The article has been revised on March 24th, 2014.
Risk management, as it relates to human resources, can be broken down into three phases: prior to employment, during employment, and after employment. In this article we take a look at the relationship of the human resources department's hiring process and the potential risks involved for risk managers.
On March 20, 2012 Jarno Smeets, a.k.a. The Bird-Man, posted a video of himself flying with a winged contraption. This accomplishment (soon after Smeets admitted this is a hoax and 'online storytelling' ) in and of itself was an amazing feet and a brilliant piece of cinematography, but we are here to talk about risk management.
Journalists discovered that The Bird-Man’s resume was falsified, identifying both Smeets’s professional experience and education were fabricated. Smeets stated he attended Coventry University, but there is no record of him in the university’s system. Further, Smeets claimed he worked for Philips Design, and again, there was no record of his employment there.
Now we get to the exciting part, what this means for risk managers and human resource departments, and the importance of the two working together. Recruiters and hiring manager sift through hundreds sometime thousands of candidates in the hiring process. Because of the volume of data and often limited timeline, the opportunity for a falsified resume making its way into the potential candidates "pile" of resumes is often unavoidable, unless the process is sound. This initial research step could be considered the most important, as once a candidate is in the potentials, the interviews follow and it is highly unlikely that an interviewer will spend the time to research the data presented.
According to Hire Right, a firm that specializes in employee background checks:
- 80% of resumes are misleading
- 20% state fraudulent degrees
- 30% show altered employment dates
- 40% have inflated salary claims
- 30% have inaccurate job descriptions
- 27% give falsified information
Here are a few more "famous" or well-known folks who were not completely honest on their resumes:
- David Edmondson former CEO of RadioShack: Edmonds stated he had received his degree in psychology and theology from Pacific Coast Baptist College. However, he never graduated from this college.
- Ronald Zarrella, former CEO of Bausch & Lomb:·Zarrella stated he had received a MBA from New York University. However, Zarrella never finished the program.
- Kenneth Lonchar, former CFO of Veritas Software:·Lonchar claimed he received an accounting degree and a MBA from Stanford, both were untrue.
In today's competitive job market unfortunately some applicants do whatever it takes to get noticed. Hiring managers and recruiters need to consider the risk involved with making hiring decisions. Risk managers should work with hiring managers and recruiters in expressing the threats inherent with falsified resumes. An organization’s security policy should express a hiring procedure with a competent vetting process that reduces the potential risks that exist with hiring candidates who have falsified information.
Background checks on all candidates and contractors should be carried out in agreement with laws, regulations and ethics, while ensuring this background check is comparable to the business requirements and the level of access the candidates will have to information, assets, and perceived risks. As the stats and stories above point out, a check for accuracy in the applicants resume and confirmation of the claimed academic and professional qualifications is a great place to start. An asset to the HR departments can be LinkedIn, as a study in 2012, The Effect of LinkedIn on Deception of Resumes, revealed the public nature of the social site forced users to be more honest. After all, it is easy to connect with previous colleagues and managers to discuss the accuracy of the information provided. The study also confirmed the behavior to consult with the perspective applicants LinkedIn profile is performed about 48% of the time.
Risk management is a management system that should find its way into all business operations within an organization. Often times risk management stops with the finance department, the IT department, or with a business continuity plan. As the stories point out above, there are risks involved when hiring new employees and these should be considered when developing a security policy. The intelligence gathering by the HR department should account for the various risks outlined in the organization's security policy.