scmt553 risk paper
TRANSCRIPT
Running Head: PROTECTING THE PROTECTORS
Protecting the Protectors: Risk Management and Law Enforcement
Michael McMahon
American Military University
Running Head: PROTECTING THE PROTECTORS
Abstract
Risk analysis and assessment is a tool that is frequently used by businesses and other private sector entities to determine the potential for financial or personal losses in the event of an incident of some kind. As this is oftentimes a process that exists in private industry it is usually profit driven as businesses look to decrease costs due to risk related losses. Within the law enforcement world, police departments are well equipped to help others in determining their risks and how to mitigate them. Police departments utilize crime data to direct patrol or specific enforcement activities. They hold classes for the elderly on preventing identity theft or ruse burglary crimes and self-defense lessons to local women’s groups. That being said what steps do police departments take to look at the risks that they face and how to prevent losses? While police departments may not have concerns about losses due to shoplifting or intellectual property theft, this does not mean that law enforcement agencies do not face significant financial or individual losses in the event of a potential risk becoming a real event. When looking at different police agencies it is not a matter of what events pose a risk to a specific department but rather how likely is a given event to occur and what kind of losses does a department face in the event of an incident happening? Based upon this premise it is important to look at how any police department, regardless of size can go about determining the risks it faces and the probability of a risk event taking place.
Running Head: PROTECTING THE PROTECTORS
When it comes to managing risks police departments may be the one of the first
practitioners what we have come to know as risk management. Within the communities that they
serve police departments have, for centuries carried out risk assessments and mitigation
programs long before this was a hot button topic for the security or insurance fields. When a
burglary or robbery crew goes on a spree police departments gather date, forecast probable times
and locations for future crimes and create directed enforcement teams to take the crews off the
street. When it comes to roadway safety police departments turn to enforcement and education
programs like seatbelt awareness month, roadside sobriety checkpoints and commercial vehicle
inspections to decrease traffic accidents and death. School children are taught about the dangers
of drugs and gangs while the elderly are taught to protect themselves from scams and identity
thieves. While all of these are programs that most if not all police departments across the United
States carry out every day under the headings of community policing, highway safety or elderly
crime prevention, they are all actually forms of risk analysis and mitigation performed on the
behalf of society at large. In all of these examples the police departments have taken the seven
step risk analysis process as shown by ASIS International and applied it to their community.
Using the example of street robberies taking place within ½ mile of the regional transit station
between 2330hrs and 0030hrs a police agency does the following
Identify people at risk- Second shift commuters on their way home from the station
Specific loss risk event/vulnerabilities-Robbery where commuters are the victims
Establish probability and frequency of event- Every other Friday night
Impact of the event- Fear by members of community, lost income to transit operations,
lack of confidence in police to protect community, physical harm due to assault
Running Head: PROTECTING THE PROTECTORS
Options to mitigate risk-increased patrol by marked squad cars to displace event,
directed enforcement operation by covert units to apprehend offenders
Feasibility to implement operations-Reassign units, utilize overtime to hire back
officers
Cost & benefit analysis-Decreased fear of transit users, increased confidence in police
services, incarceration of offenders
While this is a very structured model as an example, it is easy to see how this risk analysis model
could be used by police departments every day to combat a variety of criminal activities (ASIS
International, 2003). With these examples in mind it is surprising that law enforcement has not
taken a more aggressive role in conducting risk management and analysis for themselves as they
continuously do for society at large (Hutto, 2009).
Before a look at risk analysis for law enforcement agencies can be started it is important
to first establish definitions of terms such as risk, loss and probability or frequency. Merriam-
Webster defines risk at its most basic level as “a possibility of loss or injury” as well as
“something or someone that suggests a hazard” (Merriam-Webster). While that is a starting
point it is important to expand this as it pertains to a security environment. One of the most all-
encompassing definitions of risk is provided by Sennewald who defines risk as the “possibility of
harm or loss of people, property, reputation and/or assets caused by an event” (Sennewald,
2011). This definition allows managers and security personnel great latitude to look at events
and determine if those events pose a risk to their organization. Loss is simply harm or a negative
impact upon an asset (ASIS International, 2003). While losses can be harm or injury to people
within an organization it is usually expressed as a monetary value from damage done to property
or lost earnings due to a theft or fraud (Hutto, 2009). Probability and frequency are terms used to
Running Head: PROTECTING THE PROTECTORS
describe how likely a risk event is to occur and how often such an event should or would take
place (ASIS International, 2003). Within organizations the process of risk management has
come to describe a proactive process of identifying and assessing factors and events, or risks that
could cause a loss.
