Fraud, corruption, and collusion in public procurement activities, a systematic literature review on data-driven methods

Fraud, corruption, and collusion are the most common types of crime in public procurement processes; they produce significant monetary losses, inefficiency, and misuse of the public treasury. However, empirical research in this area to detect these crimes is still insufficient. This article presents a systematic literature review focusing on the most contemporary data-driven techniques applied to crime detection in public procurement. The preferred reporting items for systematic reviews and meta-analyses (PRISMA) methodology was adopted to identify typical elements that lead to crimes in public contracting. We collected scientific papers and analyzed the selected research using the Scopus repository. We evaluated and summarized findings related to crime detection techniques based mainly on machine learning and network science, as well as studies using fraud risk indices. Some methodologies presented promising results in identifying crimes, especially those using labeled data and machine learning techniques. However, due to the frequent unavailability of pre-labeled data on past cases, analysis through network science tools has become more evident and relevant in exploratory research.


Introduction
Public procurement is the process by which the public sector purchases services, goods, and construction works from third-party companies. It represents a substantial share of the government's public expenditure (OECD 2021), amounting to 12% of global GDP (Bosio et al. 2022). According to the Organization for Economic Cooperation and Development (OECD), in 2017, public procurement represented 29.1% of the general government expenditures among OECD countries.
The reliability of these processes is key for an effective act of governance (Silva Filho 2017). However, while governments seek the best cost-benefit regarding.
the price and quality of their procured services (Costa et al. 2020), public procurement is also well known to be quite permeable to irregularities.
* Correspondence: bacao@novaims.unl.pt Indeed, Transparency International Organization estimates that losses in public contracts due to corruption account for 20% to 25% of the value of the contract and up to 50% in some cases (Volosin 2015).
Among public administration, public procurement is the process that contains the highest risks of illegality that can arise virtually at any stage of the process of acquiring goods, services, or construction works (Rustiarini et al. 2019). Crimes in this context are elaborated and refined, involving schemes such as abuse of power, corruption, peculate, bribery, favoritism, stunt, nepotism, and misappropriation (Padhi & Mohapatra 2011). In that sense, these crimes are difficult to detect and measure (Mufutau & Mojisola 2016), particularly after awarded procurement contracts (Whiteman 2019). As such, well-defined legislation is not enough to circumvent criminality in public procurement, and mechanisms to prevent it are frequently inadequate (Wensink & Vet 2013).
In that sense, it is crucial to understand the phenomena and establish which methods and practices have been explored by the academic community to help identify actors and objects linked to fraudulent activities in the public procurement process. In particular, we focus on actors who act through the practice of Corruption (the relational activity between corrupting agents and corrupted entities, always with the participation of the public body) (Paganetto & Scandizzo 2015), Collusion (an agreement between third parties to defraud operations of the public administration, without its participation) (Mvelase 2015), and Fraud (crimes of forgery of documents, fraudulent proposals, use of shell companies, the introduction of false assessment of competitor, identity fraud, and data theft) (Mlondo 2013) to impair the public administration from acting efficiently.
Here, we use the Preferred Reporting Items for Systematic Reviews and Meta-Analyzes (PRISMA) methodology to identify and review the use of data-driven methods in academic literature to study fraud, collusion, and corruption in public procurement processes. We look to identify the problems and contexts in which mainly network science and machine learning methods have been applied. Overall, we identify in our work 48 relevant manuscripts and discuss the methods used, the problems they explored, and their framing in the academic literature.
Recent works have leveraged the increasing availability of public data on public procurement, which resulted from adopting electronic procurement (e-procurement) bidding processes/modalities. These have been introduced to increase transparency and competitiveness and decrease the bureaucracy associated with the procurement processes (Borras 2015) (Weigel 2017). E-procurement is, thus, a modality that offers a speed-up process at reduced costs (Motta 2003). Although e-procurement has been around for a long time and has been widely adopted, there is limited research on its impact on reducing/mitigating crime in the public sector (Kartika, 2020). Therefore, we extend our analysis to procurement activity in the private sector. This dimension has seen more research and explored more advanced techniques to detect and mitigate crimes in the procurement process (Wu Chebili, 2022). It is the case, in our opinion, that the public sector can learn from the best practices of the private sector, in particular, given the similarities in the procurement processes in both cases.
This manuscript is structured as follows: "Methodology" section announces the method used for identifying relevant research and conducting a bibliometric analysis. In "Results" section, we raise the results, introducing the keywords, citations, occurrences, Bibliometric analysis is part of an interdisciplinary science concerning a quantitative study. It uses mathematical and statistical methods to capture specific knowledge and expertise from various authors (Merigó, 2016). It is a methodology usually used to identify the development of a particular scientific field (Merigó et al. 2015;Železnik et al. 2017). Based on this, we conducted an iterative tracking process with an assembled search string, shown below, encompassing words and phrases logically connected by Boolean operators in the titles, abstracts, and keywords. We chose the words aiming to answer the research question, serve the research objectives, and whose frequency, in most various articles, on the topic was high in the abstracts, keywords, and texts.
Search String: (fraud* OR corrupt* OR bribe OR rigg* OR cartel* OR collusi*) AND (predict* OR detect* OR SNA OR network* OR statistic*) AND ("public sector " OR "public administration " OR procurement OR bidd* OR auction OR tender OR government).
To sort, extract, organize and store metadata (publications, citations, authors, and references), we used the Software Mendeley, which provides a free reference manager that assists in academic work, manages electronic files (PDF format), helps in the normalization of citations, and generates references automatically. To assemble the network that describes the relations among authors and topics, we used the open-source software VOSviewer (Van_Eck & Waltman, 2014). It is an engine for constructing and visualizing bibliometric networks, developed by Nees Jan van Eck and Ludo Waltman at the Center for Science and Technology Studies at Leiden University. These networks are built based on co-citation, bibliographic coupling, or co-authorship ratios. VOSviewer also offers text mining capabilities that allow building and viewing simultaneous occurrence networks of important terms extracted from the scientific literature. Furthermore, we investigate the citation's framework to capture the conjectural basis of the research (Ding & Yang 2020).
Using measures like degree centrality (displays how many times writings are cited, illustrated by the nodes' size) and connection weight (symbolizes how many times two papers are mentioned jointly in different articles-characterized by the thickness of the link), we applied VOSviewer to create graphs founded on data gathered from the Scopus repository and analyzed them employing network Science methods. Furthermore, we examined the data gathered from the simultaneous occurrence of keywords and authors, which indicates that the greater the node size, the more frequently the keyword emerges in writings. On the other hand, the thicker the connections between nodes, the grander the number of times these keywords appear in diverse papers. The same idea was established to article citations, i.e., the bigger the node size, the more cited the issued articles in the specified database, and the wider the linkage between them, the more frequently they operate together in publications.

