Running Head: PROTECTING THE PROTECTORS

Protecting the Protectors: Risk Management and Law Enforcement Michael McMahon American Military University

Running Head: PROTECTING THE PROTECTORS

Abstract Risk analysis and assessment is a tool that is frequently used by businesses and other private sector entities to determine the potential for financial or personal losses in the event of an incident of some kind. As this is oftentimes a process that exists in private industry it is usually profit driven as businesses look to decrease costs due to risk related losses. Within the law enforcement world, police departments are well equipped to help others in determining their risks and how to mitigate them. Police departments utilize crime data to direct patrol or specific enforcement activities. They hold classes for the elderly on preventing identity theft or ruse burglary crimes and self-defense lessons to local womens groups. That being said what steps do police departments take to look at the risks that they face and how to prevent losses? While police departments may not have concerns about losses due to shoplifting or intellectual property theft, this does not mean that law enforcement agencies do not face significant financial or individual losses in the event of a potential risk becoming a real event. When looking at different police agencies it is not a matter of what events pose a risk to a specific department but rather how likely is a given event to occur and what kind of losses does a department face in the event of an incident happening? Based upon this premise it is important to look at how any police department, regardless of size can go about determining the risks it faces and the probability of a risk event taking place.

Running Head: PROTECTING THE PROTECTORS

When it comes to managing risks police departments may be the one of the first practitioners what we have come to know as risk management. Within the communities that they serve police departments have, for centuries carried out risk assessments and mitigation programs long before this was a hot button topic for the security or insurance fields. When a burglary or robbery crew goes on a spree police departments gather date, forecast probable times and locations for future crimes and create directed enforcement teams to take the crews off the street. When it comes to roadway safety police departments turn to enforcement and education programs like seatbelt awareness month, roadside sobriety checkpoints and commercial vehicle inspections to decrease traffic accidents and death. School children are taught about the dangers of drugs and gangs while the elderly are taught to protect themselves from scams and identity thieves. While all of these are programs that most if not all police departments across the United States carry out every day under the headings of community policing, highway safety or elderly crime prevention, they are all actually forms of risk analysis and mitigation performed on the behalf of society at large. In all of these examples the police departments have taken the seven step risk analysis process as shown by ASIS International and applied it to their community. Using the example of street robberies taking place within mile of the regional transit station between 2330hrs and 0030hrs a police agency does the following Identify people at risk- Second shift commuters on their way home from the station Specific loss risk event/vulnerabilities-Robbery where commuters are the victims Establish probability and frequency of event- Every other Friday night Impact of the event- Fear by members of community, lost income to transit operations, lack of confidence in police to protect community, physical harm due to assault

Running Head: PROTECTING THE PROTECTORS

Options to mitigate risk-increased patrol by marked squad cars to displace event, directed enforcement operation by covert units to apprehend offenders

Feasibility to implement operations-Reassign units, utilize overtime to hire back officers

Cost & benefit analysis-Decreased fear of transit users, increased confidence in police services, incarceration of offenders

While this is a very structured model as an example, it is easy to see how this risk analysis model could be used by police departments every day to combat a variety of criminal activities (ASIS International, 2003). With these examples in mind it is surprising that law enforcement has not taken a more aggressive role in conducting risk management and analysis for themselves as they continuously do for society at large (Hutto, 2009). Before a look at risk analysis for law enforcement agencies can be started it is important to first establish definitions of terms such as risk, loss and probability or frequency. MerriamWebster defines risk at its most basic level as a possibility of loss or injury as well as something or someone that suggests a hazard (Merriam-Webster). While that is a starting point it is important to expand this as it pertains to a security environment. One of the most allencompassing definitions of risk is provided by Sennewald who defines risk as the possibility of harm or loss of people, property, reputation and/or assets caused by an event (Sennewald, 2011). This definition allows managers and security personnel great latitude to look at events and determine if those events pose a risk to their organization. Loss is simply harm or a negative impact upon an asset (ASIS International, 2003). While losses can be harm or injury to people within an organization it is usually expressed as a monetary value from damage done to property or lost earnings due to a theft or fraud (Hutto, 2009). Probability and frequency are terms used to

