes civil society organisations with investigative capacity, not just sector representation. Third, that the budget explicitly covers physical site visits for a targeted sample. Without these prerequisites, the exercise will produce a compliance rate, not findings. Compliance rates show that a portal exists. Findings show what the portal reveals about how public money was actually spent.
Playbook
Decision Table
| Option | When to Use | Tradeoff |
|---|---|---|
| Adopt immediately | Low-risk process and clear team ownership | Fast progress, limited validation runway |
| Pilot first | Uncertain data quality or mixed institutional capacity | Slower scale-up, higher confidence |
| Defer pending controls | Missing governance, QA, or monitoring guardrails | Lower short-term output, better long-term durability |
Execution Checklist
Failure Modes
- Skipping the section "What the Assurance Process Requires" during implementation.
- Skipping the section "Why Well-Designed Exercises Produce Findings" during implementation.
- Skipping the section "What Makes an Exercise Performative" during implementation.
Found this useful?
I write about open data systems, transparency, and implementation.
Read more articles →