An increasingly important topic for public sector risk managers is that of recruitment and the validation of references. While it is not an obvious subject for risk practitioners, concerns about who has been employed and what checks were made if it all goes wrong can be enormously significant and damaging.
Obvious areas of concern include those working with children and in child protection and those that can influence the movement of money, but there are many other vulnerable activities within the public sector sphere of service provision where trust, integrity and character traits are essential aspects to be validated in potential employees.
Child protection issues have been topical for some time. There have been concerns about the Criminal Records Bureau and its outsourcing to the private sector, and about backlogs following the introduction of new technology. These, it is to be hoped, are now resolved There were additional problems centring around police interpretation of the Data Protection Act and exchange of information, which were held as a principal cause behind the employment of a certain school caretaker in Soham. The disastrous consequences are all too well recorded.
While child protection issues are well managed in the obvious area of direct engagement with children, can every local authority be certain that it has considered all the sources of contact its activities create, and that checks are in place? Boards of school governors, cleaning contractors, summer play schemes and so on, all have a significant turnover of individuals and also create opportunities for contact with children.
Access to money and the ability to transfer money out of the organisation is an aspect of many roles and responsibilities within the public sector.
More and more people are involved here, outside the finance directorate where controls tend to be more robust. Housing benefits and the creation of fraudulent claims, ghost employees on payrolls and virtual suppliers or contractors have all been identified in the past few years as a means of defrauding public organisations.
Most public sector organisations will have fidelity insurance, often with a significant excess, to protect against the big hits. It is often a requirement of the fine detail of the policy that the employer should seek three references prior to engaging someone. Yet custom and practice in the public sector is to seek just two.
In addition, consider the processes in place when considering those references.
Many appointing managers will check that there is no gap in employment, and that the referees given are relevant to immediate previous employment, and will also ensure references are sought and returned subject to the final offer of employment. But how much attention do they pay to the content of a sought reference?
More and more organisations use a generic form, asking some basic questions about whether the referee considers the candidate suitable and trustworthy.
They commonly include a job description and person specification, but do not benchmark the response against the criteria. Such validation is often followed up by a human resource officer, in writing for the purposes of records, but seldom involves a direct conversation with the referee.
Given the employee's right to see the references provided - through the Freedom of Information Act - there is an obvious reluctance for a frank and critical opinion to be provided in the case of a reference. Some would even argue that a referee may use glowing references as a means to move on unsatisfactory staff.
References aside, the electronic age in which we operate allows for the production of authentic-looking letterheads, and direct dial telephony means there is little validation of telephone numbers provided.
Regardless of references, what meaningful validation occurs of qualifications and health status? Many organisations take qualifications as read, and health questionnaires again tend to be generic. It is extremely unusual to have a person specification identify any physical or health issues related to a job.
So what is the risk management response to this potential employment lottery? It stands to reason it should be a risk-managed approach. Given the volumes of employment and recruitment opportunities in a large organisation, even a generic minimum standard is laudable, but an impact analysis of the issues of trust, health and technical expertise should certainly influence a bespoke validation processes for certain jobs.
A risk practitioner, working alongside human resources could establish procedures and processes that reflect the risk of each job and identify appropriate control measures. This use of risk management methodology to prioritise resources will add the most value to the organisation, as well as providing the reassurance required for internal and external inspections.
Mitigating this major area of personnel risk requires a systematic approach to understanding the risks associated with the appointment process. The development of robust arrangements for validating applicants to ensure that the right people are recruited will make sure that the wrong people are not
- Carolyn Halpin is chairman of ALARM - The National Forum for Risk Management in the Public Sector, www.alarm-uk.com - For more information please visit the ALARM website: