In spite of its reputation as an A+ educational institution, Penn State failed to communicate and execute the most rudimentary risk-management protocols in the Jerry Sandusky sex abuse scandal, risk-management experts say.
With a timeline dating back to 1994, when Penn State defensive line coach Sandusky launched The Second Mile nonprofit program for at-risk boys, multiple incidents of alleged sexual abuse went unreported to the appropriate authorities, resulting in a situation where liability escalated from possibly damaging to absolutely devastating—with the university and even third parties now potentially liable.
"It's shocking that somehow the real values professed by the institution—which, after all, is in the business of [helping]kids—weren't followed," says Kevin Ribble, executive vice president of management-liability specialists Edgewater Holdings Ltd. and president of Comply America Inc.
"Many organizations refuse to believe their colleagues are capable of such heinous acts, so they won't see the signs. They start out with denial but when confronted with reality, start to get defensive," says Melanie Herman, executive director of the Nonprofit Risk Management Center, a national resource organization that advises nonprofits on a wide array of risk and liability issues, including child-abuse prevention.
"A key risk-management tenet—whether an incident involves sexual abuse, sexual harassment or a dangerous condition in a facility—is to investigate any allegations, Herman says. "Everyone in the organization must take it seriously, and every organization has an obligation to look into allegations. If you see something and it's ignored, an organization is far more likely to be held personally liable in the long run because you ignored the condition or report."
And because The Second Mile is a nonprofit that is technically not sponsored by Penn State, the organization's directors and officers—and even its corporate sponsors—might now be held liable, says Ribble.
The common thread in all the reported incidents is that none of the witnesses seem to have known where and how to legally report them, Ribble adds. According to the timeline, Sandusky had been caught in sexually compromising positions with underage boys in 1998, when one boy's mother reported her suspicions to university police; in 2000, when a school janitor witnessed Sandusky with another boy; and in 2002, when a graduate assistant witnessed yet a third incident.
In the latter two incidents, which witnesses reported to their supervisors and ultimately to Penn State head coach Joe Paterno, university employees should have known that under law they are required to report suspected incidents of child abuse to the appropriate family-services authority, Ribble says: "If you see something that might lead to the harm of a child, you're obligated by law to report to family services or the police, and if it's an emergency, to dial 911. So nobody followed the rules, but from the bottom up, reporting requirements that should be insisted upon were violated."
It's "mystifying" that Penn State ignored the type of risk-management principles—including a written statement of institutional protocol distributed to all employees and fully supported by management—that insurance professionals instill in even the smallest businesses working with children, Ribble says. Although he did not have access to any of the university's employee manuals, a review of the student handbook indicated that it outlines "all the right values," but should also include a statement that reporting any suspected crime involving children is both a personal and administrative responsibility and that failure to do so is a felony.
In addition, failure to report suspected child-abuse cases in most school districts will result in the loss of coaching licenses and teaching certificates, Ribble says: "Reporting requirements are a fundamental value to a coaching staff, even if they're working with college students, and especially in dealing with young kids. The fact that it's absent all the way through is [what] is especially disconcerting."
Although prevention of such incidents is important, responding to an actual event is equally important, says Herman. "Like any wrongdoing, sometimes even when an organization does everything to minimize the likelihood of harm, incidents happen. The organization must also think of what to do if it does happen, which is an important part of risk management."
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.