scmt553 risk paper

Running Head: PROTECTING THE PROTECTORS

Protecting the Protectors: Risk Management and Law Enforcement

Michael McMahon

American Military University


Abstract

Risk analysis and assessment is a tool that is frequently used by businesses and other private sector entities to determine the potential for financial or personal losses in the event of an incident of some kind. As this is oftentimes a process that exists in private industry it is usually profit driven as businesses look to decrease costs due to risk related losses. Within the law enforcement world, police departments are well equipped to help others in determining their risks and how to mitigate them. Police departments utilize crime data to direct patrol or specific enforcement activities. They hold classes for the elderly on preventing identity theft or ruse burglary crimes and self-defense lessons to local women’s groups. That being said what steps do police departments take to look at the risks that they face and how to prevent losses? While police departments may not have concerns about losses due to shoplifting or intellectual property theft, this does not mean that law enforcement agencies do not face significant financial or individual losses in the event of a potential risk becoming a real event. When looking at different police agencies it is not a matter of what events pose a risk to a specific department but rather how likely is a given event to occur and what kind of losses does a department face in the event of an incident happening? Based upon this premise it is important to look at how any police department, regardless of size can go about determining the risks it faces and the probability of a risk event taking place.


When it comes to managing risks police departments may be the one of the first

practitioners what we have come to know as risk management. Within the communities that they

serve police departments have, for centuries carried out risk assessments and mitigation

programs long before this was a hot button topic for the security or insurance fields. When a

burglary or robbery crew goes on a spree police departments gather date, forecast probable times

and locations for future crimes and create directed enforcement teams to take the crews off the

street. When it comes to roadway safety police departments turn to enforcement and education

programs like seatbelt awareness month, roadside sobriety checkpoints and commercial vehicle

inspections to decrease traffic accidents and death. School children are taught about the dangers

of drugs and gangs while the elderly are taught to protect themselves from scams and identity

thieves. While all of these are programs that most if not all police departments across the United

States carry out every day under the headings of community policing, highway safety or elderly

crime prevention, they are all actually forms of risk analysis and mitigation performed on the

behalf of society at large. In all of these examples the police departments have taken the seven

step risk analysis process as shown by ASIS International and applied it to their community.

Using the example of street robberies taking place within ½ mile of the regional transit station

between 2330hrs and 0030hrs a police agency does the following

Identify people at risk- Second shift commuters on their way home from the station

Specific loss risk event/vulnerabilities-Robbery where commuters are the victims

Establish probability and frequency of event- Every other Friday night

Impact of the event- Fear by members of community, lost income to transit operations,

lack of confidence in police to protect community, physical harm due to assault


Options to mitigate risk-increased patrol by marked squad cars to displace event,

directed enforcement operation by covert units to apprehend offenders

Feasibility to implement operations-Reassign units, utilize overtime to hire back

officers

Cost & benefit analysis-Decreased fear of transit users, increased confidence in police

services, incarceration of offenders

While this is a very structured model as an example, it is easy to see how this risk analysis model

could be used by police departments every day to combat a variety of criminal activities (ASIS

International, 2003). With these examples in mind it is surprising that law enforcement has not

taken a more aggressive role in conducting risk management and analysis for themselves as they

continuously do for society at large (Hutto, 2009).

Before a look at risk analysis for law enforcement agencies can be started it is important

to first establish definitions of terms such as risk, loss and probability or frequency. Merriam-

Webster defines risk at its most basic level as “a possibility of loss or injury” as well as

“something or someone that suggests a hazard” (Merriam-Webster). While that is a starting

point it is important to expand this as it pertains to a security environment. One of the most all-

encompassing definitions of risk is provided by Sennewald who defines risk as the “possibility of

harm or loss of people, property, reputation and/or assets caused by an event” (Sennewald,

2011). This definition allows managers and security personnel great latitude to look at events

and determine if those events pose a risk to their organization. Loss is simply harm or a negative

impact upon an asset (ASIS International, 2003). While losses can be harm or injury to people

within an organization it is usually expressed as a monetary value from damage done to property

or lost earnings due to a theft or fraud (Hutto, 2009). Probability and frequency are terms used to


describe how likely a risk event is to occur and how often such an event should or would take

place (ASIS International, 2003). Within organizations the process of risk management has

come to describe a proactive process of identifying and assessing factors and events, or risks that

could cause a loss.