With these definitions in place it is now possible to look at the concepts of risk and how
proper analysis applies to law enforcement agencies. One of the most critical elements of
applying risk analysis to law enforcement is to look at police departments through a different
lens than people may be used to looking at them through. Instead of looking at them strictly
from a perspective where they are non-business entities that provide a service for taxpayers with
little financial return they need to be looked at as any other corporate business entity would be.
This is because there is no difference between risk analyses as it pertains to the Chicago Police
Department, Wal Mart or Ford Motors. In all of these organizations the goal is the same, to
reduce losses through the limiting and mitigating of risk. The only difference is that the risks the
organizations face are different (Hutto, 2009). Wal Mart may be concerned about losses from
employee thefts, Ford Motors may want to better manage less due to copyright infringement
while the Chicago Police Department wants to control losses from pursuit related motor vehicle
accident. One significant difference between private and public organizations when it comes to
risk analysis and management is that public organizations such as police departments are faced
with the hard truth that they have much more to lose than a private entity. While a business can
work to make up its losses a public entity like a police department has no renewing revenue
stream to fall back on in the event of a loss (Hutto, 2009). It is this kind of situation that has
helped to transform risk assessment and management from a tool strictly in the hands of
insurance companies into a management tool that has worked to shape and guide policies and
Running Head: PROTECTING THE PROTECTORS
procedures within America’s police departments (Archbold, 2005). The adoption of this tool by
police agencies has come in the late 20th century and continued until today for a number of
different reasons. The ranks of America’s police chiefs and command staff are the most
educated officers that police departments have ever had. These managers, which are what they
have become, have the experiences of being exposed to higher levels of education including
undergraduate and advanced degree programs in public administration, criminal justice and
municipal management in which the realities of topics like budgeting and resource allocation are
commonplace. Many of these managers are also in the position of seeing shrinking budgets and
demands to cut costs of which one way is to limit losses due to risk. Another significant, if not
the most significant driving force behind the advent of risk is the very nature of American
society. The last thirty or so years have changed many things about the way police departments
function and interact with the public as a result of the federal courts position on police civil
liability. The ability of citizens to civilly sue police agencies and their officers as well as the
overall increase in the litigious nature of our society has resulted in an increase in suits filed
against departments and their members. These suits have resulted in increased costs to litigate
these cases as well as liability claims which have hit agencies and their insurers hard. To the
departments themselves the settling of these cases is oftentimes without loss. Unless there is a
successful awarding of punitive damages the individual officers pay nothing and most police
agencies are insured against lawsuits of this nature. This perspective is the polar opposite of the
insurance companies that issue the liability policies for the police agencies. To them these
successful suits and the resulting monetary awards are a loss and a loss that frequently numbers
in the hundreds of thousands if not millions of dollars. In response insurance companies have
pressed law enforcement agencies about these losses, leading to an increase in risk management
Running Head: PROTECTING THE PROTECTORS
programs in policing (Archbold, 2005). This acceptance and interest in risk programs has come
much later for law enforcement than it has within the private sector. As mentioned in mentioned
earlier, police agencies have more to lose than private business entities yet it is the private sector
that has spent millions of dollars in the research and application of risk management to offset the
losses they stand to sustain. Driven by profit private forays into risk management have been
more widespread and are historically older (Bowman, 2003). The benefits of implementing a
risk management program with a strong assessment element go beyond simple profit and loss
figures. While there is the obvious financial benefit that can come from assessing and planning
for risks, there are also other benefits that can come from this as well. The process of assessing
and prioritizing risks will also facilitate the writing or changing of policies and practices in
response to the findings of those assessments. As a result of these evolving policies and
