Risk-Based Pre-Employment Screening

by Bernhard Maier

Bernhard Maier is a licensed private investigator and security agent in Vienna, Austria. His agency BM-Investigations was founded in 1998 and mainly serves clients from the financial sector. He holds university degrees in political sciences (magister) and security management (master). As an expert witness, Bernhard Maier consults Austrian courts and authorities. He is a regular speaker at Vienna based detective academy Eurodet, an ISO-certified risk manager and Certified Fraud Examiner.


Table of Contents

Introduction 2
Screening principles 3
The PES model at a glance 4
Step 1: Plan 6
Step 2: Search 10
Step 3: LOOp 12
Step 4: Decide 13

This paper was provided as a hand out of the presentation „Risk based Pre- Employment Screening“ at the ACFE European Conference on 20.03.2017 in London, UK.

Bernhard Maier, BM-Investigations e.U., Sterngasse 3/2/6, 1010 Vienna, Austria, Fon +43 1 5221372, office@bm-investigations.at, www.bm-investigations.at


Pre-employment screening (PES) refers to the process of vetting candidates before they join a company. To do this, information is obtained from various sources to check whether an individual poses a security risk to a prospective employer. It is important to distinguish between PES and the process of determining to what extent a candidate is qualified for a position (education, work experience, soft skills, etc.). The latter is not covered by PES and is a responsibility of human resource rather than fraud management.

Books and articles about PES usually provide checklists of information sources to be used when screening potential employees. This approach is only useful to a limited extent as the legal framework differs from country to country and so do the available information sources. The PES process model described below dispenses with such operative elements (a checklist-style list of information sources). It lays down screening objectives and leaves the operational implementation open, which is why it is universally applicable.

Protection of data and privacy presents a compliance challenge in the development of a PES process. Legally compliant screening must satisfy the criteria of relevance and appropriateness. The PES model described in this paper gives fraud management a tool at hand to figure out what is deemed to be relevant and appropriate information gathering.

Screening principles

It makes sense to define the principles of screening at the outset. This model sticks to the following principles:

  • Transparency: PES must be transparent to third parties to be verifiable and subject of audit. The transparency principle is bound to lead to textualisation, i.e. the creation of a corporate document outlining PES in a manner that is transparent to third parties.
  • Consent: Candidates will only be screened with their prior written consent.
  • Fairness: PES may not discriminate and must be carried out in an unprejudiced manner. Fairness also means that the final hiring decision is based on complete information.
  • Relevance and appropriateness: The screening must provide relevant information about candidates by entering the candidate’s private sphere in an appropriate manner. The parameters are the duties, competencies and responsibilities associated with the vacancy.

The PES model at a glance

The risk-based PES model has four process steps.


This step determines the risks of the vacancy by an assessment. The findings of the assessment are used to establish the scope and intensity of information gathering. In addition, the exclusion criteria for candidates are laid down.


The documented information gathering takes place in the next step “Search”. In this step, information sources are searched, information from these sources is gathered and the credibility of the used sources is assessed.


The “Loop” step provides candidates the opportunity to comment on any negative screening results. In addition, this step makes it possible to uncover CV-fraudsters.


In the last “Decide” step, a decision is made whether a candidate is acceptable from a security perspective.
The effect of this process is threefold. The company’s management is

  • actively engaged in the prevention of fraud risks,
  • meeting its duty of care responsibilities
  • and meeting compliance requirements (depending on the industry).

Step 1: Plan

This process step is mainly focused on

  • Preparing risk profiles for the positions to be filled (risk profile matrix)
  • Determining the scope and depth of screening and
  • Defining red flags

Preparing risk profiles for the positions to be filled

To comply with the principle of appropriateness of screening, an analysis of the risk factors associated with the open position is carried out first.
It is not really practicable to conduct a thorough analysis of each position in companies that employ a large number of staff. In such cases, fraud management is required to create risk groups that allow an easy categorization of a vacancy.

There are six areas of an applicant, which have the potential of turning out risky for an employer. The PES model refers to them as risk dimensions.