With these definitions in place it is now possible to look at the concepts of risk and how

proper analysis applies to law enforcement agencies. One of the most critical elements of

applying risk analysis to law enforcement is to look at police departments through a different

lens than people may be used to looking at them through. Instead of looking at them strictly

from a perspective where they are non-business entities that provide a service for taxpayers with

little financial return they need to be looked at as any other corporate business entity would be.

This is because there is no difference between risk analyses as it pertains to the Chicago Police

Department, Wal Mart or Ford Motors. In all of these organizations the goal is the same, to

reduce losses through the limiting and mitigating of risk. The only difference is that the risks the

organizations face are different (Hutto, 2009). Wal Mart may be concerned about losses from

employee thefts, Ford Motors may want to better manage less due to copyright infringement

while the Chicago Police Department wants to control losses from pursuit related motor vehicle

accident. One significant difference between private and public organizations when it comes to

risk analysis and management is that public organizations such as police departments are faced

with the hard truth that they have much more to lose than a private entity. While a business can

work to make up its losses a public entity like a police department has no renewing revenue

stream to fall back on in the event of a loss (Hutto, 2009). It is this kind of situation that has

helped to transform risk assessment and management from a tool strictly in the hands of

insurance companies into a management tool that has worked to shape and guide policies and


procedures within America’s police departments (Archbold, 2005). The adoption of this tool by

police agencies has come in the late 20th century and continued until today for a number of

different reasons. The ranks of America’s police chiefs and command staff are the most

educated officers that police departments have ever had. These managers, which are what they

have become, have the experiences of being exposed to higher levels of education including

undergraduate and advanced degree programs in public administration, criminal justice and

municipal management in which the realities of topics like budgeting and resource allocation are

commonplace. Many of these managers are also in the position of seeing shrinking budgets and

demands to cut costs of which one way is to limit losses due to risk. Another significant, if not

the most significant driving force behind the advent of risk is the very nature of American

society. The last thirty or so years have changed many things about the way police departments

function and interact with the public as a result of the federal courts position on police civil

liability. The ability of citizens to civilly sue police agencies and their officers as well as the

overall increase in the litigious nature of our society has resulted in an increase in suits filed

against departments and their members. These suits have resulted in increased costs to litigate

these cases as well as liability claims which have hit agencies and their insurers hard. To the

departments themselves the settling of these cases is oftentimes without loss. Unless there is a

successful awarding of punitive damages the individual officers pay nothing and most police

agencies are insured against lawsuits of this nature. This perspective is the polar opposite of the

insurance companies that issue the liability policies for the police agencies. To them these

successful suits and the resulting monetary awards are a loss and a loss that frequently numbers

in the hundreds of thousands if not millions of dollars. In response insurance companies have

pressed law enforcement agencies about these losses, leading to an increase in risk management


programs in policing (Archbold, 2005). This acceptance and interest in risk programs has come

much later for law enforcement than it has within the private sector. As mentioned in mentioned

earlier, police agencies have more to lose than private business entities yet it is the private sector

that has spent millions of dollars in the research and application of risk management to offset the

losses they stand to sustain. Driven by profit private forays into risk management have been

more widespread and are historically older (Bowman, 2003). The benefits of implementing a

risk management program with a strong assessment element go beyond simple profit and loss

figures. While there is the obvious financial benefit that can come from assessing and planning

for risks, there are also other benefits that can come from this as well. The process of assessing

and prioritizing risks will also facilitate the writing or changing of policies and practices in

response to the findings of those assessments. As a result of these evolving policies and

procedures departments and communities should see a corresponding increase in officer and

citizen safety as well as an improved quality of service from the police department and the

individual officers (Archbold, 2005). Another area from which the drive for comprehensive risk

management has come from is CALEA, the Commission on Accreditation for Law Enforcement