procedures departments and communities should see a corresponding increase in officer and
citizen safety as well as an improved quality of service from the police department and the
individual officers (Archbold, 2005). Another area from which the drive for comprehensive risk
management has come from is CALEA, the Commission on Accreditation for Law Enforcement
Agencies. As an accrediting agency, CALEA is responsible for establishing across the board
standards for police agencies across the United States and internationally. Acknowledged as the
pioneer in law enforcement accreditation, CALEA has become recognized as the highest level of
professional service and standards that an agency can attain. CALEA accreditation is a
voluntary, yet rigorous process of self and external evaluation of every facet of the department in
order to ensure that high standards are maintained. One of the standards that must be met for
CALEA accreditation is in the area of risk assessment and management. While this process can
be time consuming and costly the benefits of CALEA accreditation are many and are in
Running Head: PROTECTING THE PROTECTORS
themselves a form of risk planning as they provide the agency with more effective defenses
against lawsuits, a more regular system of training, a framework for internal audits, plans for
disaster level events as well as continued updating of orders and policies (CALEA, n.d.). These
benefits have been supported by a Tennessee study that looked at accredited versus non-
accredited agencies and their yearly losses due to risk events in the areas of Workers’
Compensation, Police Liability, Auto Liability and Auto Physical Damage. The study was
conducted over a period of eight years, from 1994 to 2002 and compared five accredited
agencies with twenty three agencies that lacked accreditation. The results of the study showed
clearly that the agencies that were accredited by CALEA had lower costs in those four areas than
those that were not. While there are no profit margins to compare between agencies to evaluate
or rate programs success, the frequency of losses and dollars lost to these events do form a
jumping off point to decide if CALEA accreditation and the accompanying risk management has
positive outcomes (Hutto, 2009).
Workers’ Compensation- Accredited departments had 17% less claims than non-
accredited agencies and sustained losses of approximately $72,000 per 100 officers which
was almost 19% less than the non-accredited departments
Police Liability- The accredited agencies clearly benefitted from the practices demanded
by CALEA as these agencies had 51% less claims than non-accredited agencies and had
liability losses of 11% less or only $31,000 per 100 officers
Auto Liability- Accredited agencies had losses that were almost one-third less than non-
accredited departments in dollars which were roughly equaled by a claim rate of only
31% of the non-accredited departments in the study
Running Head: PROTECTING THE PROTECTORS
Auto Physical Damage- These numbers were also very telling as to the benefits of risk
programs under the umbrella of CALEA’s accreditation process. Accredited departments
had a claim rate of only 1.2 claims per 100 officers which were just over 60% of those of
non-accredited departments and saw losses that were 58% lower (CALEA, n.d.)
While these numbers are impressive especially in the eyes of a police chief, village manager or
insurance adjustor these figures are debatable. There have been no published research studies to
show the benefits of a risk management program in law enforcement agencies (Archbold, 2005).
While Archbold’s point needs to be considered the disparity in the results seems to support the
idea that such programs do benefit law enforcement agencies. Another factor that makes it
difficult to evaluate the benefits of these programs is based upon the Drivers of Value.
According to Price Waterhouse Coopers, value is derived by looking at risk, return and growth
or expansion (Price Waterhouse Coopers, 2007). With law enforcement this is a formula that is
not readily determined. Risk and return are two concepts that are not difficult to transport from a
business application to the law enforcement world. An example of this would be emergency
response, meaning lights and siren as well as increased speed, to domestic violence calls. The
risk is that by driving faster and proceeding through red lights and other traffic control devices
the officers have a greater risk of getting into a motor vehicle collision. The return is reaching
the scene faster which would prevent further violence an accompanying injury to the victim. The
problem is determining the element of growth from this. Prompt police response will not cause
an end to domestic violence and there is no financial gain to be made in preventing a victim from
getting struck three versus five times. In a sense when looking at risk management for law
enforcement it might be only appropriate to consider the risk vs. return and not factor growth
into the equation when determining its value.