Running Head: PROTECTING THE PROTECTORS

describe how likely a risk event is to occur and how often such an event should or would take place (ASIS International, 2003). Within organizations the process of risk management has come to describe a proactive process of identifying and assessing factors and events, or risks that could cause a loss. With these definitions in place it is now possible to look at the concepts of risk and how proper analysis applies to law enforcement agencies. One of the most critical elements of applying risk analysis to law enforcement is to look at police departments through a different lens than people may be used to looking at them through. Instead of looking at them strictly from a perspective where they are non-business entities that provide a service for taxpayers with little financial return they need to be looked at as any other corporate business entity would be. This is because there is no difference between risk analyses as it pertains to the Chicago Police Department, Wal Mart or Ford Motors. In all of these organizations the goal is the same, to reduce losses through the limiting and mitigating of risk. The only difference is that the risks the organizations face are different (Hutto, 2009). Wal Mart may be concerned about losses from employee thefts, Ford Motors may want to better manage less due to copyright infringement while the Chicago Police Department wants to control losses from pursuit related motor vehicle accident. One significant difference between private and public organizations when it comes to risk analysis and management is that public organizations such as police departments are faced with the hard truth that they have much more to lose than a private entity. While a business can work to make up its losses a public entity like a police department has no renewing revenue stream to fall back on in the event of a loss (Hutto, 2009). It is this kind of situation that has helped to transform risk assessment and management from a tool strictly in the hands of insurance companies into a management tool that has worked to shape and guide policies and

Running Head: PROTECTING THE PROTECTORS

procedures within Americas police departments (Archbold, 2005). The adoption of this tool by police agencies has come in the late 20th century and continued until today for a number of different reasons. The ranks of Americas police chiefs and command staff are the most educated officers that police departments have ever had. These managers, which are what they have become, have the experiences of being exposed to higher levels of education including undergraduate and advanced degree programs in public administration, criminal justice and municipal management in which the realities of topics like budgeting and resource allocation are commonplace. Many of these managers are also in the position of seeing shrinking budgets and demands to cut costs of which one way is to limit losses due to risk. Another significant, if not the most significant driving force behind the advent of risk is the very nature of American society. The last thirty or so years have changed many things about the way police departments function and interact with the public as a result of the federal courts position on police civil liability. The ability of citizens to civilly sue police agencies and their officers as well as the overall increase in the litigious nature of our society has resulted in an increase in suits filed against departments and their members. These suits have resulted in increased costs to litigate these cases as well as liability claims which have hit agencies and their insurers hard. To the departments themselves the settling of these cases is oftentimes without loss. Unless there is a successful awarding of punitive damages the individual officers pay nothing and most police agencies are insured against lawsuits of this nature. This perspective is the polar opposite of the insurance companies that issue the liability policies for the police agencies. To them these successful suits and the resulting monetary awards are a loss and a loss that frequently numbers in the hundreds of thousands if not millions of dollars. In response insurance companies have pressed law enforcement agencies about these losses, leading to an increase in risk management

Running Head: PROTECTING THE PROTECTORS

programs in policing (Archbold, 2005). This acceptance and interest in risk programs has come much later for law enforcement than it has within the private sector. As mentioned in mentioned earlier, police agencies have more to lose than private business entities yet it is the private sector that has spent millions of dollars in the research and application of risk management to offset the losses they stand to sustain. Driven by profit private forays into risk management have been more widespread and are historically older (Bowman, 2003). The benefits of implementing a risk management program with a strong assessment element go beyond simple profit and loss figures. While there is the obvious financial benefit that can come from assessing and planning for risks, there are also other benefits that can come from this as well. The process of assessing and prioritizing risks will also facilitate the writing or changing of policies and practices in response to the findings of those assessments. As a result of these evolving policies and procedures departments and communities should see a corresponding increase in officer and citizen safety as well as an improved quality of service from the police department and the individual officers (Archbold, 2005). Another area from which the drive for comprehensive risk management has come from is CALEA, the Commission on Accreditation for Law Enforcement Agencies. As an accrediting agency, CALEA is responsible for establishing across the board standards for police agencies across the United States and internationally. Acknowledged as the pioneer in law enforcement accreditation, CALEA has become recognized as the highest level of professional service and standards that an agency can attain. CALEA accreditation is a voluntary, yet rigorous process of self and external evaluation of every facet of the department in order to ensure that high standards are maintained. One of the standards that must be met for CALEA accreditation is in the area of risk assessment and management. While this process can be time consuming and costly the benefits of CALEA accreditation are many and are in

