Aid agencies need better systems to identify, assess, and mitigate corruption risks. Risk assessments should consider two main dimensions of an act of corruption: probability and expected impact. Cost-effectiveness considerations determine whether corruption risks should be treated, and how. Aid agencies cannot focus on own fiduciary and reputational risk, but must make investment decisions based on the magnitude of risk that different types of corruption pose for development objectives. The aim is not to eliminate corruption but to optimise development results. Agencies need information on the severity of corruption risks and the effectiveness of counter-measures throughout the project cycle in order to properly analyse and manage risks. To help agencies move beyond front-end risk assessment, the paper shows how different risk mitigation tools can be applied across the project cycle.