Agencies. As an accrediting agency, CALEA is responsible for establishing across the board

standards for police agencies across the United States and internationally. Acknowledged as the

pioneer in law enforcement accreditation, CALEA has become recognized as the highest level of

professional service and standards that an agency can attain. CALEA accreditation is a

voluntary, yet rigorous process of self and external evaluation of every facet of the department in

order to ensure that high standards are maintained. One of the standards that must be met for

CALEA accreditation is in the area of risk assessment and management. While this process can

be time consuming and costly the benefits of CALEA accreditation are many and are in


themselves a form of risk planning as they provide the agency with more effective defenses

against lawsuits, a more regular system of training, a framework for internal audits, plans for

disaster level events as well as continued updating of orders and policies (CALEA, n.d.). These

benefits have been supported by a Tennessee study that looked at accredited versus non-

accredited agencies and their yearly losses due to risk events in the areas of Workers’

Compensation, Police Liability, Auto Liability and Auto Physical Damage. The study was

conducted over a period of eight years, from 1994 to 2002 and compared five accredited

agencies with twenty three agencies that lacked accreditation. The results of the study showed

clearly that the agencies that were accredited by CALEA had lower costs in those four areas than

those that were not. While there are no profit margins to compare between agencies to evaluate

or rate programs success, the frequency of losses and dollars lost to these events do form a

jumping off point to decide if CALEA accreditation and the accompanying risk management has

positive outcomes (Hutto, 2009).

Workers’ Compensation- Accredited departments had 17% less claims than non-

accredited agencies and sustained losses of approximately $72,000 per 100 officers which

was almost 19% less than the non-accredited departments

Police Liability- The accredited agencies clearly benefitted from the practices demanded

by CALEA as these agencies had 51% less claims than non-accredited agencies and had

liability losses of 11% less or only $31,000 per 100 officers

Auto Liability- Accredited agencies had losses that were almost one-third less than non-

accredited departments in dollars which were roughly equaled by a claim rate of only

31% of the non-accredited departments in the study


Auto Physical Damage- These numbers were also very telling as to the benefits of risk

programs under the umbrella of CALEA’s accreditation process. Accredited departments

had a claim rate of only 1.2 claims per 100 officers which were just over 60% of those of

non-accredited departments and saw losses that were 58% lower (CALEA, n.d.)

While these numbers are impressive especially in the eyes of a police chief, village manager or

insurance adjustor these figures are debatable. There have been no published research studies to

show the benefits of a risk management program in law enforcement agencies (Archbold, 2005).

While Archbold’s point needs to be considered the disparity in the results seems to support the

idea that such programs do benefit law enforcement agencies. Another factor that makes it

difficult to evaluate the benefits of these programs is based upon the Drivers of Value.

According to Price Waterhouse Coopers, value is derived by looking at risk, return and growth

or expansion (Price Waterhouse Coopers, 2007). With law enforcement this is a formula that is

not readily determined. Risk and return are two concepts that are not difficult to transport from a

business application to the law enforcement world. An example of this would be emergency

response, meaning lights and siren as well as increased speed, to domestic violence calls. The

risk is that by driving faster and proceeding through red lights and other traffic control devices

the officers have a greater risk of getting into a motor vehicle collision. The return is reaching

the scene faster which would prevent further violence an accompanying injury to the victim. The

problem is determining the element of growth from this. Prompt police response will not cause

an end to domestic violence and there is no financial gain to be made in preventing a victim from

getting struck three versus five times. In a sense when looking at risk management for law

enforcement it might be only appropriate to consider the risk vs. return and not factor growth

into the equation when determining its value.


The proper assessment and analysis of the risks that a police department faces is perhaps

the most important step of the risk management process and one that will drive both operations

and policy. Assessing risk also is of the utmost importance because it also dictates resource

planning as well. Hutto points out that the number one determinant of proper resource allocation

is risk assessment. Without properly determining the probability and frequency of risks a

department cannot determine where and how much of their resources in dollars and people need

to be distributed (2009). The Essex Police and Essex Police Service study regarding risk

management took this even further. According to their plan risk management and associated

planning were necessary also for policy creation, project management as well as a tool to help

evaluate performance (Chambers & McCardle, 2008). Additionally the department must decide

which type of risk is more damaging to the organization when deciding how to prioritize it. One

agency may value protecting against the high risk/low frequency event over the low risk/high

frequency event. In a real world scenario this would be a department placing a greater emphasis

and amount of resources protecting the agency in the event of a police officer shooting an

unarmed subject (high/low) as opposed to an officer citing someone incorrectly for a traffic

violation (low/high) (Hutto, 2009). Before deciding how to prioritize the risks for frequency and

potential loss the department must first assess the types of risks to the agency and there are a

number of tools that can be used to conduct this assessment.