Running Head: PROTECTING THE PROTECTORS

themselves a form of risk planning as they provide the agency with more effective defenses against lawsuits, a more regular system of training, a framework for internal audits, plans for disaster level events as well as continued updating of orders and policies (CALEA, n.d.). These benefits have been supported by a Tennessee study that looked at accredited versus nonaccredited agencies and their yearly losses due to risk events in the areas of Workers Compensation, Police Liability, Auto Liability and Auto Physical Damage. The study was conducted over a period of eight years, from 1994 to 2002 and compared five accredited agencies with twenty three agencies that lacked accreditation. The results of the study showed clearly that the agencies that were accredited by CALEA had lower costs in those four areas than those that were not. While there are no profit margins to compare between agencies to evaluate or rate programs success, the frequency of losses and dollars lost to these events do form a jumping off point to decide if CALEA accreditation and the accompanying risk management has positive outcomes (Hutto, 2009). Workers Compensation- Accredited departments had 17% less claims than nonaccredited agencies and sustained losses of approximately $72,000 per 100 officers which was almost 19% less than the non-accredited departments Police Liability- The accredited agencies clearly benefitted from the practices demanded by CALEA as these agencies had 51% less claims than non-accredited agencies and had liability losses of 11% less or only $31,000 per 100 officers Auto Liability- Accredited agencies had losses that were almost one-third less than nonaccredited departments in dollars which were roughly equaled by a claim rate of only 31% of the non-accredited departments in the study

Running Head: PROTECTING THE PROTECTORS

Auto Physical Damage- These numbers were also very telling as to the benefits of risk programs under the umbrella of CALEAs accreditation process. Accredited departments had a claim rate of only 1.2 claims per 100 officers which were just over 60% of those of non-accredited departments and saw losses that were 58% lower (CALEA, n.d.)

While these numbers are impressive especially in the eyes of a police chief, village manager or insurance adjustor these figures are debatable. There have been no published research studies to show the benefits of a risk management program in law enforcement agencies (Archbold, 2005). While Archbolds point needs to be considered the disparity in the results seems to support the idea that such programs do benefit law enforcement agencies. Another factor that makes it difficult to evaluate the benefits of these programs is based upon the Drivers of Value. According to Price Waterhouse Coopers, value is derived by looking at risk, return and growth or expansion (Price Waterhouse Coopers, 2007). With law enforcement this is a formula that is not readily determined. Risk and return are two concepts that are not difficult to transport from a business application to the law enforcement world. An example of this would be emergency response, meaning lights and siren as well as increased speed, to domestic violence calls. The risk is that by driving faster and proceeding through red lights and other traffic control devices the officers have a greater risk of getting into a motor vehicle collision. The return is reaching the scene faster which would prevent further violence an accompanying injury to the victim. The problem is determining the element of growth from this. Prompt police response will not cause an end to domestic violence and there is no financial gain to be made in preventing a victim from getting struck three versus five times. In a sense when looking at risk management for law enforcement it might be only appropriate to consider the risk vs. return and not factor growth into the equation when determining its value.

Running Head: PROTECTING THE PROTECTORS

The proper assessment and analysis of the risks that a police department faces is perhaps the most important step of the risk management process and one that will drive both operations and policy. Assessing risk also is of the utmost importance because it also dictates resource planning as well. Hutto points out that the number one determinant of proper resource allocation is risk assessment. Without properly determining the probability and frequency of risks a department cannot determine where and how much of their resources in dollars and people need to be distributed (2009). The Essex Police and Essex Police Service study regarding risk management took this even further. According to their plan risk management and associated planning were necessary also for policy creation, project management as well as a tool to help evaluate performance (Chambers & McCardle, 2008). Additionally the department must decide which type of risk is more damaging to the organization when deciding how to prioritize it. One agency may value protecting against the high risk/low frequency event over the low risk/high frequency event. In a real world scenario this would be a department placing a greater emphasis and amount of resources protecting the agency in the event of a police officer shooting an unarmed subject (high/low) as opposed to an officer citing someone incorrectly for a traffic violation (low/high) (Hutto, 2009). Before deciding how to prioritize the risks for frequency and potential loss the department must first assess the types of risks to the agency and there are a number of tools that can be used to conduct this assessment. One of the easiest and most basic ways to identify and prioritize risks is to place them into one of three categories based upon who they pose the greatest risk to. Within a police department risk will be a risk to people/personnel, a risk to the physical elements of the department or a risk to the departments finances (Archbold, 2005). While these are separate categories there will be some overlap from one to another and most risks will involve impact to

Running Head: PROTECTING THE PROTECTORS

more than one area in differing amounts. A vehicle accident involving a police squad car will bridge all three areas of risk Personnel- Risk to the officer from the accident Financial- Amount of dollars to repair damages or to satisfy and civil suits as a result of the accident Physical- The losses stemming from the damage to the police squad car