Running Head: PROTECTING THE PROTECTORS
The proper assessment and analysis of the risks that a police department faces is perhaps
the most important step of the risk management process and one that will drive both operations
and policy. Assessing risk also is of the utmost importance because it also dictates resource
planning as well. Hutto points out that the number one determinant of proper resource allocation
is risk assessment. Without properly determining the probability and frequency of risks a
department cannot determine where and how much of their resources in dollars and people need
to be distributed (2009). The Essex Police and Essex Police Service study regarding risk
management took this even further. According to their plan risk management and associated
planning were necessary also for policy creation, project management as well as a tool to help
evaluate performance (Chambers & McCardle, 2008). Additionally the department must decide
which type of risk is more damaging to the organization when deciding how to prioritize it. One
agency may value protecting against the high risk/low frequency event over the low risk/high
frequency event. In a real world scenario this would be a department placing a greater emphasis
and amount of resources protecting the agency in the event of a police officer shooting an
unarmed subject (high/low) as opposed to an officer citing someone incorrectly for a traffic
violation (low/high) (Hutto, 2009). Before deciding how to prioritize the risks for frequency and
potential loss the department must first assess the types of risks to the agency and there are a
number of tools that can be used to conduct this assessment.
One of the easiest and most basic ways to identify and prioritize risks is to place them
into one of three categories based upon who they pose the greatest risk to. Within a police
department risk will be a risk to people/personnel, a risk to the physical elements of the
department or a risk to the department’s finances (Archbold, 2005). While these are separate
categories there will be some overlap from one to another and most risks will involve impact to
Running Head: PROTECTING THE PROTECTORS
more than one area in differing amounts. A vehicle accident involving a police squad car will
bridge all three areas of risk
Personnel- Risk to the officer from the accident
Financial- Amount of dollars to repair damages or to satisfy and civil suits as a result of
the accident
Physical- The losses stemming from the damage to the police squad car
Another method that is used to assess risk for a police department is through the use of crime
data gathered by the police department itself. The statistics generated from the actual incidents
that have touched the agency are a window into which risks they face (Archbold, 2005). It was
pointed out that while no two police departments share the exact same risks these statistics will
clearly indicate what risks each agency does face. When assessing the risk from law suits
stemming from illegal searches, a comparison of total searches to allegations of illegal searches
will provide a ratio from which to base a probability of risk upon. The amount of money
accident liability cost an agency in a given year is also a figure that could be determined from
department records. This method can also be assisted by a Comp Stat style system that can
actually track and compile statistics based on crime data and then forecast trends and patterns in
criminal activity (Hutto, 2009).
The Essex Police risk management plan divides risks into two categories severity and
likelihood. Under this model the Essex Police look at six different areas of impact that a given
event could have. These six areas are performance, finance, reputation, safety, human rights and
legal. Each area of impact will also receive a grade of 1 to 4 to measure the likelihood of a given
event to occur ranging from a 1(unlikely) to a 4 (certainty) and a grade of 2, 10 15 or 25 to set a
Running Head: PROTECTING THE PROTECTORS
value to that impact of each event upon a department. These values are then placed in a graph
and the risk impact is multiplied by the likelihood to determine the “Risk Score” of a given event
(Chambers & Harper-McCardle, 2008).
Scenario based assessment can also be a useful tool in looking at the risks that face a
modern organization. While originally designed with corporate risk plans in mind, scenario
based planning can allow a police agency to look at different risks that face them and how these
events would impact the department. These scenarios can be used for much more than just
determining risk. They can also be used to question assumptions about specific risk events and
the organization, to test strategies already in place to respond to risk events, determine what new
policies or plans might be needed to respond to the event and maybe most importantly, open
dialogue between different parts of the organization. This open dialogue becomes even more
important when dealing with a large organization made up of many compartmentalized parts.
The different parts of the large organization may not understand or even be aware of how
something appearing minor may be a significant risk to another part of the organization. A fleet
maintenance division may see a short in wires as being no big deal and therefore not seen as a
risk event. To the patrol division such a short could result in a significant risk when responding
to an emergency call if the lighting and sirens suddenly quit working when approaching an
intersection. This open dialogue should also help in getting new ideas out and circulating
amongst those involved in the process (Price Waterhouse Coopers, 2007).
An overlooked but reliable source of information about risks can be found in the pages of
the police agency’s general orders or policy manual. These policies and orders are created to
establish a standard method of operations as well as creating safe procedures for carrying out day
to day police tasks. These orders are designed to provide a high level of service to the
Running Head: PROTECTING THE PROTECTORS
community while also attempting to make the sometimes dangerous tasks of a police officer as
safe as possible. By looking these orders over, which are frequently hundreds of pages in length;
we can see what areas the department’s managers felt were important to mitigate the risks of
(Hutto, 2009).