One of the easiest and most basic ways to identify and prioritize risks is to place them

into one of three categories based upon who they pose the greatest risk to. Within a police

department risk will be a risk to people/personnel, a risk to the physical elements of the

department or a risk to the department’s finances (Archbold, 2005). While these are separate

categories there will be some overlap from one to another and most risks will involve impact to


more than one area in differing amounts. A vehicle accident involving a police squad car will

bridge all three areas of risk

Personnel- Risk to the officer from the accident

Financial- Amount of dollars to repair damages or to satisfy and civil suits as a result of

the accident

Physical- The losses stemming from the damage to the police squad car

Another method that is used to assess risk for a police department is through the use of crime

data gathered by the police department itself. The statistics generated from the actual incidents

that have touched the agency are a window into which risks they face (Archbold, 2005). It was

pointed out that while no two police departments share the exact same risks these statistics will

clearly indicate what risks each agency does face. When assessing the risk from law suits

stemming from illegal searches, a comparison of total searches to allegations of illegal searches

will provide a ratio from which to base a probability of risk upon. The amount of money

accident liability cost an agency in a given year is also a figure that could be determined from

department records. This method can also be assisted by a Comp Stat style system that can

actually track and compile statistics based on crime data and then forecast trends and patterns in

criminal activity (Hutto, 2009).

The Essex Police risk management plan divides risks into two categories severity and

likelihood. Under this model the Essex Police look at six different areas of impact that a given

event could have. These six areas are performance, finance, reputation, safety, human rights and

legal. Each area of impact will also receive a grade of 1 to 4 to measure the likelihood of a given

event to occur ranging from a 1(unlikely) to a 4 (certainty) and a grade of 2, 10 15 or 25 to set a


value to that impact of each event upon a department. These values are then placed in a graph

and the risk impact is multiplied by the likelihood to determine the “Risk Score” of a given event

(Chambers & Harper-McCardle, 2008).

Scenario based assessment can also be a useful tool in looking at the risks that face a

modern organization. While originally designed with corporate risk plans in mind, scenario

based planning can allow a police agency to look at different risks that face them and how these

events would impact the department. These scenarios can be used for much more than just

determining risk. They can also be used to question assumptions about specific risk events and

the organization, to test strategies already in place to respond to risk events, determine what new

policies or plans might be needed to respond to the event and maybe most importantly, open

dialogue between different parts of the organization. This open dialogue becomes even more

important when dealing with a large organization made up of many compartmentalized parts.

The different parts of the large organization may not understand or even be aware of how

something appearing minor may be a significant risk to another part of the organization. A fleet

maintenance division may see a short in wires as being no big deal and therefore not seen as a

risk event. To the patrol division such a short could result in a significant risk when responding

to an emergency call if the lighting and sirens suddenly quit working when approaching an

intersection. This open dialogue should also help in getting new ideas out and circulating

amongst those involved in the process (Price Waterhouse Coopers, 2007).

An overlooked but reliable source of information about risks can be found in the pages of

the police agency’s general orders or policy manual. These policies and orders are created to

establish a standard method of operations as well as creating safe procedures for carrying out day

to day police tasks. These orders are designed to provide a high level of service to the


community while also attempting to make the sometimes dangerous tasks of a police officer as

safe as possible. By looking these orders over, which are frequently hundreds of pages in length;

we can see what areas the department’s managers felt were important to mitigate the risks of

(Hutto, 2009).

