Today, in the information era, in addition to shrinkage, fraud, and embezzlement, criminal insiders steal information—personal and business identities. And when it comes to the insider theft of identities, not only are the customers at risk but so are the coworkers of the insider criminal. Unlike insider shrinkage, fraud, and embezzlement, however, there is no way that companies can absorb the sometimes devastating psychological costs to employees or customers whose identities have been stolen and used to commit identity crimes. Companies have become more compassionate about giving employees time off work to recover from identity thefts and, from the increasing numbers of requests to the Michigan State University Business Partnerships in Prevention, it is apparent that companies also are establishing advocacy services to help victims in their recoveries.
These efforts, though laudable, are merely reactive and do nothing to prevent the identity thefts in the first place. By incorporating into personnel selection practices integrity tests for security, insider thefts largely can be prevented. Volumes of applied research conducted over many years in business settings have shown without any doubt that scientifically developed tests that comply with EEOC and Title VII guidelines are capable of detecting antisocial and criminal behavior in the workplace.
Why do all businesses not use these tests uniformly? There are seven reasons.
Many managers are unaware that such tests exist.
Many managers who are aware of these tests have no confidence in them; that is, lacking knowledge in the area of scientific testing, managers have no basis to believe these tests are effective.
Some of those managers who do recognize the value of using integrity for security tests purchase the tests from unknown companies; off-the-shelf tests often lack in validity and reliability and, therefore, do not work.
Other managers erroneously believe that integrity for security tests are cost prohibitive, an incorrect assumption, as this chapter reveals.
Some managers, although they know the tests are effective, are fearful of using them for legal reasons based on publicity given companies that have used the tests incorrectly, that is, without evidence that the characteristics being measured are job-related. Without having conducted a job analysis, companies are unable to distinguish between job positions that are and are not security-related.
Other managers mistakenly equate integrity for security tests with background checks: Background checks, like polygraph tests, are not specifically related to the tasks of the job, and these tests lack evidence for validity and reliability—the EEOC requirements. For these reasons, background checks and polygraph tests are generally illegal for purposes of personnel selection, except for specialized and federal government positions. In contrast, scientifically developed integrity tests for security, when based on the results of a job analysis, do conform to the legal statutes.
Not only the managers, but some employees as well, have preconceived ideas that, for example, if integrity tests are administered to job applicants, then the broad assumption must be that all employees are delinquent. Of course, this notion cannot be farther from the truth. But facts must be faced: Criminals are everywhere, including where people work. These perpetrators, like the proverbial bad apple in a barrel, spread rot to everyone. And criminals do not discriminate when it comes to crime: They will steal anyone’s identity—customers and employees alike.
The picture need not be all that bleak, however, because identity thefts by these relatively few dishonest employees can be stopped. How? In three simple and inexpensive ways:
Companies can use personnel selection tests for job positions of security to select for integrity and honesty.
Companies can create organizational cultures in which shrinkage, fraud, embezzlement, and other workplace crimes, including identity thefts, are openly acknowledged and addressed as potential and largely preventable company assaults.
Upper-level management can progressively and proactively support the majority of hardworking and honest employees who can help to maintain an honest company culture in which they can feel secure.
Ironically, it is the employees’ identities that often are stolen from companies, and it is also employees who can make the difference when it comes to preventing identity thefts. Ultimately, therefore, the people who make and maintain the company are the first line of defense against identity theft—and these individuals are company employees and their customers.
To address the first solution, one of the most reputable tests of integrity for security is the Socialization scale of the California Psychological Inventory (CPI).1 The Socialization scale can be administered independently of the other CPI scales; results from administering this test are valid and reliable; and, when based on a security job analysis (Chapter 9), the use of the test by a company meets the guidelines set forth by the EEOC under Title VII.
This integrity test for security was labeled Socialization by the test developer, Dr. Harrison Gough, because the scale was developed based on the theory that early socialization in the family, at school, and with peers would later in life predict delinquent or criminal behavior.
This socialization theory has been tested and verified in over 1,000 studies. The strength of the Socialization scale became so well known among researchers and test developers that the scale is the forerunner of most, if not all, other honesty and integrity tests published today. In fact, the items in most tests published in the United States were borrowed in part or in whole from the Socialization scale, sometimes verbatim. Today, the Socialization scale ranks among the most effective integrity test for security on the market. The validity is in the .50 to .70 range, and the reliability approximates .90—extremely strong values that indicate the utility of this scale for selection purposes where the goal is to select for integrity for security.
There are a number of other reputable tests as well, and costs vary among them. Therefore, to select a test that meets company needs and budgets, it is important to investigate several.
