,

South Africa 5

Team YA SA-5: OpenLedger

Challenge 6:Financial transparency in Public Works

OpenLedger: A secure digital tool for enhancing public financial transparency in Bogotá

Bogotá, Distrito Capital

Bogotá is the capital and largest city of Colombia, with a population of 8 million people, the city is a major political, economic, cultural, and educational center in Colombia, featuring a blend of colonial architecture and modern skyscrapers, with historic neighborhoods and landmarks.

Bogotá is recognized for its extensive urban infrastructure, including a large bus rapid-transit system and one of the world’s most extensive bicycle path networks in addition the city is undertaking several significant infrastructure projects focused on sustainable mobility, public transportation, social infrastructure, and technology development.

Some of these projects include:

The Bogotá Metro: The Bogotá Metro is a transformative urban transit project featuring an elevated metro line spanning approximately 24 kilometers with 16 stations. Construction has reached over 55% completion as of mid-2025, with the line scheduled to begin service in 2028.

TransMilenio: TransMilenio is Bogotá’s bus rapid transit (BRT) system featuring dedicated lanes and high-capacity articulated buses to provide fast, efficient urban transportation. It serves as the backbone of the city’s public transit, connecting multiple neighborhoods with frequent and reliable service.

TransMiCable: TransMiCable is Bogotá’s cable car system designed to connect hilly, underserved neighborhoods to the city’s main public transit network, improving accessibility and reducing travel times. It integrates with the TransMilenio bus system

Bogotá science, technology and innovation campus(CTIB):a major public-private initiative designed to boost research, entrepreneurship, and tech development in the city

Social Infrastructure: Plans include the construction and modernization of schools and hospital facilities to improve educational and health services

The Challenge

An unfortunate reality is that corruption is rife within public procurement and Bogotá is not immune to this age old racket. This poses a real challenge to the advancement of city infrastructure across the board. Corruption in the form of bribery and mismanagement have undermined transparency and fairness.

Many high-profile cases involving bribery to secure public contracts, have exposed systemic vulnerabilities in awarding contracts and fueled public demand for reforms. There are a number of measure being introduced to combat corruption, such as procurement reforms, open contracting platforms and standardized tender procedures which aid in rooting out direct awards of tenders and favoritism.

The public procurement system in Bogotá operates under principles of transparency, competition, and efficiency, ensuring equitable access to public contracts and responsible management of public funds. The process is primarily managed through SECOP, Colombia’s official electronic procurement platform. The process follows a general step by step approach as follows:

  1. Public entities initiate the procurement process by publishing a call for bids.
  2. The process is open to any qualified bidder, who meet the legal, technical, and financial criteria established in the tender documents.
  3. Bidders must submit their offers according to the requirements outlined in the terms of reference. Once received, bids are evaluated based on objective and pre-established criteria.
  4. The contract is awarded to the bidder whose proposal best meets the established evaluation criteria.
  5. A supervisory contractor is also placed to ensure that the correct milestones are reached before a payment can be made to a contractor.

Our team has been tasked with developing a digital tool that ensures that the City can follow the flow of the finances dedicated to a particular contract/project and ensuring that these transactions are indelible and secure from outside interference.

“ Corruption is a cancer, a cancer that eats away at a citizen’s faith in democracy, diminishes the instinct for innovation and creativity.”

Former President of the USA, Joe Biden

Our Solution: OpenLedger

A secure, user-friendly web platform that enables individuals and organizations to easily upload, store, and manage documents related to financial transactions—ensuring seamless access, organization, and peace of mind. The tool utilizes dual dashboards one for officials who can upload documents and administer the tool and a second public facing dashboard that allows citizens to easily monitor the status of public infrastructure projects.

How does it work?

The tool revolves around protecting documents related to a project. When a tender is awarded to a contractor, a city official related to that tender must then create a project on the system. This project is now used to track all the milestones, and financial transactions of the project.