Surveys are another way to help the managers of a police department determine risks and
their significance. The study that was conducted through Ryerson University in order to
document and look at the presence of risk management relied heavily upon surveys that were
sent to Canadian police agencies of varying sizes. These surveys contained questions regarding
risks posed to the departments as well as questions about what risk programs were in place at the
department in question. Surveys allowed the researchers to gather data about a large number of
police agencies which could also be applied to a police department as well (Cuiker, Cheslock &
Rodrigues, 1997). Surveys could easily be distributed to officers through an in-house mail
system or handed out to them in roll calls. By having a method in place for the anonymous
return of the surveys it would also allow the rank and file officers to reply honestly without the
fear of repercussions from supervisors for pointing out flaws or failings in department policies or
operations. The use of department wide surveys also allows managers who may be greatly
removed from day to day operations, to remain in touch with the risks of the officers on the
street. This kind of bottom up involvement generates a sense of “buying into” a risk
management program in the future as all department personnel have a voice in helping to shape
the areas of risk and the priority that they are assigned (Hutto, 2009).
Cicero, Illinois is a western suburb of Chicago that lies adjacent to the city’s western
border. While its 2010 census population is approximately 84,000 the large population of
undocumented residents brings its residential population to a figure closer to 100,000 and many
Running Head: PROTECTING THE PROTECTORS
more when the numerous industrial facilities are open during normal operating hours. The police
department numbers 142 officers of which 35 are supervisors with the rank of sergeant or above
leaving 107 officers to fill positions in the patrol, investigations and gang/narcotics divisions. As
with many large suburbs of cities like Chicago, Los Angeles or New York they share many of
the same problems that are faced by their big city counterparts including gang activity,
homicides, robberies and burglaries. While the Cicero Police Department does not share the
exact same risks in frequency or probability as the neighboring Chicago Police Department they
do have much more in common with them than with the police force in an economically elevated
suburb in far western Kendall County 50 miles west of Chicago which does not possess the same
criminal activities as Chicago or Cicero or the same prevailing legal climate which also plays a
role in the risks faced by a police department (Archbold, 2005). When considering the risks that
are present for the officers of the Cicero Police Department it is apparent where these events fall
into the frequency and risk spectrum. The below information is an attempt to asses some of the
risks faced by the Cicero Police Department and the actions in place to mitigate the impact of
these risks. These risks are among the many faced by the department; reflect their severity and
frequency as well as any steps that the department has taken towards mitigating the risk based
upon the policies and records of the Cicero Police Department.
Officer involved shooting high risk/low frequency
o There have only been 6 such incidents over the previous five years resulting in no
fatalities for officers or suspects. Four of these incidents have involved suspects
being fired upon after using a vehicle as a weapon directed at an officer. Such
incidents are mitigated by procedures to increase officer safety, policies and laws
Running Head: PROTECTING THE PROTECTORS
regulating use of force as well as internal and state police investigations into each
incident.
Complaints of excessive force high risk/high frequency
o Such complaints are commonplace for a department as large a Cicero’s and with
nearly 3,000 annual arrests according to the Cicero Police Department’s Records
Division. While informal complaints are frequent, formal complaints with the
Internal Affairs Division are not as common and most result in a finding that
supports the officer’s actions. In 2010 only 8 complaints of excessive force
proceeded further than an investigation, and of these only 1 was not disposed of
by a settlement. While these complaints have a potential to cost a municipality
large sums of money, insurance policies help to alleviate these costs and officer’s
adherence to use of force training and laws ensures that their actions are
appropriate.
Motor vehicle accidents high risk/low frequency
o Accidents are a surprisingly uncommon event considering that a police
department operates a fleet of vehicles that are on the road 24 hours a day 7 days
a week. Such police operations also involve the high speed response to in
progress calls that increase the risk of an accident in such a crowded urban area as
well as round the clock operations in all weather conditions. Given these factors
there is an increased risk of an accident involving serious harm or death as well as
a large financial loss. In order to reduce these risks and their potential losses,
supervisors are responsible for monitoring their officer’s conduct while
responding to calls, regular checks of officer’s driving records to check for
Running Head: PROTECTING THE PROTECTORS
violations and license validity and having a full time employee who’s responsible
for the upkeep and maintenance of the vehicles in the fleet.