  • Extremism: This refers to religious and political attitudes and values, which lie well outside the range considered acceptable in a modern democracy.
  • Financial difficulties: This refers to financial standing, i.e. the level of indebtedness compared to assets and income. Financial pressure is known to be a major motive of fraud.
  • Concealment of identity or residence: Attempts to conceal identity or residence indicate that the candidate may have the tendency to evade obligations or liabilities that may arise at a later stage.
  • False CV-information: This risk dimension covers false statements about skills and qualifications of candidates.
  • Substance abuse: poses a risk in the case of excessive consumption of legal substances and the consumption of those that are classified as illegal.
  • Lack of integrity: Integrity means the willingness to observe laws or contractual obligations, when an employee has the choice to take action, which runs counter to the objectives of the employer.

While the boundaries between the risk dimensions are blurred and overlapping, this does not present a problem in practice. What counts is to spot risk factors during PES.

The “labelling” of these factors is less important.

In a next step, a risk profile matrix is created to determine which of the above risk dimensions apply to the open position. The six risk dimensions on the x-axis of the matrix are plotted against the maximum damage an employee in the role in question can cause on the y-axis.

The amount of damage is broken down into low, medium and high. Each of the six risk dimensions is ranked to determine whether an employee at the position in question is capable of causing damage that is low, moderate or high to the company.

When identifying potential events of damage only those can be taken into consideration, which are relevant to the key powers conferred upon the position to be filled. In other words, they must relate to the core competences. It should be avoided to identify a plethora of potential incidents.

Furthermore, it is important to use different perspectives to identify potential damage events. These include the internal/external perspective and four possible damage groups.

  • Internal/external perspective: Looking at the issues at hand from the company’s and third-party perspective.
  • Damage groups: Damage can be broken down into four groups
    • Personal injuries
    • Damage of property
    • Financial losses
    • Reputational damage

Next, thresholds are defined, which make it easier to assign the maximum damage event to a category (low, medium, high).
Example of a risk profile matrix

The figure above shows an example for a position of a sales representative. He will be required to use a company car to visit private households and conclude contracts for the installation of satellite TV systems.

From an internal perspective, the risk dimensions of identity/residence concealment, substance abuse and lack of integrity are ranked as moderate. These rankings are attributable to the fact that the representative will be provided with a company car, which could be embezzled or damaged.

From an external perspective, there are three high-risk dimensions, namely identity/residence concealment, substance abuse and lack of integrity. The dimension extremism is ranked as moderate. The high ranking of identity / residence concealment and lack of integrity is attributable to the insights of the respective position. The employee will be visiting households, which means that he will be able to gather insights with respect to assets and security measures, which could be used in a theft or burglary. Substance abuse is considered to be high-risk because of the requirement to use a company vehicle in the public (risk of third party property damage and personal injury). Finally, the moderate ranking of extremism is based on fact that the employee will to some extend represent the company towards customers. Openly radical views could potentially damage the employer’s reputation.

Overall, it is irrelevant whether the ranking of risk factors stems from internal or external points of view or both. It is the highest ranking within a risk dimension that counts. In the following example, three high-risk dimensions (identity / residence concealment, substance abuse and lack of integrity) and one moderate-risk dimension (extremism) are identified. This is used to determine the scope and depth of screening.

Determining the scope and depth of screening

The screening scope tells us for which of the six risk dimensions needs to be investigated.

The screening depth tells how deep to dig in the relevant risk dimension. It makes sense to use three depth levels (low, moderate, high) to determine the intensity of the screening to be performed. This classification is reflected in the number of information source used in the screening of a risk dimension, or the use of techniques to increase screening depth. The details of these techniques are described in the “Search” process step.

Fraud management has to decide from which ranking onwards risk dimensions should be investigated and to what depth. This decision is based on the risk appetite of the organisation. It makes sense to conduct more in-depth checks of those risk dimensions which rank higher in the risk profile of the vacancy than those classified as moderate.

Example of screening scope and depth
Based on the above example, the screening scope and depth of an organisation with moderate risk appetite could look as follows:

Risk dimension



Screening depth





Financial difficulties








False CV-




Substance abuse




Lack of integrity




Defining red flags

Red flags are risk indicators that are defined before the start of operative screenings. They point to common and frequently occurring risks and are used in the “Decide” step to reject applications.

Example of red flags

A conviction for a property-related offense (risk dimension integrity) or high levels of debt (risk dimension financial circumstances) can raise red flags, if the vacancy is
associated with handling high amounts of cash.

Step 2: Search

The process step “Search” is mainly focused on

  • Identification of suitable sources of information
  • Gathering information in adequate depth
  • Assessment of source’s credibility
  • Documentation

The screening scope and depth is determined in the “Plan” process step with the help of the risk profile matrix. The following step “Search” is based on this decision and involves investigative screening activities.

Identification of suitable sources of information

This model doesn’t give any indications, which sources of information to be used in the screening. It only indicates which risk dimensions should be investigated and to what depth. What the model does is defining screening objectives. It is the responsibility of local fraud management to spot suitable sources and conduct investigations in a lawful manner to achieve these objectives.

The information sources that can be used include publicly accessible registers, databases of private providers, media archives, social media and internet research, psychological and polygraph testing, personal references, drug tests and candidate interviews. This list is not exhaustive. In addition, candidates can be asked to submit documents, which are not publicly available (such as utility bills to provide proof of residence).

Gather information in the adequate depth

In general, there are three levels of depth (low, moderate, high). These four investigative techniques can be used to increase the depth of screening:

  • Extending the period under review: E.g. the screening depth can be increased by obtaining information about candidates not only from the last employer but from the last tree employers. This technique is not useful for the financial circumstances of an applicant, because only the current financial standing is relevant.
  • Various sources from the same category: Information is gathered from the same category of sources that are independent of each other. For example, information will be obtained from several credit rating agencies to determine the financial situation of a candidate.
  • Various sources from different categories: Here, several sources of information, which belong to different categories are used for the same risk dimension. The candidate’s social media profiles can be used to find out more about the personal views (risk dimension extremism) of a candidate. In addition, a reference provided by the candidate is contacted and interviewed.
  • Combination: Finally, the depth of the information gathered can be increased by combining the three aforementioned methods. An example would be to extend the period under review and at the same time broaden the variety of sources used.

It lends itself to define shallow depth as access to only one source of information. Moderate depth could be defined as using one of the above techniques (except for combination). High screening depth could be associated with the requirement to combine two of the techniques.

Another way to determine the level of depth – which is probably easier to put into practice – would be to specify the number of sources used in the screening (one source = low, two sources = moderate, three sources = high).

Reliability of sources

Information from sources may not be used without scrutiny. The source must be assessed in terms of credibility.


The information obtained must be recorded in a traceable and verifiable manner. The documented findings are used in the “Decide” process step as a basis for deciding
whether candidates are acceptable from a security perspective or not.

Step 3: LOOp

The “Loop” process step essentially means an in-person interview with the candidate to

  • address any negative findings and/or
  • uncover red flags of CV-fraud.

If the interview raises new red flags, it will be followed up with a new search into these flags, including another interview.

In this process step, an in-person interview is conducted with the candidate. This is an opportunity to address any negative information that has emerged during the “Search” step. Information is not always self-explanatory. It makes a difference whether financial difficulties are a result of a shopping addiction or a long-term illness-related inability to work. In such cases an interview can give a better understanding of an applicant.

To comply with the fairness principle, negative information should be considered from the perspective of the candidate. This is the reason why the step is named “Loop”. A looping allows us to look at things from various angles, including maybe the applicant’s up-side-down point of view regarding a flag discovered during investigation.

This process step also offers the opportunity to stamp out candidates who lie or provide false information on their applications. To do this, special interviewing techniques are used (questions about trivialities, repeatedly rephrased questions on the same topic,
monitoring response time behaviour).

Step 4: Decide

The process step “Decide” involves

  • Evaluation of the information obtained
  • Decision, whether candidates should be accepted or rejected from a security perspective.

In this step, the findings obtained in the previous steps, including any additional information (comments from the candidate) are evaluated. The key criterion in the evaluation is risk relevance.

Evaluation of information

In the first instance, it is necessary to evaluate the content itself. To do this, it is checked whether the information obtained raises any red flags. The information that a candidate has committed acts of domestic violence should be made contingent on the type of role sought. It will be less relevant, for example, if the candidate is applying for a position in accounting. However, if the candidate is applying for a job, which involves caring for patients in a hospital, violent tendencies should, by definition, raise concerns.

After having checked whether the information obtained raises any red flags, the quality of the information has to be assessed, using criteria such as frequency, intensity and timeliness. The one-time withdrawal of a driving licence for drink-driving (risk dimension substance abuse) has quite a different weight than if this is a repeated offence. Similarly, shoplifting (lack of integrity risk) should be considered differently than aggravated fraud.


Finally, the applicant is either accepted or rejected from a security perspective. This assessment is passed on to the management in form of a recommendation rather than a final decision, whether to hire the candidate or not.