Results
The data collection began in April 2021 and was later updated in December 2021 and January 2022. At first, we applied a broader search string without setting the specific area of interest included in the last "AND" to capture the dimension of the study being researched. As a result, we identified 39,445 documents. Thus, we applied the entire search string assembled, obtaining 2,914 articles, representing 7.4% of the scientific production in the sector. In Fig. 2, we see the distribution of these articles by annual publication and annual citation amounts presented on a 2-year moving average. In Fig. 2a, we noticed that one of the first articles presented by Scopus in the sector dates back to 1991, with a more significant and constant increase from the year 2000 on. From 2016 onwards, we see a steeper curve slope, indicating a greater interest in the subject over time. On the other hand, in Fig. 2b, we note that the peak of citations occurs in articles from the 2007/2008 biennium since those articles are available for longer for research and, therefore, are better able to receive more citations.
Among the 2914 studies identified, Table 1 presents the ten institutions that most contributed to the research using the specified string. Table 2 shows how these articles were distributed in the ten countries that published the most.
Henceforward, we followed with the extraction of relevant publications through the PRISMA stages. We took all available publications with the author's identification, discarding 98 without a definition of authorship and 712 publications prior to 2011 to avoid picking up outdated articles, so we entered the screening phase with 2104 documents.
During this phase, we carried out suppressions based on the three sets of words: network*, some "public expressions" (public administration, public sector, tender*, auction, bid*, procurement), which were not presented in the title, abstract or keyword of the articles. Then we excluded 1969 publications and maintained 135 of them. Next, we analyzed the abstracts of the 135 documents and abandoned 81 that were beyond the scope, keeping 54. After making a complete reading of the remaining articles, we excluded six Lyra et al. Applied Network Science (2022) Lyra et al. Applied Network Science (2022) 7:83 more publications, keeping 48 papers (Fig. 3). Of the 48 articles, 36 were issued by scientific journals, while 13 were presented in conference procedures.

Scientific articles published in journals and conferences
The 48 selected publications are distributed over a decade in quantities ranging from two publications in 2011 to a maximum of 10 in 2021. It indicates that the topic has been gaining notoriety and being more investigated over time. The documents gathered from the Scopus from diversified journals and conference annals encompass a vast variety of scientific work, from business & economics to computer science, passing by law & government, and science administration. The survey of scientific writings is fundamental for identifying pertinent material for our area of investigation. We selected papers mentioned up to 47 times, deriving from the list of publications in Table 3.
The material acquired from the repositories represents the most recent and updated studies currently used to detect fraud in the public sector. The more cited articles and authors are shown in Table 3. We verify that article no. 1 has the largest volume with 47 citations, followed by article no. 2 with 41, and article no. 3 with 35 citations, all related to the Scopus platform. The citations were examined in depth in the Author and Co-Authorship Citation Occurrences section, guided individually.

Publishing journals and conferences
Regarding the publication of articles in Journals, 36 studies were distributed in 32 distinct Journals and published by 26 editors. Based on Scimago Journal & Country Rank, 21 Journals (65%) are classified in the first quartile Q1, five journals (16%) in the second quartile Q2, four journals (13%) in quartile Q3, and two journals (6%) are classified in quartile Q4. The leading areas of action of the 32 journals are computer science, business, Social Science, and some multidisciplinary areas, see Table 4. The selected papers were issued by publishers belonging to eleven nations. The most recurring were Netherland, Switzerland, and the USA, publishing six works each. In turn, the most commonly used editors were Springer and Springer Netherlands.

Conference proceedings
The conferences were responsible for editing 12 documents published by seven editors belonging to five countries of the selected articles. The main field of investigation once again was computer science, Table 5.
Of the 12 conference proceedings, 11 were classified as computer science. The publishers were also varied; the IEEE published papers, particularly in Conferences on Fuzzy Systems, Artificial Intelligence, Internet of Things, Information Systems and Technologies, and Internet Computing. Springer Nature issued articles on Intelligent Systems and Technologies, CISTI. The other five editors published articles on Intelligent Data Engineering, Data Management, Multidisciplinary Civil Engineering, and Data Mining.

Articles classification
To classify the articles, we took the specific themes addressed in each one. It is worth remembering that the public procurement articles referred to various types of contracts; however, not all papers offered a more comprehensive detailing of the contracted object. Furthermore, E-procurement* was presented as a resource for the Public E-procurement surveys. They are broader research and have more outstanding fraud detection capabilities, which may assist the public sector with solutions. Table 6 shows that general public procurement dominates the researched occurrences due to the greater availability of open data in this segment, followed by the construction industry, which represents a large part of the expenditure associated with procurement contracts. On the other hand, the three types of crime studied perceived the same magnitude order in terms of monetary values. The most common crimes identified were corruption in public procurement and collusion in construction. Fraud appeared more in online auctions or e-procurement; however, this topic was better explored in the private sector.

Keyword occurrences
To examine in detail sensitive themes, we performed a co-occurrence assessment by employing keywords occurrence based on the count of the individual or combined words in portions of scientific research (title, keyword, and abstract). Besides, the investigation is extended to various documents concomitantly, helping researchers review and exploit the writings statistically (Horvat, 2015).
The analysis of keywords occurrence has been performed employing VOSviewer to assemble and view bibliometric networks. The examination was carried out through the complete counting method, containing ten keywords, in which the lowest occurrence boundary was fixed as six. The ten keywords classified in descending order of occurrence are displayed in Table 7.
We can also see the average year of keyword usage in the selected documents. We perceive that the most relevant keywords, crime, public procurement, and corruption, have their average launch years between 2017 and 2019, and social network analysis (SNA) and social networking more between 2013 and 2014 when this expression was still widely used for network science tools. (Table 7). The identified keywords appearing the most had the following link strength and occurrence, respectively: crime (276,19), public procurement (146, 15), corruption (81, 14), fraud detection (144, 11), and social network analysis. In Fig. 4, we see the co-occurrence connections between keywords in various scientific papers collected.
Here we perceive the formation of two communities in the keyword co-occurrence network with ten nodes and 30 links.
Keyword nodes are linked by their concurrent existence in separate documents, where keyword communities are formed based on the similarity between their connections. The node size denotes the occurrence of keywords; the bigger the node, the greater the  keyword occurrence. Figure 4 shows the previously demonstrated statistics, where we perceive that the nodes representing public procurement, corruption, and crime keywords are the largest, meaning that they are the ones that appear the most. We named the two communities based on their most representative and centralized nodes, Public procurement (red) and Crime (green). The network emphasizes "public procurement" as the most studied area. On the other hand, the keyword "corruption", "social network analysis", and "data mining" appears in the same community as the problem being investigated and the techniques used for its identification. In turn, the community Crime presents machine learning and learning systems as techniques for fraud detection.