  • Once a tender is awarded, officials create a project on the system.
  • Contractors submit an invoice per milestone to city officials.
  • City officials upload and log the invoice on the system and further the city’s process for payment.
  • Supervisory contractor provides proof of milestone and uploads supporting documents.
  • City officials verify documents and authorize payments
  • City uploads proof of payment to the system.
  • Information from invoices and receipts are harvested and split between two dashboards.

This means the tool is independent of any other city software. A standalone web-tool that can be linked and accessed without any specialized software requirements. City officials require minimum information and the steps mirror the existing payment process, this simply creates a secure chain of documents for each payment made per project.

This tool is designed to promote financial accountability by enabling access to transaction-related documents for a broad range of stakeholders. However, open access raises important concerns around data security. While certain information—such as the identity of a contractor awarded a public infrastructure project or the general terms of a contract—should be publicly accessible to ensure transparency, not all details should be openly shared. Full disclosure of transactional data could expose sensitive information, such as the identities of individuals who authorize payments, potentially making them targets for malicious actors. The tool therefore incorporates layered access controls to balance transparency with the need to protect confidential data.

A dual dashboard system makes this possible.

City officials and contractors will make use of the main dashboard, this allows them to upload documents and record transactions.

This dashboard will have role based access control. Certain roles will have access to more feature than others.

The public facing dashboard doesn’t require any login or user access. Citizens can only view projects and specific data that is available for each project.

Multilayered Security

The first layers of tools revolve around protecting the data and ensuring only the appropriate users have access to it. This is done using various tools. The second layer ensures that data is immutable, there are two ways this can be done, through audit logs or through a blockchain, both will be explored fully.

Role-Based Access Control

2FA and Data logging

Encryption

  • This allows the end user to control who has access to what information.
  • City officials will have access to most features and primary control.
  • Primary contractors might only need to view the status of their payments
  • Supervisory contractors require a access to uploads
  • The public need not access the same portal as the other users and may not require a login feature.
  • Role-Based Access Control is a cornerstone of modern security and IT governance. By aligning access rights with organizational roles, RBAC provides a secure, manageable, and auditable framework for controlling access to systems and data.
  • RBAC (Role-Based Access Control) assigns permissions to roles instead of individuals, simplifying access management and enforcing least privilege
  • It enhances security, scalability, and compliance by ensuring consistent, auditable, and role-aligned access across systems.
  • Data logging software collects and displays logs from different systems in one place for easy tracking and analysis.
  • It supports security features like access control, encrypted data, and log auditing to help detect threats and keep systems secure.
  • Data is encrypted while it travels from a user’s device to the server using protocols like HTTPS/TLS, preventing hackers from intercepting or reading the information.
  • Once stored, data is encrypted on the server using algorithms like AES-256, so even if someone gains access to the storage system, the data remains unreadable without the decryption key.
  • This two-layer encryption approach helps protect sensitive data from unauthorized access, both while it’s moving and when it’s sitting in a database or file system.

Append-only audit logs VS Blockchain

Audit Logs

An append-only audit log is a secure, tamper-evident record of system events or user actions where new entries can be added, but existing ones cannot be modified or deleted.

  • Write-only mode: Each event (e.g., login, file upload, payment approval) is appended to the log in sequence, preserving a complete timeline.
  • Immutability: Once written, entries are permanent. Any attempt to change past records is detectable or outright blocked.
  • Timestamps & Signatures: Each entry often includes a timestamp and may use cryptographic hashing or digital signatures to prove authenticity and detect tampering.
  • Storage: Can be implemented in files, databases (e.g., write-ahead logs) for maximum integrity.

Blockchain

A blockchain is a digital, distributed ledger that records transactions in a secure, transparent, and tamper-proof way. It’s called a “chain” because it stores data in blocks that are linked together in chronological order.