Surveys are another way to help the managers of a police department determine risks and

their significance. The study that was conducted through Ryerson University in order to

document and look at the presence of risk management relied heavily upon surveys that were

sent to Canadian police agencies of varying sizes. These surveys contained questions regarding

risks posed to the departments as well as questions about what risk programs were in place at the

department in question. Surveys allowed the researchers to gather data about a large number of

police agencies which could also be applied to a police department as well (Cuiker, Cheslock &

Rodrigues, 1997). Surveys could easily be distributed to officers through an in-house mail

system or handed out to them in roll calls. By having a method in place for the anonymous

return of the surveys it would also allow the rank and file officers to reply honestly without the

fear of repercussions from supervisors for pointing out flaws or failings in department policies or

operations. The use of department wide surveys also allows managers who may be greatly

removed from day to day operations, to remain in touch with the risks of the officers on the

street. This kind of bottom up involvement generates a sense of “buying into” a risk

management program in the future as all department personnel have a voice in helping to shape

the areas of risk and the priority that they are assigned (Hutto, 2009).

Cicero, Illinois is a western suburb of Chicago that lies adjacent to the city’s western

border. While its 2010 census population is approximately 84,000 the large population of

undocumented residents brings its residential population to a figure closer to 100,000 and many


more when the numerous industrial facilities are open during normal operating hours. The police

department numbers 142 officers of which 35 are supervisors with the rank of sergeant or above

leaving 107 officers to fill positions in the patrol, investigations and gang/narcotics divisions. As

with many large suburbs of cities like Chicago, Los Angeles or New York they share many of

the same problems that are faced by their big city counterparts including gang activity,

homicides, robberies and burglaries. While the Cicero Police Department does not share the

exact same risks in frequency or probability as the neighboring Chicago Police Department they

do have much more in common with them than with the police force in an economically elevated

suburb in far western Kendall County 50 miles west of Chicago which does not possess the same

criminal activities as Chicago or Cicero or the same prevailing legal climate which also plays a

role in the risks faced by a police department (Archbold, 2005). When considering the risks that

are present for the officers of the Cicero Police Department it is apparent where these events fall

into the frequency and risk spectrum. The below information is an attempt to asses some of the

risks faced by the Cicero Police Department and the actions in place to mitigate the impact of

these risks. These risks are among the many faced by the department; reflect their severity and

frequency as well as any steps that the department has taken towards mitigating the risk based

upon the policies and records of the Cicero Police Department.

Officer involved shooting high risk/low frequency

o There have only been 6 such incidents over the previous five years resulting in no

fatalities for officers or suspects. Four of these incidents have involved suspects

being fired upon after using a vehicle as a weapon directed at an officer. Such

incidents are mitigated by procedures to increase officer safety, policies and laws


regulating use of force as well as internal and state police investigations into each

incident.

Complaints of excessive force high risk/high frequency

o Such complaints are commonplace for a department as large a Cicero’s and with

nearly 3,000 annual arrests according to the Cicero Police Department’s Records

Division. While informal complaints are frequent, formal complaints with the

Internal Affairs Division are not as common and most result in a finding that

supports the officer’s actions. In 2010 only 8 complaints of excessive force

proceeded further than an investigation, and of these only 1 was not disposed of

by a settlement. While these complaints have a potential to cost a municipality

large sums of money, insurance policies help to alleviate these costs and officer’s

adherence to use of force training and laws ensures that their actions are

appropriate.

Motor vehicle accidents high risk/low frequency

o Accidents are a surprisingly uncommon event considering that a police

department operates a fleet of vehicles that are on the road 24 hours a day 7 days

a week. Such police operations also involve the high speed response to in

progress calls that increase the risk of an accident in such a crowded urban area as

well as round the clock operations in all weather conditions. Given these factors

there is an increased risk of an accident involving serious harm or death as well as

a large financial loss. In order to reduce these risks and their potential losses,

supervisors are responsible for monitoring their officer’s conduct while

responding to calls, regular checks of officer’s driving records to check for


violations and license validity and having a full time employee who’s responsible

for the upkeep and maintenance of the vehicles in the fleet.