Exercise 1. The Integrity for Security Test: Option A—Obtain, Review, Compare, and Recommend an Existing Test
Estimated Time: Four Hours
Use the team approach to obtain the test manuals for at least three tests of integrity for security, including the Socialization scale of the CPI. Use the three sources described in Chapters 11 and 12—Appendix G, the SIOP Web site, and/or the Mental Measurements Yearbooks. For the CPI, the test publisher and Web site address is Consulting Psychologists Press, Inc., at www.cpp-db.com. Once obtained, compare (either in team pairs or as a group) the test manuals on these criteria:
Documented evidence for “predictive” validity
Documented evidence for reliability
Evidence for compliance with EEOC and Title VII guidelines on test fairness
Description of costs: test administration, interpretation, scoring, results, other
Description of testing procedures: administration, scoring, interpretation, other
Description of and rationale for a recommended cutoff score—the lowest acceptable score to be considered for the job
Test format: paper/pencil, computerized software, Web site administered?
If computerized or Web site administered: Obtain documented evidence for validity, reliability, and test fairness using these methods.
For the CPI Socialization scale:
Establish whether or not the Invalid Protocol scale also can be used with the Socialization scale, to detect false responding to the scale’s items.
After carefully weighing each of the above factors, select one test to recommend to management as a standard for the Business Information Security Program’s assessment battery. Because some companies prefer to invest in such tests as tangible assets, exercise 2 provides that alternative.
Exercise 2. The Integrity for Security Test: Option B—Develop a Company Proprietary Test
Estimated Time: Four Hours
Using team “pairs,” locate and obtain the names of at least three
I/O specialists for an interview. The purpose is to obtain information on the following points so as to compare and contrast these experts’ methods of test development and validation and their respective consulting costs. As before, use one or both of the following resources to locate an I/O specialist: the Society for Industrial and Organizational Psychology Web site at www.siop.com and/or the list in Appendix G. Once identified, conduct a team interview (by phone, Webinar, or in person) with each of three experts to determine their qualifications, based on these criteria:
What tests has the I/O expert developed, and what are the estimates of predictive validity and reliability for these tests?
What testing formats does the I/O expert develop: paper and pencil, computerized, on site, online?
What are the total consulting fees for developing such a test? Obtain a breakdown for individuals versus group costs; the development and validation procedure; the production of the test’s manuals (for evidence of validation and test fairness and for administering, scoring, interpreting test results); and the estimated cost the expert would incur for producing each test.
Does the consulting fee include the training of company personnel to administer, score, and interpret test results?
Does the consulting fee include a training manual?
Can the I/O specialist develop an integrity test for security for which results will be unrelated to cognitive ability or interpersonal skills?
What is the time frame for test development and validation, the writing and production of the test and test manuals, and the training of employees?
Based on comparisons of three experts’ responses and their documented supporting evidence for these questions, select one specialist to give management the choice of either purchasing a publisher-owned test or developing one that becomes company property.
To summarize thus far: The Business Information Security Program requires a series of standards to help secure the people front. These people standards are directed toward both performance and security, and they begin with a personnel selection system that includes tests of cognitive ability, motivation, and integrity. In addition, a measure of interpersonal skills, which is the last test (Chapter 14) in the BISP assessment battery, is for businesses in which employees interact with one another or with customers in the process of performing job tasks.
CHAPTER 14
THE PEOPLE FRONT: SELECT FOR INTERPERSONAL SKILLS
For efficiency and cost-savings utility, and to remain competitive in an information-based economy, the standards of the Business Information Security Program (BISP) incorporate information security into traditional personnel functions that companies already may have in place. One traditional personnel selection practice that can be expected to increase in a service-based economy is the use of tests of interpersonal skills, which is why this test is included as the fourth standard of the BISP assessment battery.
A test of interpersonal skills can help to determine the fit or match between a job and the job applicant or the level of training needed by an applicant to perform that job’s interactive tasks. The use of a test of interpersonal skills, as with all other personnel selection tests, must be based on the results of the job analysis, as not all jobs require interpersonal interactions.
Today, however, many jobs that require confidentiality of information also involve customer service in which employees interpersonally interact with their customers or consumers—a company’s potential customers. Whether these employee-customer interactions occur face-to-face, over the telephone or the Internet, or in written communication, their outcomes directly impact the reputation, performance, and security of corporate information. Similarly, many other jobs, such as support positions, although they may not directly involve customer service, require teamwork, such as in the development of these BISP standards. Other jobs, such as some entry-level positions that involve data entry and basic accounting or clerical tasks, may involve little or no interpersonal interactions to perform the job tasks but are, nonetheless, positions of security because of access to customer or coworker identities. Thus, although not all companies may require a test of interpersonal skills for job applicants, for jobs where tasks do involve an interpersonal component, this test is a required BISP standard. One last reminder: Under the Equal Employment Opportunity Commission (EEOC) guidelines and Title VII, this test cannot be administered to current employees.