Author and Co-authorship citation occurrences
Once again, we used the VOSviewer tool to investigate the author's and co-author's citation occurrence and the link strength. We employed the full counting method and established the minimum link strength as six. The documentation brought in 11 authors presented in Table 8 by link strength order.
The authors and co-authors that stand out the most for their Link strength and citations are Fazekas M. with seven articles and 134 citations and Wachs J. with five documents and 38 citations. We observed that these two authors are very interconnected. Of the 12 articles they wrote, three they did together; Fazekas was the author in two and Wachs in one. The average publication period of the articles from the 11 authors is very recent, varying from 2019 to 2021.
As it is an emerging and incipient community, the network representation assembled by VOSviewer is still very disconnected and dispersed, but it is a community with high potential for future collaboration and should coordinate efforts to systematize techniques and approaches. Figure 5 presents the giant component of the citation network. Here we see the formation of 5 clusters with 21 nodes (articles) and 41 links, where Fazekas and Wachs appear in two communities. Fazekas has the most articles written, mainly in the blue community, and Wachs is the central link between the different communities and probably the most influential author in this subnet.

Methods, connectivity, and investigation type of the articles
In the list of scientific articles collected, we identified two most popular types of techniques, together or separately, to detect crimes against public administration: machine learning and network science. Furthermore, we verified the connectivity of the data presented in the papers, classifying them as connected networks if they had these characteristics. The status of connected networks was determined by a route between any random pair of nodes, even if intermediate nodes are needed to establish the course (Dong, 2020). The high density of a network considerably improves the potential for collaborative action and cooperation between actors (Olsson et al. 2004), as well-connected networks foster communication, promote common confidence, and help contain or control conflicts (Bodin and Norberg 2005). Furthermore, the high density of links promotes joint action, particularly when there are many connections between different agents (Sandström and Carlsson 2008). In our study, 34 or 71% of articles were related to connected networks. It allowed researchers to explore the relationships between agents and uncover hidden connections.
Finally, we examined the type of investigation carried out, if exploratory or using labeled data. Labeled data research was used to confirm predictions and train models based on patterns of the information used. If the data are representative of the population, these will confirm or not the results of a finding, or a machine learning model will make predictions when using new data (Xiao et al. 2018). On the other hand, exploratory data analysis sought to research little-known problems with no confirmatory data and investigated information to develop hypotheses (Robson 2002). It aimed to develop knowledge that is still new (Kuncoro 2013).
In our research, we have 52% reports using labeled data and 48% exploratory research. It allowed researchers to explore the data and confirm the results when using labeled data, and in the absence of confirmatory data, the exploratory study could draw significant conclusions. Notably, 85% of machine learning research used pre-labeled data in their analyses, while network science used it in 44% of its research. The information is presented in more detail for each article in Appendix 1.

Objectives of the works
This section presents the primary purposes of each study grouped into higher-order objectives, Table 9.

Fig. 5 Citation network -giant component, community visualization
We divided the articles into ten macro-objective groups to better understand the proposals presented. A significant part of the articles falls under the detection of fraud, corruption, and collusion in public procurement, with 11 articles. Ranking second to detect identical crimes, we have the construction industry with eight articles. We also present two macro objectives studied from the private* segment referring to online auctions, which are widely used in the public domain but little explored in scientific research to detect crimes in this segment. To have a more specific glimpse of the objectives of each scientific article, a synopsis of the purposes of the 48 topics is presented in Appendix 2.

Discussion
The present study uses the PRISMA methodology and network analysis to spot the most recent research and techniques for crime identification in public procurement processes. This section introduces a straightforward assessment comparing the outcome of the Scopus repository. It analyzes how we answer the research question and addresses the limitations of the research as follows: RQ: How have data-driven methods contributed to detecting, characterizing, and predicting fraud and corruption in public procurement activities?
Random Forest was employed to find bid-rigging cartels, Identify close connections between government and private firms in repeated interaction and geographic dispersion, and detect single bidding and government spending concentration. It reached an adequate performance in finding competitive tenders and classifying collusive ones.

