Skip to playbook

HR07·Background Checks

Background Checks & Hiring Risk Review

Extract and classify background-check findings into candidate risk profiles and a summary table for final hiring decisions.

Before you start

What you’ll need

  • Access to completed background check reports for selected candidates
  • Familiarity with your organisation’s risk tolerance thresholds and role-specific compliance requirements
  • Selected Candidate List
  • Background Check Reports
  • Role-Specific Compliance Requirements
  • Organisational Risk Tolerance Policy

Who’s involved

  • HR SpecialistRuns the background check risk review and produces candidate risk profiles
  • Hiring ManagerReviews the risk summary and decides on next steps for each candidate
  • Legal AdvisorReviews compliance-related findings and confirms regulatory classification

Safe use

  • Data HandlingThis workflow processes sensitive personal information (criminal records, credit history, employment verification results). Do not paste background check data into public or unapproved GenAI tools.
  • VerificationGenAI may misclassify findings or conflate unrelated records. Verify every AI-generated risk classification and finding citation against the source background check reports before sharing with decision-makers.

Execution steps

Hybrid

Inputs

  • Confirm the selected candidate list is finalized and approved for background checks
  • Confirm all background check reports have been received from the approved provider
  • Confirm role-specific compliance requirements are documented and current
  • Confirm the organisational risk tolerance policy is accessible and approved
  • Confirm you are using an approved GenAI tool for this workflow

Prompt

Define structured template for risk classification

CONTEXT
You will be provided with the following source documents:
1. Selected Candidate List
2. Background Check Reports
3. Role-Specific Compliance Requirements
4. Organisational Risk Tolerance Policy

TASK
Define a strict markdown template for classifying background check findings per candidate. The template must separate confirmed issues from items requiring follow-up, and include fields for finding type, severity, evidence citation, and recommended action.

OUTPUT FORMAT
Produce a template in this exact structure:

## [Candidate Name]
### Confirmed Issues
| Finding Type | Description | Severity | Source Reference | Recommended Action |
|---|---|---|---|---|

### Follow-Up Items
| Finding Type | Description | Reason for Follow-Up | Source Reference | Deadline |
|---|---|---|---|---|

### Clear Checks
- [List checks completed with no findings]

### Overall Risk Rating
- **Rating:** [High / Medium / Low / Clear]
- **Basis:** [One-sentence justification referencing the confirmed issues and follow-up items]

CONSTRAINTS
Do not add fields beyond those specified. Do not define severity levels outside the organisational risk tolerance policy. Do not include scoring weights or automated decision thresholds.

Outputs

  • Risk Classification Template

Verification: Confirm the template severity levels match your organisational risk tolerance policy exactly before proceeding

GenAI

Inputs

  • Confirm sensitive identifiers have been redacted from reports before prompting

Data Handling: Do not paste full background check reports containing financial account numbers or government identifiers into the prompt; redact these fields first

Prompt

Extract factual findings from background check reports

CONTEXT
You will be provided with a candidate’s background check reports and a risk classification template defining how findings should be structured.

TASK
For each background check report, extract every factual finding with its source reference. Categorise each finding by check type: criminal record, employment verification, education verification, credit history, reference check, or other. Quote the exact finding from the report.

OUTPUT FORMAT
For each candidate, produce:

### [Candidate Name]
#### [Check Type]
- **Finding:** [Verbatim text from the report]
- **Source:** [Report name, section, and date]
- **Status:** [Confirmed / Pending Verification / Inconclusive]

Repeat for each check type with findings. If a check type returned no findings, state: "No findings reported."

CONSTRAINTS
Do not summarize or interpret findings. Extract text exactly as written in the source report. Do not add risk assessments at this stage. Do not include personal identifiers beyond what is necessary for candidate identification.

Outputs

  • Extracted Findings per Candidate

Verification: Verify every extracted finding exists verbatim in the source background check report

GenAI

Inputs

Prompt

Classify extracted findings against role-specific risk thresholds

CONTEXT
You will be provided with extracted background check findings for a candidate and the role-specific compliance requirements that define which findings are relevant to the position.

TASK
Classify each extracted finding into one of three categories: confirmed issue (verified finding relevant to the role), follow-up item (finding that requires additional verification or context), or clear (no risk to the role). Assign a severity level per the organisational risk tolerance policy for each confirmed issue.

OUTPUT FORMAT
For each finding, provide:

- **Finding:** [Original extracted finding]
- **Classification:** [Confirmed Issue / Follow-Up Item / Clear]
- **Severity:** [High / Medium / Low] (for confirmed issues only)
- **Relevance:** [One sentence explaining why this finding is or is not relevant to the role requirements]
- **Recommended Action:** [Specific next step]

EXAMPLE
- **Finding:** "Employment at prior organisation from 2019–2021 could not be verified; organisation no longer in operation."
- **Classification:** Follow-Up Item
- **Severity:** N/A
- **Relevance:** "The role requires five years of verified industry experience; this gap affects the verification count."
- **Recommended Action:** "Request candidate to provide alternative verification such as pay stubs or tax records."

CONSTRAINTS
Do not classify a finding as confirmed unless the source report explicitly verifies it. Do not assign severity without citing the specific role requirement or compliance rule that makes the finding relevant. Do not speculate on findings marked as inconclusive.

Outputs

  • Classified Finding Sheets
  • Every classification cites the specific compliance requirement or risk threshold used
  • No inconclusive findings are classified as confirmed issues
  • Severity levels match the organisational risk tolerance policy definitions

Verification: Verify the AI has not conflated findings from different candidates or check types during classification

Hybrid

Prompt

Synthesize classified findings into candidate risk profiles

CONTEXT
You will be provided with classified finding sheets for a candidate and the confirmed review scope defining which candidates and check types are in scope.

