The most common approach to managing sexual abuse and misconduct (SAM) risk is to use a strategy known as ‘prevent and mitigate’ (P&M). In a P&M strategy, a risk manager designs controls to try to prevent an adverse event like SAM from happening and, on the basis that no prevention plan will work 100% of the time, makes further plans to mitigate the consequences of the events that cannot be prevented.
Apart from the fact that this strategy ignores that risk has both up and downsides, the traditional problem is that few organizations want to dedicate valuable resources to downside events that may (and probably will) not happen. This is because there are always many other pressing demands on their limited resources.
And without criticizing the people who work so hard to prevent sexual abuse, it is hard to maintain dedicated enthusiasm for preventing adverse events, particularly inherently rare and difficult ones to think about like SAM. And even more so when SAM risk management isn’t your main day job, as it isn’t for most SAM Risk Managers.
This explains why risk management best practice has shifted away from a P&M approach towards helping organizations achieve their most important objectives. For instance, the best practice definition of “risk” is “the effect of uncertainty on objectives.”
The reason for the shift is simple. First, organizations invest in achieving objectives to make them more likely to happen. Also, people are more enthused by supporting the achievement of objectives, even if motivation can wane if the objectives are too far removed from the person’s day-to-day concerns.
The results also speak for themselves. For example, organizations using risk management best practices achieve their objectives more often, have fewer and less costly adverse events, and are more highly trusted and valued.
Using risk management best practices to manage SAM risk means a SAM Risk Manager’s immediate focus remains on ensuring minors and vulnerable adults are as safe from SAM as possible and on minimizing the total cost of their organization’s SAM risk. The way these immediate SAM-related objectives are achieved – by using best practices to align activities with the organization’s values and objectives – directly contributes to achieving the organization’s most important objectives.
Having risk management be about achieving objectives, not just preventing adverse events, is a BOKRIM core principle.