Penn State football coach Joe Paterno (AP File Photo)

In spite of its stellar reputation as an educational institution, Penn State failed to communicate and execute the most rudimentary risk management protocols in the Jerry Sandusky sex abuse scandal, risk management experts say.

With a timeline dating back to 1994, when Penn State defensive line coach Jerry Sandusky launched The Second Mile nonprofit program for at-risk boys, multiple incidents of alleged sexual abuse went unreported to the appropriate authorities, resulting in a situation where liability escalated from potentially damaging to devastating—with the university and even third parties now potentially liable.

“It’s shocking that somehow the real values professed by the institution—which after all, is in the business of kids—weren’t followed,” said Kevin Ribble, executive vice president of management liability specialists Edgewater Holdings Ltd. and president of Comply America Inc.

“Many organizations refuse to believe their colleagues are capable of such heinous acts so they won’t see the signs. They start out with denial but when confronted with reality, start to get defensive,” said Melanie Herman, executive director of the Nonprofit Risk Management Center, a national resource organization that advises nonprofits on a wide array of risk and liability issues, including child abuse prevention. “The best organizations recognize that the better course is to confront it and think about they could do to prevent it in the future.”

A key risk management tenet—whether an incident involves sexual abuse, sexual harassment or a dangerous condition in a facility—is to investigate any allegations, Herman said. “Everyone in the organization must take it seriously, and every organization has an obligation to look into allegations. If you see something and it’s ignored, an organization is far more likely to be held personally liable in the long run because you ignored the condition or report.”

And because The Second Mile is a nonprofit that is technically not sponsored by Penn State, the organizations directors and officers, and even its corporate sponsors, might now be held liable, Ribble said.

Also Read: Penn State’s Exposure to Civil Litigation Not Blocked by Immunities

The common thread in all the reported incidents is that none of the witnesses seem to have known where and how to legally report them, Ribble said. According to the timeline, Sandusky had been caught in sexually compromising positions with underage boys in 1998, when a boy’s mother reported her suspicions to university police; in 2000, when a school janitor witnessed Sandusky with another boy; and in 2002, when a graduate assistant witnessed yet a third incident.

In the latter two incidents, which witnesses reported to their supervisors and ultimately to Penn State head coach Joe Paterno, university employees should have known that under law they are required to report suspected incidents of child abuse to the appropriate family services authority, Ribble said. “If you see something that might lead to the harm of a child, you’re obligated by law to report to family services or the police, and if it’s an emergency, to dial 911. So nobody followed the rules, but from bottom up, reporting requirements that should be insisted upon were violated.”

It’s “mystifying” that Penn State ignored the type of risk management principles—including a written statement of institutional protocol distributed to all employees and fully supported  by management—that insurance professionals instill in even the smallest businesses working with children, Ribble said. Although he did not have access to any of the university’s employee manuals, a review of the student handbook indicated that it outlined “all the right values,” but should also include a statement that reporting any suspected crime involving children is both a personal and administrative responsibility and that failure to do so is a felony.

In addition, failure to report suspected child abuse cases in most school districts will result in the loss of coaching licenses and teaching certificates, Ribble said. “Reporting requirements are a fundamental value to a coaching staff, even if they’re working with college students, and especially in dealing with young kids. The fact that it’s absent all the way through is the thing that is especially disconcerting,” he said.

Although prevention of such incidents is important, responding to an actual event is equally important, Herman said. “Like any wrongdoing, sometimes even when an organization does everything to minimize the likelihood of harm, incidents happen. The organization must also think of what to do if it does happen, which is an important part of risk management.” And the key is to do the “caring, compassionate and appropriate thing to do, to take the high road, not try to cover your tracks to prevent a lawsuit.”

The book “Exposed: A Legal Field Guide for Nonprofit Executives,” which Herman coauthored with Mark E. Chopko, Esq., includes a chapter on “Protecting Vulnerable People from Abuse.” The five basic guidelines adopted in 1992 by the Conference of Catholic Bishops would have applied in the Penn State case, Herman said. They are:

  1. Respond promptly to all allegations of abuse where there is reasonable belief that abuse has occurred.
  2. If such an allegation is supported by sufficient evidence, relieve the alleged offender promptly of their ministerial duties and refer them for appropriate medical evaluation and intervention.
  3. Comply with the obligations of the civil law as regards reporting of the incident and cooperating with the investigation.
  4. Reach out to the victims and their families and communicate sincere commitment to their spiritual and emotional well being.
  5. Within the confines of respect for privacy of the individuals involved, deal as openly as possible with members of the community.

“Our recommendation to client organizations is, how would you want to be treated if yur loved one were victimized under similar circumstances?” Herman said. “The golden rule is a great rule to apply to day-to-day risk management.”