We are often asked what the practical differences are between the sexual abuse risk management best practices we recommend youth-serving organizations implement and the safe environment approach to preventing sexual abuse. You may know the “safe environment” by a different name, such as Safe School, Safe Sport, or Safe Parish.
Generally, a safe environment is a limited set of three controls and a mandatory reporting requirement designed to prevent sexual abuse. Most organizations currently use a safe environment-based approach.
We recommend organizations base their child protection on risk management best practices because sexual abuse has doubled in the last ten years, and the costs of failing to prevent sexual abuse have risen exponentially. Sexual abuse risk management best practice is a comprehensive set of up to fifty controls and processes organized as a system that, for most organizations, is configured to provide comprehensive child protection and protect an organization from the consequences of failing to prevent sexual abuse.
We outline the control and process differences below. We use the three-stage sexual abuse risk management best practice system as the guide system and show where safe environment controls appear in that system. We briefly describe why the differences are so important to child and organization protection below the comparison.
Stage 1: Risk Assessment
A risk assessment ensures an organization knows when, where, how, and to whom minors and vulnerable adults are potentially vulnerable to sexual abuse. It also understands its sexual abuse risks – how sexual abuse could affect the achievement of its objectives.
There is no requirement in a safe environment to assess your risk but in sexual abuse risk management best practice, an organization explores sexual abuse vulnerabilities and risks in the following areas:
- Your mission, values, and the stories you tell others about yourself
- Your most important objectives
- Who you serve
- The service you provide
- Why those you serve choose you over the alternatives
- The activities you perform to deliver value to those you serve
- The activities those you serve perform when they work with you
- The resources you need to deliver value to those you serve
- The resources those you serve need to work with you
- The relationships you try to establish with those you serve
- How you and those you serve connect with each other
- How the physical security of the locations you operate from is configured to keep those you serve safe
- Your most important stakeholders and their most important sexual abuse expectations and concerns
- The changes you have planned for your organization
- How your external environment has changed and may change in the future
Stage 2: System Customization
Customization involves choosing controls to minimize your vulnerabilities and processes to manage your risks.
Core System Elements
In risk management best practices, system customization begins with designing the elements a systematic approach needs, regardless of the risk(s) being managed. A safe environment is not systematic, so core system elements are not required.
Your board (or equivalent) should appoint someone to manage your sexual abuse risks. The board should approve the system customization after reviewing the assessment. They should receive regular (at least annual) reports on the state of the system and review the system as a whole every, say, three years.
Sexual Abuse Risk Manager
This is the person appointed by the Board to manage your system day-to-day. They have the responsibility and authority to ensure the system operates as intended.
Sexual Abuse Risk Group
If your organization is big enough, set up a group to support the sexual abuse risk manager.
Sexual Abuse Risk Management Principles
Decide what matters to you about how you protect children and set up your risk management principles – the guiding north star of your system.
Public Commitment to Child Safety
Determine if and how you will publicly express your commitment to child safety.
Sexual Abuse Controls
In risk management best practice, sexual abuse risk controls fall into two broad categories; how you manage who you allow into your environment and how you ensure they behave as expected or required when they are in it.
A process that can be consistently applied to ensure the only people allowed access to the minors and vulnerable adults in your care have been carefully vetted and trained, or are always accompanied by such people.
In risk management best practices, the list below includes the topics addressed; addressed means the issue is considered for applicability based on your organization’s vulnerabilities and then how to implement it. ‘X’ in the safe environment column shows the topics that are required by a safe environment.
Risk Management Best Practices
Criminal background checks
Other background and reference checks
An interview policy
Formal offer process
Sexual abuse-related training for employees
Sexual abuse-related training for stakeholders
Sexual abuse risk management training for sexual abuse group and decision makers
Behavior Requirements and Expectations
Ensuring people behave as expected or required when in your environment.
- Some behaviors are expected, some are required.
- Some behaviors deal with how you accommodate deficiencies in your physical environment when you cannot change that environment physically.
- Some behaviors address interactions with minors and vulnerable adults.
- Some behaviors deal with how to respond to different incident types.
Given that risk management aims to help people make good decisions, all behavior requirements and expectations are designed to help individuals appreciate when decisions need to be taken and offer guidance for those decisions.
The following is a list of the behavior requirements and expectations a best practice system can include. The behaviors required in a safe environment are checked ‘X’.