  • Transaction Happens: Someone initiates a transaction.
  • Transaction is Verified: A network of computers (called nodes) checks that the transaction is valid using rules and cryptography.
  • Block is Created and valid transactions are grouped into a block. This block contains:The data, a timestamp, a hash, the hash of the previous block.
  • Block is Added to the Chain: Once verified, the block is added to the existing chain. Because each block contains the previous block’s hash, altering one block would break the whole chain.
  • Data is Permanent: Once added, the data in the blockchain is immutable—it can’t be changed or deleted without everyone noticing.

Challenge behind the Challenge.

One of the most critical factors in making OpenLedger a successful tool is earning and maintaining public trust. Trust is often the greatest obstacle to anti-corruption initiatives, as corruption undermines the perceived fairness and integrity of government institutions. When citizens lose confidence in these institutions, widespread disillusionment and skepticism take root.

Once public trust is eroded, restoring institutional credibility becomes extremely difficult. This lack of trust not only weakens support for anti-corruption reforms but also reduces citizen engagement, which is essential for transparency and accountability. When people believe the system is corrupt, they are less likely to report wrongdoing, participate in oversight efforts, or cooperate with authorities—further fueling a cycle of corruption and mistrust.
To break this cycle, rebuilding trust must be intentional and sustained. It requires:

  • Consistent transparency in every process and decision,
  • Robust accountability mechanisms that apply to all stakeholders,
  • And active public participation in governance.

By demonstrating ethical, open, and verifiable practices through tools like OpenLedger, governments can begin to rebuild confidence, foster public cooperation, and create a foundation for lasting institutional integrity.

Implementation & Roadmap

OpenLedger is not just a software tool—it’s a platform designed to reshape how governments manage public procurement, transparency, and accountability. This requires:

  • Shifting institutional mindsets, particularly in environments with entrenched bureaucracy or resistance to openness.
  • Changing long-standing workflows across multiple departments and agencies.
  • Aligning legal, ethical, and political frameworks, which takes negotiation, approvals, and trust-building.

Technology can be built in months, but institutional transformation takes years of gradual adoption, iteration, and cultural change.

OpenLedger’s implementation demands a multi-layered, deeply integrated technical architecture that cannot be delivered through rapid development or lightweight solutions.

As a standalone platform, it is designed to independently manage critical procurement processes, using robust components such as a blockchain-based ledger, append-only audit logs, encrypted file storage, smart contracts, and role-based access control. Each of these elements must be built with precision, requiring specialized teams, intensive testing, and strict compliance with public sector security and transparency standards. Unlike platforms that rely on external APIs, OpenLedger is self-sufficient—this reduces dependency but increases internal complexity, as it must independently replicate and secure the full lifecycle of public procurement data without relying on legacy systems.

Its architecture must handle high volumes of data, diverse contract types, and long-term record retention without performance degradation. Compliance with procurement laws, financial regulations, and data protection mandates remains a core challenge, demanding coordination with legal experts, auditors, and regulators. The most critical factor, however, is public trust: OpenLedger’s purpose is to restore faith in government financial integrity, a goal that cannot be achieved overnight.

Trust must be earned gradually through consistent transparency, publicly verifiable logs, and sustained civic engagement. As the platform scales from pilot use to full institutional deployment, it must support large numbers of users, adapt to varied operational conditions, and remain secure and user-friendly in environments with limited digital infrastructure. Without thoughtful planning and built-in sustainability, OpenLedger risks becoming a short-lived demonstration project. To succeed long-term, it must be continuously funded, maintained, governed, and socially embedded as a permanent fixture of transparent governance.

The Team

Verlan Moodley
University of KwaZulu Natal
Molecular Optics(Physics)
PhD Candidate
[email protected]



Nomsa Mchunu
Durban University of Technology
Information and Communications Technology
BSc(Hons)
[email protected]

Gabrielle Reddy
University of KwaZulu Natal
Information Systems and Technology
BCom(Hons)
[email protected]

Cebolenkosi Sikhosana
Durban University of Technology
Chemical Engineering
BEng Tech(Hons)
[email protected]

Ayanda Mpanza
University of KwaZulu Natal
Supply
BCom(Hons)
[email protected]

References