Unauthorized release of information low risk/low frequency

o The operations of a police department frequently involve the obtaining of

person’s sensitive identifying information or criminal/driving histories. Due to

this widespread use there is the chance that information that is not properly

secured or disposed of could accidently be released or obtained by someone

outside of the police department. The risk of this is relatively low in that the

information is information that is available through internet sites or data bases and

the number of people with access to the areas in which the officers handle this

information is also very low. Regardless of this the department does have policies

in place that are meant to safeguard people’s information and protect the

department against liability for such a breach. Detectives and gang unit officers

are expected to secure case files in their desks each day and not to leave files or

other information lying about on their desks when they are out of their offices.

Patrol officers are not allowed to leave the secured front desk area with criminal

history or driving record information and there is a specific garbage can in that

area just for the proper disposal of this type of information.

Prisoner escape high risk/low frequency

o Having persons detained in a police facility either charged with or waiting to be

charged with criminal offences would make the prospect of escape a very real risk

especially when considering the safety risks to the community that surrounds the

police station. Even with this risk this is an event that has happened only twice in


the last five years and both subjects were apprehended within a few minutes. The

opening of the new police station in 2008 addressed gaps in security at the old

station that made a prisoner’s escape a more realistic possibility. Physical

security designs have made it so that a prisoner is taken from the transporting

vehicle inside an enclosed sally port and taken immediately into the lock up area

through two secured doors. These doors both require a computer coded pass card

to open and the two doors from lock up into the station also need a four digit code

entered before the doors will open. Policies at the new station also ensure that all

areas of the lock up are under constant video monitoring from both the lock up

control room and the watch commander’s desk at the front of the station and that

all prisoners not being moved within the lock up are to be secured in a cell or to a

handcuff secured to the wall.

While the above listed risks are but a small sampling of the risks faced by the Cicero

Police Department and law enforcement agencies across the country. These risks are faced on a

daily basis and affect everyone within a police department therefore it is important that everyone

within the department understand the elements of the risks that are faced and how they can

impact them. As pointed out by Hutto having everyone involved in the risk process creates a

sense of “buy in” with risk management in their department as well as how practices and policies

that are in place help to protect them and diminish the risk to them as officers from both a

potentially financial risk as well as risks to their personal safety (2009). Considering the risks

involved in policing today and the potential for loss associated with police work it is surprising

that more departments do not have an established risk management process or team who work

constantly to protect officers, departments and municipal governments.


References

Archbold, C. (2005). Managing the Bottom Line: Risk Management in Policing. Policing, 28

ASIS International. (2005). Business Continuity Guidelines: A Practical Approach for Emergency Preparedness, Crisis Management and Disaster Recovery. Alexandria, VA.

_______________ (2003). General Security Risk Assessment Guidelines. Alexandria, VA.

Bowman, D. (2003). Comparing Law Enforcement Accreditation and Private Security Standards. Journal of Security Administration, 26 (1). 17-26.

Chabot, R. & Barker-McCardle, J. (2008). Essex Police Authority & Essex Police Joint Risk Management Strategy 2009-2012. London. Essex Police Authority.

Cicero Police Department. (2011). Cicero Police Department Policy and Procedure Manual.

Commission for Accreditation of Law Enforcement Agencies. (2012). Two Risk Management Studies Support Accreditation. Retrieved from: www.calea.org/content/two-research-studies-support-accreditation.html

Cukier, W., Cheshak, T. & Rodrigues, S. (1997). Quality Assurance, Risk Management, and Audit in Canadian Police Services: Current Status and Emerging Trends. Toronto: Ryerson University.

Hutto, J. (2009). Risk Management in Law Enforcement: A Model Assessment Tool. (unpublished dissertation) Texas State University: San Marcos, TX.

International Association of Chiefs of Police. (1998). Police Facility Planning Guidelines: Desk Reference for Law Enforcement Executives.

Police Executive Research Foundation [PERF]. (2011). Managing Major Events: Best Practices for the Field. Washington DC: PERF.

Price Waterhouse Coopers. (2007). Business Risk Assessment. [Power Point Slides]. Retrieved from:

http://www.calea.org/content/two-research-studies-support-accreditation.html

http://www.calea.org/content/two-research-studies-support-accreditation.html

scmt553 risk paper

Documents