THE CPA IN INDUSTRY
HOW WELL DO YOU REALLY KNOW WHOM YOU HIRE?
By Rob Gardner
Imagine you are this executive: A former employee calls you at home. In between profanities, she demands you keep up her health benefits. If not, she implies, things will happen to you and your family.
"How could this happen?" you ask yourself. You know your company did a background investigation on this employee before you hired her. Nothing came up in the investigation.
Later, you find out this is not a unique incident for this woman. The ex-employee had a prior criminal conviction for a crime of violence. What you also find out is your background investigation did not turn up her criminal past because it did not check all the locations where she previously lived. Also, you did not search on her former, married name. Luckily, the police arrest the ex-employee on charges of extortion. No harm is done to you or your family.
Future conduct often can be predicted by past behavior. Those who formerly engaged in criminal conduct may be likely to do it again. Further, those with criminal pasts may be more likely to commit violence in the workplace.
If a company puts forth individuals who lie about their backgrounds, it loses credibility with its stakeholders. When they fire someone after discovering resume fraud, they lose their training and transition costs. Successful employee screening protects the assets and reputation of a company, as well as saves money in recruiting and training costs.
Employee screening programs do catch people. For instance, one company did approximately 6,000 background investigations in an eight-month period after which it identified 97 potential hires with criminal histories (predominately misdemeanor records), 51 individuals who misrepresented their educational credentials, and 201 individuals who misrepresented their employment history. Still, too often, employee screening programs did not catch the bad hire.
As a manager in Arthur Andersen LLP's Business Fraud Risk Services practice, I have witnessed a variety of companies hire individuals with undesirable pasts. One company hired a computer "hacker" with a prior Federal conviction for wire fraud. Another company found that a person stealing from them was already awaiting trial on a similar matter. Another company had to deal with the consequences of hiring an individual with a violent criminal past, which is the scenario I outlined above.
Companies go about screening employees in many ways. Some ask their human resource departments to make a few calls. Others hire private investigators. In recent years, many companies and services have emerged to deal with employee screening. You can dial 900 numbers or surf the Internet. A company more known for providing employee awareness posters will now investigate your hires. Most of these options will help.
All systems take advantage of publicly available information. To learn if someone has a criminal conviction, just march into the local courthouse. Past financial problems, represented by lawsuits, judgments, garnishments, tax liens, and bankruptcy filings, are all available to the public. Other items, such as prior employment and education, can be verified through phone calls. Yet, these investigative findings are only an activity within the bigger process of employee screening.
Employee screening programs fail when they are not managed right. They fail for three key reasons:
* They may not cover the right records. For instance they may search criminal litigation records, but not civil litigation records.
* They may not search in the right places. We live in mobile society. Individuals will move from one locale another to escape past indiscretions.
* Companies do not spend the right amount of money. Some companies spend more money than they need because they are not aware of inexpensive alternatives; other spend so little, they do not get enough data.
What matters most is not doing the investigation; it is putting in the right procedures to manage the investigations. Which would you rather be, the company that does no background investigations or the company that does flawed background investigations? As Socrates noted, we are worse off when we do not know what we do not know.
The Effective Employee Screening Program
Employers need good information before hiring. Consider the top secret or high clearance job. Investigators will interview the family doctor who delivered the candidate to his or her current employer and everyone in between. They will check a host of files for criminal convictions, lawsuits, and bankruptcies. They do this because they want to make sure the person on the application is exactly who he or she purports to be, and there is nothing detrimental in the past.
Most employers have no desire to go through all that trouble. Most employers cannot draw on the resources of the Federal Bureau of Investigation to investigate their new hires.
Employers want a balance between good information and business considerations. To do that, an effective investigating program should be constructed as follows:
* The program should be inexpensive. Employee screening should not be a luxury only used on top executives. Effective programs screen all new hires, though not necessarily to the same degree depending on position.
* The program should be easy to administer. There should be consistency in the investigations and the findings.
* The program should provide the right types of data. The company should be able to make hiring decisions based on the investigations.
A well-managed employee screening program also includes these four components: Risk assessment, investigative protocols, a vendor or other mechanism to complete the investigations, and a way to analyze and interpret the findings.
The Risk Assessment
Companies evaluate their investigative needs through a risk assessment. The risk assessment is a process to understand who a company hires and the risks associated with them.
Human resource employees know a lot about hiring and can provide a lot of information. Still, they may not recognize every risk. The experiences of internal audit, legal, corporate security, or loss prevention, or operations can assist in getting a full picture of hiring risks. An outside consultant may facilitate bringing together the experiences of the departments and identifying other risks.
After studying where the hires come from, and what they are to do, it is possible to create hiring categories in which the same type of investigation is used. For instance, a firm would not do as in-depth an investigation on a new mailroom clerk as it would on a new vice president. The end result of the risk assessment is to be in the best position to run effective searches.
Once upon a time, companies determined their yearly hiring needs then went to a few universities and recruited a new class. These hires were young and easy to check. They did not have many credentials to verify and had little credit history. It was easy to check for criminal history because they tended to have resided in two places: home and college.