STANDARD 8. SELECT FOR INTERPERSONAL SKILLS
Goal: Investigate and make recommendations to upper management for two options for a test of job-related interpersonal skills, which will be used for future personnel selection.
Specific Objectives: Consider the two options for obtaining a test of interpersonal skills: (1) use an existing test, one developed by test publishing company, or (2) engage an industrial and organizational (I/O) specialist to develop a company-owned proprietary test. For each option, compare and contrast the validity, reliability, and other criteria listed, then choose one test from each of the two options to recommend to management as alternative considerations for future personnel selection practices.
Orientation
The validity and reliability of the scales of the California Psychological Inventory have been established in hundreds of studies over the years and are used today by hundreds of companies for personnel selection practices, which is why this chapter, once again, uses an example from that inventory. The test of interpersonal skills is formally titled the Sociability scale. The test manual provides a lengthy list of applied research in businesses showing that the Sociability scale measures the ability to be cooperative and effective when dealing with others.
The test manual also reports one interesting validation study conducted in 1992 at an international communications company that followed the progress of 229 persons hired in a managerial development program. The Sociability scale had been administered at the time of hiring, and purpose of the study was to determine the effect of Sociability on promotion or nonpromotion to middle management seven or more years later. The results showed a validity of .30 and reliability in the .90 range, indicating that higher scores on Sociability were also strongly related to job promotions. In addition to this study on management tracks, the validity of the Sociability scale has been tested on a wide range of other job positions in many occupations. The Sociability scale is but one example, however, of dozens of reputable tests of interpersonal skills that the BISP team might consider in the following exercises.
Exercise 1. The Test of Interpersonal Skills: Option A—Obtain, Review, Compare, and Recommend an Existing Test
Estimated Time: Four Hours
Use the team approach to obtain the test manuals for at least three tests of interpersonal skills, including the Sociability scale of the CPI. Use the three sources described in Chapters 11 to 13—Appendix G, the Society for Industrial and Organizational Psychology (SIOP) Web site, and/or the Mental Measurements Yearbooks. For the CPI, the test publisher and Web site address is Consulting Psychologists Press, Inc., at www.cpp-db.com. Once obtained, compare (either in team pairs or as a group) the test manuals on the usual criteria:
Documented evidence for “predictive” validity
Documented evidence for reliability
Evidence for compliance with EEOC and Title VII guidelines on test fairness
Description of costs: test administration, interpretation, scoring, results, other
Description of testing procedures: administration, scoring, interpretation, other
Description of and rationale for a recommended cutoff score—the lowest acceptable score to be considered for the job
Test format: paper/pencil, computerized software, Web site administered?
If computerized or Web site administered: Obtain documented evidence for validity, reliability, and test fairness using these methods.
For the CPI Sociability scale:
Establish whether the Invalid Protocol scale can also be used with the Sociability scale to detect false
responding to the scale’s items.
Also establish whether validity evidence exists to use the Sociability scale as a stand-alone scale or whether the scale must be used in conjunction with other CPI scales.
Weigh each of the preceding factors, then select one test to recommend to management as the fourth standard for BISP’s assessment battery. Now consider exercise 2, to determine the utility of investing in a company-owned test.
Exercise 2. The Test of Interpersonal Skills: Option B—Develop a Company Proprietary Test
Estimated Time: Four Hours
Using the team pair model (divide duties and work in pairs) to locate and obtain the names of at least three I/O specialists for an interview. As in the previous people chapters, obtain information on the points below so as to compare and contrast the experts on their methods of test development and validation and the consulting costs for each. Again, locate an I/O specialist using the Society for Industrial and Organizational Psychology Web site www.siop.com and/or the list in Appendix G. Once so identified, determine the experts’ qualifications in a team interview conducted by phone, Webinar, or in person, using these criteria:
What tests has the I/O expert developed, and what are the estimates of predictive validity and reliability for these tests?
What testing formats does the I/O expert develop: paper and pencil, computerized, on site, online?
What are the total consulting fees for developing such a test? Obtain a breakdown for individuals versus group costs; the development and validation procedure; the production of the test’s manuals (for evidence of validation and test fairness and for administering, scoring, interpreting test results); and the estimated cost the expert would charge for producing each test.
Preventing Identity Theft in Your Business Page 12