Unauthorized release of information low risk/low frequency
o The operations of a police department frequently involve the obtaining of
person’s sensitive identifying information or criminal/driving histories. Due to
this widespread use there is the chance that information that is not properly
secured or disposed of could accidently be released or obtained by someone
outside of the police department. The risk of this is relatively low in that the
information is information that is available through internet sites or data bases and
the number of people with access to the areas in which the officers handle this
information is also very low. Regardless of this the department does have policies
in place that are meant to safeguard people’s information and protect the
department against liability for such a breach. Detectives and gang unit officers
are expected to secure case files in their desks each day and not to leave files or
other information lying about on their desks when they are out of their offices.
Patrol officers are not allowed to leave the secured front desk area with criminal
history or driving record information and there is a specific garbage can in that
area just for the proper disposal of this type of information.
Prisoner escape high risk/low frequency
o Having persons detained in a police facility either charged with or waiting to be
charged with criminal offences would make the prospect of escape a very real risk
especially when considering the safety risks to the community that surrounds the
police station. Even with this risk this is an event that has happened only twice in
Running Head: PROTECTING THE PROTECTORS
the last five years and both subjects were apprehended within a few minutes. The
opening of the new police station in 2008 addressed gaps in security at the old
station that made a prisoner’s escape a more realistic possibility. Physical
security designs have made it so that a prisoner is taken from the transporting
vehicle inside an enclosed sally port and taken immediately into the lock up area
through two secured doors. These doors both require a computer coded pass card
to open and the two doors from lock up into the station also need a four digit code
entered before the doors will open. Policies at the new station also ensure that all
areas of the lock up are under constant video monitoring from both the lock up
control room and the watch commander’s desk at the front of the station and that
all prisoners not being moved within the lock up are to be secured in a cell or to a
handcuff secured to the wall.
While the above listed risks are but a small sampling of the risks faced by the Cicero
Police Department and law enforcement agencies across the country. These risks are faced on a
daily basis and affect everyone within a police department therefore it is important that everyone
within the department understand the elements of the risks that are faced and how they can
impact them. As pointed out by Hutto having everyone involved in the risk process creates a
sense of “buy in” with risk management in their department as well as how practices and policies
that are in place help to protect them and diminish the risk to them as officers from both a
potentially financial risk as well as risks to their personal safety (2009). Considering the risks
involved in policing today and the potential for loss associated with police work it is surprising
that more departments do not have an established risk management process or team who work
constantly to protect officers, departments and municipal governments.
Running Head: PROTECTING THE PROTECTORS
References
Archbold, C. (2005). Managing the Bottom Line: Risk Management in Policing. Policing, 28
ASIS International. (2005). Business Continuity Guidelines: A Practical Approach for Emergency Preparedness, Crisis Management and Disaster Recovery. Alexandria, VA.
_______________ (2003). General Security Risk Assessment Guidelines. Alexandria, VA.
Bowman, D. (2003). Comparing Law Enforcement Accreditation and Private Security Standards. Journal of Security Administration, 26 (1). 17-26.
Chabot, R. & Barker-McCardle, J. (2008). Essex Police Authority & Essex Police Joint Risk Management Strategy 2009-2012. London. Essex Police Authority.
Cicero Police Department. (2011). Cicero Police Department Policy and Procedure Manual.
Commission for Accreditation of Law Enforcement Agencies. (2012). Two Risk Management Studies Support Accreditation. Retrieved from: www.calea.org/content/two-research-studies-support-accreditation.html
Cukier, W., Cheshak, T. & Rodrigues, S. (1997). Quality Assurance, Risk Management, and Audit in Canadian Police Services: Current Status and Emerging Trends. Toronto: Ryerson University.
Hutto, J. (2009). Risk Management in Law Enforcement: A Model Assessment Tool. (unpublished dissertation) Texas State University: San Marcos, TX.
International Association of Chiefs of Police. (1998). Police Facility Planning Guidelines: Desk Reference for Law Enforcement Executives.
Police Executive Research Foundation [PERF]. (2011). Managing Major Events: Best Practices for the Field. Washington DC: PERF.
Price Waterhouse Coopers. (2007). Business Risk Assessment. [Power Point Slides]. Retrieved from: