I can remember participating on a panel of experts representing different professional positions discussing the topic of abuse prevention among the vulnerable sector. The question was asked, “There have been many changes and additions to the standard of protection over the course of the last fifteen years…. When will it come to an end? Have we seen the last of the additional requirements that will be placed on us? What else could be missing?"
When Plan to Protect® was first written in 1996, it was a 35-page plan to protect children. In 2000, a youth component was added. In 2007, we incorporated insurance standards and up-to-date legislation requirements. We also added operational procedures on topics of increasing interest: social media, bullying, and appropriate forms of discipline. Today we begin the task to incorporate protection procedures for vulnerable adults (with disabilities and the elderly).
As we continue to add layers of policies and procedures, there is a greater concern that I have that I believe is significantly missing. What is missing is the absence of accountability and follow-through to ensure the policies and procedures approved at the Board level are indeed being implemented and followed.
To ensure that this is happening, we need a greater call for policy audits performed at the Board level.
Terrance Carter, of Carters Professional Corporation states,
“Board members should be aware that they could be exposed to personal liability if they permit their organizations to work with children or other vulnerable persons where the board has failed to implement an appropriate abuse prevention policy that has been customized to reflect the specifics of their organization. Failure to follow the protocol set out in the abuse prevention policy could also lead to liability, so it is important that an organization that has foresight to implement a policy also makes sure that the policy is strictly followed.”
It is the Board’s responsibility to call for a policy audit. However, there is a debate among professionals as to who should conduct the Policy Audit. Similar to a financial audit, for greater accountability and to ensure objectivity, it is best to have a Third-Party conduct the audit.
The dictionary defines an Audit as an official examination and verification. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
We recommend that as part of your Vulnerable Sector Protection Policies you include a policy audit statement, as this is an important facet of security. A sample policy audit statement could include the following:
This Policy is to be reviewed and audited annually. The purpose of the Audit is to identify compliance to and gaps found adhering to the policy. The Board will identify an objective Team Leader or third party LEAD, who will conduct the Audit within a cross-functional team setting. A written report is to be submitted to the Board within 30 days of the Audit at which time desired outcomes and next steps will be determined. Leadership will then have 60 days to comply with the decisions made by the Board. A written report will be submitted confirming the status of compliance.
This policy will be updated every three years by the Board to ensure policies and procedures reflect best practices, insurance requirements, and applicable Provincial and State child protection legislation.
Here are a few tips when conducting a Policy Audit:
- It is recommended that an audit be done on an annual basis selecting a different department each year to review. If this is not possible schedule an audit no less than every two to three years with all departments.
- Policy Audits should be the responsibility of the Board and can be delegated to a sub-committee of the Board.
- Plan ahead by scheduling when the audit will be completed.
- Plan to Protect® recommends an audit committee of 3-4 people. The audit committee should have no less than two people. Ensure the committee is made up of individuals who can be objective, and individuals who have influence. Consider appointing an external LEAD. Assign responsibilities to the committee members.
The team should be well versed in the policies and expectations of the Board.
The process of a Policy Audit should include
- Site visits,
- Surveying of stakeholders (leadership, staff, volunteers, parents and caregivers, alumni of the program and potentially older students and adults who can speak to the care and protection provided),
- Cross-referencing documents ~
- Personnel Records
- Duty Rosters
- Registration Forms
- Attendance Records
- Incident Reports
- Letters of Informed Consent
- Board Minutes
- Performance Evaluations
Once the actual process has been complete, a report should be compiled identifying best practices observed, compliance to policies and gaps identified where the policies and operational procedures were not followed. A report should also identify recommendations for improvements with a scope and sequence for compliance.
This report should be submitted and reviewed by the Board. Once the Board has reviewed and discussed the Report, a motion should be made in relation to the recommendations and next steps.
The Board should follow-through to confirm that compliance has been met in upcoming meetings. If you wish to request a quote for a Policy Audit, or would like further information, please contact firstname.lastname@example.org