36, 48
Identify potential crimes in suspected shell companies 9, 18 Detect the risks of corruption and collusion in public defense contracts 45 Recognize collusion in the public administration 12 *Identify fraud in product listings, fraudulent dealers, or bidder reputation on private online auctions 4,7,8,10,13,21,22,17,31,33,34,39 *Detect shill bidding fraud in private online auctions 17,30,37,47 It performed well in both collusive and non-collusive periods, appropriate for detecting bid-rigging cartels. RF also identified the emergence of geographically close and repeated connections between private entities and public authorities, suggesting corrupt or socially undesirable behavior and favoring illicit schemes. When used to detect single bidders or government spending concentration, it showed encouraging results with internal data but only moderate when externally validated. Nonetheless, it achieved higher explanatory power than Logistic Regression due to a more flexible parameterization. Logistic Regression helped find suspicious tenders with text-mining techniques and detect single bidding and government spending concentration. Applied jointly with text mining to recognize contract corruption, it showed intermediate precision, recall, and Receiver Operating Characteristic (ROC) results. It had better results than SVM but lower than Naive Bayes. Alike RF, Logistic Regression for detecting single bidders and concentration of government spending showed significant results when using internal data; however, only reasonable outcomes when validated with external information. On the other hand, the Logistic Regression obtained less explanatory strength than the RF due to a less flexible parameterization.
The Lasso Regression was intended to detect bid-rigging cartels and predict inefficiency and corruption in public procurement. The lasso performed slightly better in collusive than non-collusive periods, but the results were quite satisfactory in detecting bid-rigging. When used to predict inefficiency and corruption in tenders, it was outperformed by Gradient Boosting Machine in all scenarios.
Regarding network science techniques using labeled data, the most employed were cluster analysis (community detection/clustering) used by eight studies (Articles No: 24,31,35,36,39,40,43,48), where clustering was formed when the similarity between nodes is high, and nodes are separated into different communities when similarity is below the threshold defined by the algorithm. Centrality measures were used by four studies (Articles No: 33,38,42,48) which usually reflect the prominence, status, prestige, or visibility of a node and often explain behaviors on the network (Marsden 2005). One (Articles No: 40) applied bipartite network projection to generate a co-participation network and capture the hidden relationships between players.
They examined the endurance of fraudsters in a weak competitive community over the years after a government turnover to identify corrupt connections between agents. The centrality measures were used to help identify the most central, active, influential players and those presumed of fraudulent connections. The degree centrality, for example, excels in revealing the most linked players of the net. Nevertheless, while it is able to assist in indicating network hubs, criminal interfaces are not always intermediated by them (Morselli 2008); therefore, other measures and analyses were necessary to identify suspicious connections. On the other hand, regardless of employing closeness centrality, some criminals were conscious of the existence of risk indicators and were persevering to bypass them by decreasing the mean closeness values through data tampering. An analysis of clusters demonstrated that the most effective indicators to expose suspect features were based on contract expenditures, contract title, closeness weights, and eigenvector mean values, demonstrating, via these measures, that a considerable portion of government deals held infractions. Some other methods that deserve further comments used combinations of models. The labeled data based on hierarchical Clustering Using REpresentatives (CURE) is a clustering model that identifies bidding strategies. This technique delivers an adequate number of clusters, and k-mean clustering supplies elements concerning the players' methods in each cluster. Furthermore, a combination of approaches via Machine Learning techniques (hybrid Decision Support System, decision trees, Support Vector Machine, and Neural Networks) and network science algorithms (PageRank, density, and centralities) was used to reveal collusion and corruption associated with defrauding conduct on networks, and together with the concept of neighbor diversity to differentiate fraudsters from standard actors.

Most applied techniques using exploratory research
Through network science techniques, community detection was the most applied mechanism to verify the formation of clusters, particularly cartels. It was chosen to examine collusive trades in significant markets, in which market shares with appropriate prerequisites for cartel appearance were uncovered in previously hidden connections. Nevertheless, the approach to detecting cartels was sometimes merely representative and could not always convincingly indicate crimes without employing labeled data.
Community detection also allowed witnessing organizations making extensive agreements with each other rather than making alliances beyond their communities. It pointed to communities practicing transgressions in their contracts, spotting groups where no agreements could provide the awarded objects. The diversification of co-bidding communities formed in different regions was also evaluated, in which alleged cartel formation was identified based on low regional and contractual diversification of the communities, suggesting collusion of companies in some regions to supply specific products.
In turn, it was analyzed to what extent the volume of single bids differed in diverse communities within a network. The diagnosis was that fraud is not erratically disseminated in procurement processes; the higher the clustering of single bidders, the more likely the analysis of their neighbors would bring up more fraud cases. Besides, communities with extra bonding social capital stood at a greater risk of fraud, and communities with a more assorted extrinsic connectivity were less susceptible to It. Furthermore, some networks were split into different clusters, categorizing intersections as new communities and classifying them as conspiracy cases when there was a high degree of nodes overlaying.
Over time, an interchangeable and nonlinear association between a corruption risk index and the closeness centrality was pointed out. It indicated the closeness measure effectively revealing fraud risk after government changes.
Betweenness was used to estimate the likelihood of agents having weak links with each other but still being a necessary mediator in trades and partnership management. They were able to underline the relational effects of organizations that could control the award of contracts.
It should be noted that, regardless of using some measures like network diameter, mean path length, and degree measures, these metrics stayed unchanged in certain studies, not supplying sufficient facts to predict the risk of crimes. Besides, in networks of bipartite nature, these measures alone were not sufficient to demonstrate evidence of a crime.
Based on the facts exposed above, we can realize that some mechanisms of network science are not always capable of providing accurate sole outcomes. Therefore, they are usually applied with different frameworks, such as neighbor diversity, single bidder, diversity of winners, victory rate of a bidder, or even creating indexes from intrinsic process parameters.

Research gaps
We found three crucial gaps during this research; the first is related to the online auction in the context of the public sector. Although the process is very similar in the public and private domains, it has been more researched in the private sector, contributing to developing fraud detection techniques in this segment. This type of bidding has a substantial share of public spending and should be considered when studying crimes in public contracts. A good example is electronic trading accounts which represent more than 90% of public contracting expenditures in Brazil's federal government (Governo Federal do Brasil 2022).
The second gap is related to the limited use of objective indicators to measure corruption risk in tenders (Lyra et al. 2021a, b.1). Corruption indices are usually obtained based on qualitative research and tend to reflect individual researchers' perceptions and biases. Objective microdata such as the number of bidders, market share of winners, bidding modality, time-lapse for awarding a contract, amendment of contractual clauses during its regular term, duration of the contract, and extension of the contract period after the end of the regular term are intrinsic to biddings operations. They promote greater transparency and accuracy in developing a fraud indicator, especially when well-calibrated and weighted. Although We collected 5 articles from the same group of authors and co-authors, using data related to EU countries. Currently, corruption indicators are mostly subjective and somewhat unreliable (Fazekas & Kocsis 2017). Different red flags in public procurement processes could be better explored and taken as elements of a composite indicator, using regression coefficients to estimate the weights.
Third, it is essential to continue looking for solutions that allow the use of unlabeled data more accurately to detect crimes against the public administration. Despite the increase in the amount of data available from the public sector, the vast majority of those with access are not classified. In this sense, a methodology that proved to be more feasible in the absence of pre-classified data is using network science tools.

Research limitations
The methods applied in this systematic literature review contain limitations for identifying papers beyond the keywords defined in the search string. The chosen essays may not comprise extensive studies in crime detection in public procurement since some keywords or expressions may have been neglected, such as Red Flag, Hoax, Trick, Blow, and Fake. Besides, Boolean connectors might have restricted the search query. Furthermore, only the repository Scopus were investigated, and maybe vaster results could have been reached using different platforms.
However, concerning the research period between 2011 and 2021, we believe it is not demanding to search periods prior to 2011 since the search query for the period before it returned 745 documents, representing 25% of the total. In addition, the fraud detection methodology in the public sector, mainly regarding procurement, has begun to attain visibility more lately. Taking a more specific search string regarding the area of interest, for example, such as ("network analysis" OR SNA OR "Network science") AND ("public procurement") AND (corruption OR fraud), we found only eight articles in Scopus, where the publications start to appear only in 2016 with one paper, 2017 with another one, 2020 with three and 2021 with another three articles. It suggests that the specific subject is recent and very little investigated.