TASK
Synthesize all classified findings into a single candidate risk profile. Populate the risk classification template, separating confirmed issues from follow-up items and listing clear checks. Assign an overall risk rating based on the aggregate findings.

OUTPUT FORMAT
Follow the risk classification template exactly:

## [Candidate Name]
### Confirmed Issues
| Finding Type | Description | Severity | Source Reference | Recommended Action |
|---|---|---|---|---|

### Follow-Up Items
| Finding Type | Description | Reason for Follow-Up | Source Reference | Deadline |
|---|---|---|---|---|

### Clear Checks
- [List all check types completed with no findings]

### Overall Risk Rating
- **Rating:** [High / Medium / Low / Clear]
- **Basis:** [One-sentence justification referencing confirmed issues and follow-up count]

CONSTRAINTS
Do not introduce findings not present in the classified finding sheets. Do not override severity levels assigned during classification. Every table entry must cite its source report reference.

Outputs

  • Every confirmed issue cites the source background check report
  • Follow-up items are clearly separated from confirmed issues
  • Overall risk rating reflects the aggregate severity of confirmed issues

Verification: Confirm no findings from other candidates have been mixed into this profile

Hybrid

Inputs

  • Candidate Risk Profiles

Prompt

Compile candidate risk profiles into summary table

CONTEXT
You will be provided with completed candidate risk profiles for all candidates in the background check review.

TASK
Compile all candidate risk profiles into a single risk summary table sorted by overall risk rating, highest risk first. Include counts of confirmed issues and follow-up items for each candidate.

OUTPUT FORMAT
Generate a markdown table with the following columns:

| Candidate | Overall Risk Rating | Confirmed Issues (Count) | Follow-Up Items (Count) | Key Concerns | Recommended Next Step |
|---|---|---|---|---|---|

Group rows into sections:
1. **High Risk** — candidates with high-severity confirmed issues
2. **Medium Risk** — candidates with medium-severity issues or multiple follow-ups
3. **Low Risk / Clear** — candidates with no confirmed issues

CONSTRAINTS
Do not re-rate candidates beyond what the risk profiles state. Do not omit any candidate from the table. Do not add subjective commentary beyond what is documented in the risk profiles.

Outputs

  • Every candidate from the review scope appears in the table
  • Grouping reflects the overall risk rating from each candidate risk profile
  • Issue and follow-up counts match the detailed risk profiles exactly
Hybrid

Inputs

  • Candidate Risk Profiles
  • Risk Summary Table

Data Handling: Confirm all sensitive personal data has been appropriately handled before distributing the final summary to stakeholders

Prompt

Produce final documented risk view for hiring decisions

CONTEXT
You will be provided with candidate risk profiles and a risk summary table covering all candidates in the background check review.

TASK
Produce the final Background Check Risk Summary document. Separate confirmed issues from follow-up items across all candidates, provide an executive overview, and list specific recommended actions before final hiring decisions can proceed.

OUTPUT FORMAT
Structure the document as follows:

# Background Check Risk Summary

## Executive Overview
[2–3 sentences summarizing the overall risk picture across all candidates]

## Confirmed Issues
For each candidate with confirmed issues:
### [Candidate Name]
- **Issue:** [Description]
- **Severity:** [High / Medium / Low]
- **Source:** [Report reference]
- **Impact on Hiring Decision:** [One sentence]

## Follow-Up Items
For each candidate with pending items:
### [Candidate Name]
- **Item:** [Description]
- **Required Action:** [Specific verification step]
- **Deadline:** [Recommended timeline]

## Candidates Cleared
[List candidates with no confirmed issues and no follow-up items]

## Recommended Actions Before Hiring
[Numbered list of specific actions required before proceeding]

CONSTRAINTS
Do not recommend hiring or not hiring any candidate — present the risk evidence only. Do not include findings not documented in the risk profiles. Do not speculate on the outcome of unresolved follow-up items.

Outputs

  • Executive overview accurately reflects the aggregate risk across all candidates
  • Every confirmed issue cites its source background check report
  • Follow-up items include specific verification actions and deadlines
  • No hiring recommendations appear — only risk evidence and required actions

Verification: Verify the summary does not contain hiring recommendations — it must present risk evidence only

Reference

Guardrails

  • Factual Findings OnlyOnly documented, verified findings from official background check reports should inform risk classification — never infer issues from incomplete data.
  • Separation of IssuesConfirmed issues and follow-up items must be clearly separated in every output; never merge unresolved items with confirmed findings.
  • Role-Relevant AssessmentClassify findings against role-specific requirements and compliance rules, not generic risk assumptions or unrelated precedents.

Pitfalls

  • Pasting full background check reports containing government identifiers or financial account numbers into a non-approved GenAI tool
  • Treating AI-classified risk levels as final determinations without legal or compliance review of the source findings
  • Merging confirmed issues with unresolved follow-up items in the summary, obscuring the true risk picture for decision-makers
  • Including background check findings from prior roles or jurisdictions not relevant to the current position requirements

Definition of Done

  • Every confirmed issue in the Background Check Risk Summary cites the specific background check report and finding
  • Follow-up items are separated from confirmed issues with clear recommended next steps and deadlines
  • The Background Check Risk Summary covers every candidate from the Selected Candidate List
  • No hallucinated findings appear in any AI-generated risk profile or summary entry

GET FULL ACCESS

Unlock every step, prompt, and downloadable example — for this playbook and the rest of AGASI AiOS, our GenAI capability framework.

We'll send a magic link — no password needed.

AGASI AiOS · HR07 v1.0 · Apr 7, 2026