Risk Management Best Practices
Being Alone With a Minor or Vulnerable Adult
Criminal Background Refresh Checks
Background and reference checks
Positive Role Model
Physical and Psychological Conditions
Alcohol and Drugs
Displays of Affection
Meetings and Training Sessions
Adults Mixing with Minors and Vulnerable Adults
After Hours and Off-site Activities
Ratios of Adults to Minors
Minimum Number of Adults
Releasing Minors and Vulnerable Adults to Parents and Guardians
Out of Program Contact
Horseplay and Roughhousing
Duty to Cooperate in an Investigation
Private Adult Areas
Open door policy
Use of your Home
Use of your Vehicle
Physical Environment Accommodations
Planning and Attending Special Events
Sexual Abuse Risk Management Processes
Processes ensure controls are performed, performed as expected, and adapted when needed. The processes an organization needs will depend on their risks, objectives, controls, and resources.
In sexual abuse risk management best practice, an organization develops plans to perform the sexual abuse-related processes listed below. There are no safe environment requirements to create sexual abuse risk management processes.
- Establish the sexual abuse risk manager’s responsibilities
- Delegate responsibilities to members of the sexual abuse risk management group
- Create a sexual abuse group meeting plan
- Create a sexual abuse incident response plan
- Establish information, communication, and record-keeping protocols
- Establish a budget
- Devise an internal audit plan
Stage 3: System Management
System management means monitoring the controls and performing the processes planned in the customization.
In sexual abuse risk management best practices, an organization performs the four processes listed below regularly enough to ensure the system is managed effectively, kept in sync with the organization’s vulnerabilities and risks, and continuously improves. There are no safe environment requirements to perform sexual abuse risk management processes.
- Hold sexual abuse risk group meetings
- Respond to sexual abuse incidents
- Identify, consider, and adapt to change
- Continuously review and improve your system
The Big Difference is that Risk Management is Systematic
Though risk management best practice evidently has a longer list of controls and processes than a safe environment, it’s not the difference in the length of the lists that matters most. It’s not even that each safe environment control is inherently limited. For example, research suggests that between child abusers that aren’t caught at all, those where evidence is insufficient to convict, and those that plea down, criminal background checks can only identify maybe 5% of child abusers.
It’s the unsystematic approach of a safe environment that’s the real problem. For example
- A criminal background check is ideally – and in many organizations is – part of a broader intake process that makes it much more likely that child abusers will be deterred from even applying to work with your organization.
- An intake process is, in turn, part of a broader expectation management system that ensures that from the time someone even thinks of applying to work with you until they leave, they know how they are expected or required to behave. They also know everyone else in the organization also knows how everyone should behave and how they should deal with breaches of required or expected behaviors. So, expectation management means having mechanisms to ensure good behaviors and decisions are understood and celebrated, and poor choices are addressed appropriately as soon as they are identified.
- That system is, in turn, part of a learning system that constantly improves how people are attracted to an organization, vetted, and encouraged to behave appropriately.
It’s the systematic approach of risk management best practice that leads organizations using it to:
- have fewer and less costly adverse events like sexual abuse
- be more highly valued and trusted, and
- achieve their objectives more often
…than organizations using traditional risk management. And a safe environment isn’t even as sophisticated as traditional risk management.
Time and Engagement
The difference that’s the least easy to quantify is the difference in the time commitment between implementing a safe environment and risk management best practices.
I want to say that it’s as easy and quick to implement a risk management best practices system as a safe environment, but that would be misleading.
The assessment and customization process can be completed in a couple of hours, and system management needn’t take more than half an hour or so a quarter. But effective sexual abuse risk management requires engagement because sexual abuse is difficult to prevent. Consequently, sexual abuse risk management best practice is more involved than a safe environment. How much more depends on the organization’s sexual abuse risk, complexity, and risk management objectives.
So the most crucial difference between a safe environment and a sexual abuse risk management best practices system is the level of engagement risk management requires compared to a safe environment. But if, like us, you don’t think its a coincidence that:
- a safe environment is quick and easy to implement,
- 95% of organizations don’t supplement a safe environment, and
- sexual abuse, and the costs of failing to prevent sexual abuse are rising so sharply,
…then you may also agree with us that risk management best practices and the systematic engagement it enables are essential.
If you would like to learn more about how we help organizations implement the sexual abuse risk management system outlined above, please book a Zoom so we can talk it through with you and show you.