Conclusion and further studies
Many existing methods for detecting fraud in the public sector rely on rules established by an expert. However, the access to an increasing number of data sources and the ability to analyze large volumes of data through machine learning, network science, and other methods offers the possibility to understand and predict fraudulent activities.
Here, we used the PRISMA methodology to identify the most relevant contributions to the topic. We characterize the research efforts in the field, identifying the most active authors, venues, methodologies, and application contexts. Finally, we emphasized the increasing importance of network science and machine learning in this domain.
We highlighted 48 contributions chosen based on their relevance to respond to the research question regarding the methods used to detect crimes in public procurement. The survey allowed us to investigate deeper into machine learning methods, most of them using supervised techniques and network science approaches to detect crimes in public contracts.
Machine learning techniques have proved to be very efficient in identifying instances of inadequate public spending use. However, there is no specific best tool to detect all types of crime. We found that the most effective and most used approaches rely on Random Forest algorithms. At the same time, ANN was particularly adequate to detect shill bidding in real-time, SVM in finding fraudsters through neighbor diversity features, Naive Bayes detecting inefficiency and corruption in tenders, and Random Forest in uncovering bid-rigging cartels.
Network science methods have been used to estimate centrality measures and relevant communities among the participating actors, particularly to verify the existence of cartels. The use of network science is particularly relevant when studying unlabeled data. That is when there is no clear identification of which contracts have been flagged as subject to illegal procedures (e.g., fraudulent activity). The absence of confirmatory information was addressed through exploratory investigation and identifying hidden relationships between network agents. That said, we perceive that network science is a central framework for developing more sophisticated methods for studying fraud, collusion, and corruption activities lacking confirmatory data. Future work should direct efforts to investigate the issues addressed in the uncovered gaps, especially identifying fraudulent actions in electronic public auctions, since this is becoming the most used means by world governments in public acquisition.

Appendix 1 Articles classification
See Table 10.  Table 10 presents the methods, data connectivity, and type of investigation carried out in each article.
From Table 10, we can see that the most frequent approaches when using label data are generally related to machine learning, representing 100% of articles exclusively concerning it. They represent 50% of these studies regarding network science using label data. On the other hand, studies with label data using other methods represent 53% of articles. That said, it emerges that in studies where label data is available, the use of machine learning as a preferred method prevails. In contrast, approaches such as network science are evenly distributed with the use of label data and exploratory research.

Appendix 2 Articles' purpose
See Table 11   Table 11 Objective of the articles (ordered by number of citations)  It analyzes corporation loss due to fraud and proposes tools and processes to quickly and cheaply identify fraud/risks related to public and private procurement and potential wrongdoers 27 (Mundra & Rakesh 2014) Investigates how a contractor's network position affects its success in winning public procurement projects through its ability to partner and influence the network 28 (Popa 2019) It analyzes a set of public procurement data from European countries in order to identify the emergence of close links between bidders and public administration, defined in terms of repeated interaction and geographical dispersion 29 (Gallego et al. 2021) Determine trades that can become troublesome and forecast inefficiency and fraud in public procurement by employing a dataset with about two million public procurement processes in Colombia 30 (Alzahrani & Sadaoui 2020) Identify shill bidding fraud in online auctions 31 (Lei et al. 2018a, b) It intends to measure the user reputation (trust score) by considering the feedback reliability status for all transactions in the e-commerce market, such as e-auction 32 (Mamavi et al. 2017) Explore conniving networks deriving from collaborative associations among firms. It suggests a protocol to investigate networks within the public sector based on a quantitative method. It also emphasizes the interactive effects of companies that might impact the granting of contracts in decision-making, besides the influence of weak and strong bonds between firms on the contracts 33 (Khomnotai & Lin 2015) Recognize scams on online auctions by exploring the concept of neighborhood diversity as an effective resource to identify competitiveness and joint participation between companies that may be acting together to defraud bids regularly 34 (Dadfarnia et al. 2020) Detect fraudulent users in collusive acts in online auctions 35 (Zhu et al. 2020) Design a social networking standard to detect possible bidder conspiracy in the construction sector 36 (Lei et al. 2018a, b) Detect the formation of scheming groups in auctions through collusive activities or manipulation of the average price of the bids towards a higher or even unrealistic winning price Table 11 presents the objectives of the selected writings to disclose supposed fraud, corruption, or collusion in public contracting. Here we can glance at the scope of each survey, its instructions, and the outcomes presented. We verified that the most adopted methods to capture crimes in public acquisition vary widely, ranging from network science tools (social network analysis and complex network techniques) to statistical analysis and machine learning approaches.