GSX, Las Vegas 25th Sept 2018

RISK-BASEDPRE-EMPLOYMENT-SCREENING

Bernhard Maier

2

What is Pre-Employment-Screening (PES)?

1 Also known as ‘Vetting’ or ‘Background Check’

4 No evaluation of the applicant‘s qualification (responsibitly of HR)

2 Systematic collection of information on an applicant

3 Riskevaluation of the applicant

3

Why conduct PES?How about ROSI (Return On Security Investment)?

5

6

7

Additional reasons

Duty of care

Compliance (international standards like

ISO37001)

Reduction of management liability

Reduction of Risk

1

2

3

4

Financial loss

Loss or damage of goods

Reputational harm

Physical injury

4

Classical Approach versus Risk based Approach

Risk based Approach

Risk assessement of the vacancy

Definition of a screening goal

Search for suitable sources in order to meet the

screening goal

Classical Approach

Checklist of searches

Clear instructions on sources and databases

Easy to handle (ticking boxes)

Limited to one jurisdiction Worldwide applicable

5

Challenge PES

Protection of privacy and personal data

Applicant

Comprehensive under-standing of the applicant

Employer

6

Solution: Squared Circle

Restriction to relevant information

(width of screening)

gathered in an appropriate way

(depth of screening).

7

Principles of Screenings

1 Transparency

4 Relevance and Appropriateness (Data Minimization)

2 Consent

3 Impartiality and Fairness

8

Four Steps of Screening

Prepare/Plan1

- Operational responsibility

- Management override

- Riskprofile of vacancy

- Width and depth of screening

- Definition of red flags

Search2

- Identity sources

- Investigation of information

Loop3

- Applicant‘s statement

- Expose fraudsters

Decide4

- Evaluate findings

- Recommend hiring or rejection

9

Prepare/Plan: getting started

1 Operational responsibility: who does the screening? Security-/fraud-management, HR, compliance, external service

provider?

2 General rule: no employment after negative screening. Fixed procedure for management override required (proof of

necessity and risk mitigation)

3 Definition of red flags (typical no-gos)

10

Prepare/Plan: the Applicant‘s Risk-DimensionsWhat makes an applicant potentially risky?

Political extremism, religiousfundamentalism

Financial turmoil

Concealement of identity orresidence

Misrepresentation in CV

Addiction

Lack of integrity

11

Prepare/Plan: Riskprofile-Matrix IHow to assess the vacancy‘s risk?

Identification of relevance

Is it risky to fill the vacancy with someone

who was extreme political views, financial

troubles, conceals identity … ?

Internal and external perspective

Who could be harmed? Employer,

coworkers, customers, non related third

parties?

Set the risk level

When internal and external views show

different risk levels, the higher of the two

counts.

Estimate extend of risk

Low, medium or high by considering the

highest possible damage.

RISK

12

Prepare/Plan: Riskprofile-Matrix II

3 high risk dimensions

2 low risk dimensions

1 medium risk dimension

relevance

of screening

13

Prepare/Plan: Choice of Screnning Depth

appropriate

screening

intensive

screening

regular

screening

no

screening

3 high risk dimensions(concealment,

addiction, integrity)

1 medium risk dimension(extremism)

2 low risk dimensions

(financials, misrepresentation)

14

Prepare/Plan: by the way…

1 Screening of dimension ‚Concealement of Identity/Residence‘ is obligatory (at least superficial check).

2 Use expertise from the department of vacancy for the risk assessement (COSO: handle risk at the place where it

occurs)

15

Checklist Risk Assessment

Is there access to assets or confidentialinformation?

1

Does the person work with a vulnerable group (children, elderly, disabled)?*

4

Does the job allow to control processes and alter them?

3

Is there decision-making-authority? What is thedistance to the board?

2

Would the position be difficult or costly toreplace in case of a bad hire?*

5

What degree of supervision is the workerunder?*

8

Does the position require the worker to enterprivate homes or facilities?*

7

Would a falsification of skills put the employerat risk?*

6

*Source: Lester Rosen, The Safe Hiring Manual, Tempe/AZ 2012, page 245

16

Prepare/Plan: Definition of Red Flags

1 Typical no-gos

2 Should be defined prior to the screening.

3 Recommended: zero tolerance with misrepresentation.

17

Search: Sources of Information

1OSINT (internet, media,

public records)

2HUMINT: references (former employer,

people named by the applicant)

school/university)

3Other sources: drug screening, psychological tests,

polygraphing.

18

Search: Regulating the Depth

1 Extending the period under review

4 Practical approach (deep = 3 sources, regular = 2 sources)

2 Multiple sources from the same category

3 Multiple sources from different categories

19

Search: by the way…

1 Always ask for the original diploma or a certified copy.

2 Otherwise check the date (usually no weekends or holidays) and ask the issuer for confirmation.

3 HUMINT: assess the credibility of the source (biased information).

20

Checklist Verification of DocumentsSource: Marco Löw, Falle Bewerbungsbetrug, Hohenlinden 2011, page 33

Year dates only can cover gaps in the CV.1

Deviation within the text (font, size of character, space between lines), in particularwith name and date of birth.

4

Document issued on a weekend or publicholiday.

3

Documents of different issuers are alike(format, font, wording, spelling mistakes).

2

Does the document bear the right companylogo according to the date (change of logo)?

5

21

Loop: Why ‘Loop’?

A looping allows you to look at things from various angles.

This is necessary as information is not always self-explanatory.

22

Loop: Interview with the applicant

1 Give the applicant a chance for disclosure (negative information) at the very beginning without losing face.

4 Expose fraudsters by using specific interview-techniques and looking for verbal or physical signals of lying.

2 Negative findings: ask applicant for explanation (principle of fairness).

3 Address gaps in the CV.

23

Loop: interview techniques to expose fraudsters

1 Ask for neglibities and side issues (regional food, local infrastructure, recommendations, local peculiarities)

4 Monitor response time behaviour

2 Insistant questioning

3 Repeat questions differently worded

24

Loop: Mnemonic Ted’s PieHow to make the applicant speak?

P

I

E

PIE

Precisely

In detail

Exactly

TED’S

T

E

D

S

Tell me

Explain to me

Describe to me

Show me

25

Loop: Clues of DeceptionSource: ACFE, The Fraud Examiner‘s Manual, digital international Edition 2016, page 3.349

5

6

7

Physical

Manipulators

Crossing arms / crossing feet under the chair

Hand over the mouth

Verbal

1

2

3

4

Change of speech pattern

Repetition of the question

Selective memory (detailed knowledge vs lacking

details)

Turning aggressive and answering with a question Fleeing position8

26

Decide: Evaluation of negative Findings

Frequency

How often did the applicant go astray?

Recency

How recent is the applicant‘s deviation?

Intensity

How serious are the applicant‘s deviations?

Frequency

Intensity

Recency

27

Decide: Recommendation

1 Recommend to hire

2 Recommend to reject

3 Management override must follow a specific procedure

28

Take AwaysWhat do I know now?

1 Get away from the checklist. Instead define screening goals.

2 There are 6 risk dimensions of an applicant. The riskprofile-matrix shows which of them are relevant.

3 Design operational screening (information gathering) according to the risk assessement.

Contact:

Thank youfor your kind attention!

facebook.com/bernhard.maier.90281www.bm-investigations.at office@bm-investigations.at