Today, companies still hire straight from college. They also hire laterally. They seed new service lines or bring in special computer skills. These hires present greater employee screening challenges because they have moved around and lived in many places. They may have run their own consulting practices. They may have experienced bankruptcy or litigation. The employee screening program needs to match hiring patterns.
The risk assessment must identify the requirements and risks associated with each function. Some employees handle cash or make purchasing decisions. A candidate who is going through a bankruptcy or has poor credit history would not make sense. Some employees drive company cars or operate heavy machinery. What do their driver's license records look like? It does not make sense to apply the same hiring procedures to the factory worker as it does to the credit manager.
The secret of good employee screening is to search enough without searching too much. A company does not want to miss something important like a criminal conviction. Yet, spending too much time investigating is not a beneficial use of company funds. By doing the risk assessment, a company is in a better position to design and apply new hire investigations that are appropriate to its hiring needs.
Background Investigative Protocols
Despite recent concerns about loss of privacy and encroaching Big Brother, there is no central repository of information on individuals and no simple way to check people out. Investigators cannot throw your name into one supercomputer and learn what they need to know.
Crucial records like lawsuits, criminal convictions, tax liens, and judgments are maintained at individual county courthouses. If you work in Illinois, but live in Indiana, a search of Illinois records may not reveal anything.
When records are identified, they must also be evaluated. They may simply match the name of the subject. Imagine, for instance, searching for records involving a John Smith or a Juan Garcia. Is it enough to know about public records, the existence of a suit, or are the details of the suit necessary? Many search firms, recognizing this array of choices, offer "menus" of investigative options.
From within this menu, a company must establish what needs to be investigated for each new hire. All new hire investigations will focus on two areas:
* Verifying representations made on a resume or application including education and job history as well as the person's residence, and
* Uncovering undisclosed facts such as criminal convictions and lawsuits.
To meet these broad goals, companies can draw on public records, online databases, and telephone verifications. In addition, companies must decide how many places to look. Is a search of the county of current residence enough? What records to search and where to search stem from the risk assessment. The goal is to get the best coverage to manage identified risks.
Besides setting a framework of what to investigate, building protocols or general risk groups make it easier to administer an employee screening program. Instead of needing to build investigative work plans for each hire, the company follows a series of protocols for general risk groups based on the risk assessment. For example, a company may decide they have three hiring categories: college graduates for financial positions, experienced hires for management positions, and high school graduates for clerical positions. Each category would have a preestablished series of investigative steps.
Even when companies establish good protocols, it is still possible to miss things. The perfect scope can be negated if the findings are not properly analyzed and interpreted.
All background investigations are imperfect. Time, the availability of records, and economics dictate the scope of an investigation. A preemployment investigation will not look under every rock in a person's past. The receiver of a background investigative report must understand the report's limitations. More important, he or she must be able to draw conclusions from certain red flags. For example, in the hacker case previously mentioned, the credit report contained red flags. This individual had "good" credit, yet more than would be expected from someone his age and social stature. Skilled reading of the credit report could have kept this individual from being hired (or at least led to further investigation).
Companies rarely give guidance on how to review investigative reports. Often, a lower level employee reviews the reports. Therefore, as part of an effective employee screening system, the company must train their people on how to review the investigative reports.
Choice of Vendor. Companies can choose different ways to do employee screening investigations. They can hire a vendor or they can do the investigation in-house.
The advantages of keeping the work in-house are more control over the product and the depth of the information discovered. Outside vendors probably have more experience and can be relatively inexpensive. Many companies combine both methods, using a vendor to check public records and making reference calls themselves. Companies should consider what they want the end-product to look like. Vendors often use a uniform report format that easily highlights findings.
As a company builds its employee screening program, it needs to choose a vendor or establish a way to complete the investigations. The company should get information from various vendors regarding price, coverage, report format, and turnaround. The company should also do its homework on the anticipated
An Ounce of Prevention
It makes good business sense to investigate employees before they are hired. To be avoided are criminals and those who misrepresent their credentials. It is easy to check out people through public records and simple phone calls. Without careful management, however, the investigations will not be effective.
Companies must make sure they know their key hiring risks. Then, they must search the right records to manage those risks. It is not enough to do investigations; the company must know how to analyze and interpret the results. Finally, the company must choose a vendor that can make the whole system work. The vendor should be cost effective, timely, and provide easy to read reports.
When employee screening programs are not managed right, companies get a false sense of security. Too often, companies then got burned--not because they did investigations, but because they did not manage the process. After making a hiring decision, executives do not want a violent criminal to track them down with threatening calls. *
Rob Gardner is a manager in Arthur Andersen LLP's Business Fraud Risk Services practice based in Chicago. He can be reached at (312) 507-4403 or by e-mail at firstname.lastname@example.org
Recommended additional reading: The Guide to Background Investigations, Seventh Edition (1997, T.I.S.I.) or Get the Facts on Anyone, Second Edition by Dennis King (1995, MacMillan).
Reprinted with permission of Insight, the magazine of the Illinois Society of CPAs.
John F. Burke, CPA
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.