The safe environment approach to protecting children from sexual abuse is failing to prevent sexual abuse from rising. As a result, youth-serving organizations that want to be confident they are protecting children as well as possible are adopting risk management best practices.
You are using a safe environment approach if you prevent sexual abuse with the following:
- criminal background checks
- sexual abuse training
- policies around 1-to-1 interactions, and
- mandatory reporting.
The people and organizations that haven’t yet changed their approach are those who don’t know about the two significant deficiencies of the safe environment approach:
- A safe environment isn’t enough, on its own, to keep children safe and sexual abuse is rising. Adult-on-child sexual abuse has doubled in the last ten years; child-on-child sexual abuse has increased five times.
- If you fail to prevent sexual abuse, a safe environment doesn’t protect you. The legal, reputation, disruption, and financial consequences for failing to prevent sexual abuse have risen exponentially in the last ten years.
The rapidly rising frequency and consequences of sexual abuse combined with functionally no organization protection is a combination most youth-serving organizations cannot sustain. Most have less risk-bearing capacity than ever, and even as limited as insurance always was, it is now harder to obtain, costs more, and covers less than ever.
To be confident your organization is protecting children and itself cost-effectively, you must adopt risk management best practices.
The Benefits of Risk Management Best Practices over Safe Environments
There are good reasons why the four safe environment controls described above, though important, are not enough to keep children safe from sexual abuse. The main reasons are that they are far from comprehensive and are unsystematic. But rather than discuss the technicalities of the differences and their deficiencies, the following describes the main benefits of risk management best practices compared to a safe environment. The benefits are:
- Safer Children
- Protected Organizations, and
- Constant Protection Improvement.
Safer Children
None of us like talking or thinking about sexual abuse, so we avoid it if we can.
The problem with not talking or thinking about a risk like sexual abuse is that talking or thinking about risk – engaging with it – is essential to managing it effectively. For example, engagement means that when I think about taking a risk (for example, a new job or buying a car), I also think about how to ensure I achieve the outcome I want and not any of the adverse outcomes I don’t want. When I decide to take the risk, I also take the action(s) that make the outcome I want more likely and the adverse outcomes less likely or, at least, less adverse if they happen. My careful decision-making and actions don’t guarantee the outcome, but they make the outcome I want more likely. At its core, that’s all risk management best practice is.
A safe environment, on the other hand, is a compliance regime. The objective of compliance is to force action; in the case of a safe environment, it is to implement four controls designed to prevent sexual abuse.
Compliance itself isn’t the problem; some people (very few in my experience) need to be required to prevent sexual abuse. The problem is telling people that if they implement four controls, they will prevent sexual abuse.
Telling people what to do to manage sexual abuse risk means they don’t have to think about it. As noted above, this is preferable to most people. Unfortunately, it has unintended consequences. Not thinking, for example, about how to implement the required controls beyond complying or what else we could do to prevent sexual abuse means the resulting prevention is less effective than it needs to be; as noted above, sexual abuse is rising.
This is no reflection of how seriously most people take child protection. Less than adequate child protection is the inevitable consequence of telling people with little or no risk management experience what to do; it shouldn’t be surprising that that’s precisely what they do and all they do.
The assessment stage of risk management best practice ensures that the people caring for children in an organization engage with sexual abuse risk in intuitive, practical, and manageable ways. But it also goes much further.
By enabling the people in the organization to understand their organization, what it is trying to achieve, and how sexual abuse can affect its objectives, they are then able to make well-informed decisions about how to manage their sexual abuse risk in a way that makes it as likely as possible the organization will meet its objectives. Risk management best practice aligns individuals’ eagerness to do everything possible to prevent sexual abuse with their keenness to help their organization achieve its most important objectives.
Instead of a safe environment telling people to do four things that are failing to deliver what anyone wants, risk management best practice enables people to figure out how most effectively to get what everyone wants.
Protected Organizations
A safe environment is designed to protect children.
Compliance can only protect those that comply to the extent they comply. The problem with having a limited compliance regime of four controls is that it cannot offer more than limited protection for compliance. And that’s before you reckon with the twenty years plaintiffs’ attorneys have had to refine theories of liability around sexual abuse that extend beyond what the compliance regime addresses.
The result is that if abuse happens, which is more likely because of how limited safe environment prevention controls are, the people and organizations looking after the children face all the legal, reputation, disruption, and financial consequences of failing to prevent sexual abuse with functionally no protection.
Traditionally, insurance has provided some protection. But even ignoring, as noted above, that insurance is much more expensive than it used to be, it only ever dealt with legal defense and settlement risk. It never dealt with disruption or reputation risk and is no longer available in amounts that are enough to deal with the rising defense and settlement risk.
The customization stage of risk management best practice enables organizations to choose controls and activities appropriate to how minors and vulnerable adults in their care are potentially vulnerable to sexual abuse; the management stage enables them to perform and record the results of the controls and activities.
The combination of assessment, customization, and management means an organization records its risks, how it plans to manage them, and that the plans are implemented. This, in turn, means that if sexual abuse happens – acknowledging that no prevention system is foolproof – and a plaintiff’s attorney looks to make the argument that the abuse occurred because the people in the organization were lazy, incompetent, or uncaring (the kinds of allegations typically made), there should be ample evidence of conscientious child protection. This enables a robust legal defense and a defense against the reputation and disruption damage organizations suffer if they cannot demonstrate how seriously they take child protection.
Instead of relying on the inadequate and diminishing protection that the combination of a safe environment and insurance affords, the rising scale of sexual abuse risk means organizations must implement the more effective security that risk management best practice delivers.
Constant Protection Improvement
The safe environment approach is over twenty years old.
A safe environment was a reasonable initial response to sexual abuse, as it was understood twenty years ago. But a safe environment wasn’t even risk management best practice when it was first introduced, and it has hardly changed since then.
Over the same period, we have learned much about sexual abuse and risk management best practice has gone through two or three iterations. The reason a safe environment hasn’t changed is that it wasn’t designed to capture usable risk management information from which constant improvement could grow.
For example, as noted above, if you tell people who aren’t risk management experts that if they use four controls, they will prevent sexual abuse, they will use the four controls. This time, the unintended consequence is that you also systematically ensure that no one is testing the new or improved controls that might make prevention more effective.
By enabling engagement and helping organizations to identify for themselves how to address their sexual abuse vulnerabilities and risks, risk management best practices cause organizations to use practices well beyond the four controls. This, in turn, enables the analysis of new activities and combinations of activities that will collectively enable the constant improvement of abuse prevention and organization protection.
Instead of using a safe environment to limit the scope of child protection, risk management best practices introduces almost unlimited options.
The three reasons outlined above are not the only reasons to shift from a safe environment to risk management best practices, but they are good reasons.
Safer children, protected organizations, and constantly improving protection are the three things everyone caring for children wants. If you would like to learn more about how we help organizations implement risk management best practices, please get in touch.
You can also read our Ten-Step Guide (this article is its introduction), which outlines each step.
Ten-Step Guide
If you would like to read our Ten-Step Guide to managing sexual abuse risk using risk management best practices, we would be happy to send it to you.
