We are often asked: “Please can you give me a list of the top ten controls I can implement that will prevent sexual abuse in my school/club/church/etc.?” Ignoring whether sexual abuse prevention is a realistic sexual abuse risk management objective (it isn’t), ideally, there would be a short and easy-to-implement list of controls that would ensure comprehensive child protection. But, though many organizations in this space can provide just such a list, list management and risk management are not the same.
We, therefore, choose not to provide such a list because we think there are three insurmountable problems with a list-based approach to protecting children from sexual abuse.
- According to one of the most popular definitions of “risk,” sexual abuse is a risk, an event that might happen, with foreseeable but uncertain consequences if it does. You cannot manage any risk successfully without understanding and engaging with it, yet most people hate thinking about sexual abuse. Because lists enable people to focus on checking boxes instead of thinking about what the checked boxes are for, lists enable the disengagement most people far prefer over thinking about sexual abuse.
- The list approach is why organizations (and insurers) find it hard to mount an effective defense when sexual abuse happens. You cannot meet a duty of care or evolving protection expectations by checking boxes in a list, particularly a list that is twenty years old and ten years past being best practice. Further, juries are easily roused to anger whenever they see a checkbox approach because a plaintiff’s attorney can easily portray it as uncaring.
- Suppose we keep using the same list of controls that are currently unable to stop sexual abuse from rising (as noted above, the list most organizations (95%) use today broadly hasn’t changed in twenty years). Ignoring whether we should expect different results if we keep using the same approaches, we must change if we want to find the new approaches we must uncover to halt the rise of sexual abuse.
Instead of focusing on a static list, we propose that organizations should use risk management best practices – an approach known as enterprise-wide risk management or ERM. ERM is acknowledged as the most effective way to prevent adverse events like sexual abuse. It is also the most effective way for organizations to protect themselves from the consequences of adverse events.
Sexual Abuse Risk Management Best Practice Simplified
To enable any organization to use ERM, even if they have no previous risk management experience, our four-stage system simplifies ERM:
- Assess: We help an organization to engage with sexual abuse risk by walking them through a risk assessment; they understand why they have the types of sexual abuse risks they have and their size and scope.
- Customize: We then walk them through customizing a comprehensive and systematic approach to preventing sexual abuse as well as they can and, because no prevention system is foolproof, to being able to defend themselves if it happens.
- Manage: We provide tools that enable them to keep their assessment current, monitor and adapt their system when necessary, respond to incidents, and manage change.
- Improve: We analyze sexual abuse risk management performance constantly and deliver practical information on the latest and most effective controls and activities, enabling organizations to improve their sexual abuse risk management constantly.
At every step of the customizing stage, we present scenarios and lists of options to an organization, making it easy for them to customize a risk management best practice system to their sexual abuse risks.
In short, lists can help to make comprehensive sexual abuse risk management easy, but they need to be used carefully for sexual abuse risk to be managed well.