Another method that is used to assess risk for a police department is through the use of crime data gathered by the police department itself. The statistics generated from the actual incidents that have touched the agency are a window into which risks they face (Archbold, 2005). It was pointed out that while no two police departments share the exact same risks these statistics will clearly indicate what risks each agency does face. When assessing the risk from law suits stemming from illegal searches, a comparison of total searches to allegations of illegal searches will provide a ratio from which to base a probability of risk upon. The amount of money accident liability cost an agency in a given year is also a figure that could be determined from department records. This method can also be assisted by a Comp Stat style system that can actually track and compile statistics based on crime data and then forecast trends and patterns in criminal activity (Hutto, 2009). The Essex Police risk management plan divides risks into two categories severity and likelihood. Under this model the Essex Police look at six different areas of impact that a given event could have. These six areas are performance, finance, reputation, safety, human rights and legal. Each area of impact will also receive a grade of 1 to 4 to measure the likelihood of a given event to occur ranging from a 1(unlikely) to a 4 (certainty) and a grade of 2, 10 15 or 25 to set a

Running Head: PROTECTING THE PROTECTORS

value to that impact of each event upon a department. These values are then placed in a graph and the risk impact is multiplied by the likelihood to determine the Risk Score of a given event (Chambers & Harper-McCardle, 2008). Scenario based assessment can also be a useful tool in looking at the risks that face a modern organization. While originally designed with corporate risk plans in mind, scenario based planning can allow a police agency to look at different risks that face them and how these events would impact the department. These scenarios can be used for much more than just determining risk. They can also be used to question assumptions about specific risk events and the organization, to test strategies already in place to respond to risk events, determine what new policies or plans might be needed to respond to the event and maybe most importantly, open dialogue between different parts of the organization. This open dialogue becomes even more important when dealing with a large organization made up of many compartmentalized parts. The different parts of the large organization may not understand or even be aware of how something appearing minor may be a significant risk to another part of the organization. A fleet maintenance division may see a short in wires as being no big deal and therefore not seen as a risk event. To the patrol division such a short could result in a significant risk when responding to an emergency call if the lighting and sirens suddenly quit working when approaching an intersection. This open dialogue should also help in getting new ideas out and circulating amongst those involved in the process (Price Waterhouse Coopers, 2007). An overlooked but reliable source of information about risks can be found in the pages of the police agencys general orders or policy manual. These policies and orders are created to establish a standard method of operations as well as creating safe procedures for carrying out day to day police tasks. These orders are designed to provide a high level of service to the

Running Head: PROTECTING THE PROTECTORS

community while also attempting to make the sometimes dangerous tasks of a police officer as safe as possible. By looking these orders over, which are frequently hundreds of pages in length; we can see what areas the departments managers felt were important to mitigate the risks of (Hutto, 2009). Surveys are another way to help the managers of a police department determine risks and their significance. The study that was conducted through Ryerson University in order to document and look at the presence of risk management relied heavily upon surveys that were sent to Canadian police agencies of varying sizes. These surveys contained questions regarding risks posed to the departments as well as questions about what risk programs were in place at the department in question. Surveys allowed the researchers to gather data about a large number of police agencies which could also be applied to a police department as well (Cuiker, Cheslock & Rodrigues, 1997). Surveys could easily be distributed to officers through an in-house mail system or handed out to them in roll calls. By having a method in place for the anonymous return of the surveys it would also allow the rank and file officers to reply honestly without the fear of repercussions from supervisors for pointing out flaws or failings in department policies or operations. The use of department wide surveys also allows managers who may be greatly removed from day to day operations, to remain in touch with the risks of the officers on the street. This kind of bottom up involvement generates a sense of buying into a risk management program in the future as all department personnel have a voice in helping to shape the areas of risk and the priority that they are assigned (Hutto, 2009). Cicero, Illinois is a western suburb of Chicago that lies adjacent to the citys western border. While its 2010 census population is approximately 84,000 the large population of undocumented residents brings its residential population to a figure closer to 100,000 and many

Running Head: PROTECTING THE PROTECTORS

more when the numerous industrial facilities are open during normal operating hours. The police department numbers 142 officers of which 35 are supervisors with the rank of sergeant or above leaving 107 officers to fill positions in the patrol, investigations and gang/narcotics divisions. As with many large suburbs of cities like Chicago, Los Angeles or New York they share many of the same problems that are faced by their big city counterparts including gang activity, homicides, robberies and burglaries. While the Cicero Police Department does not share the exact same risks in frequency or probability as the neighboring Chicago Police Department they do have much more in common with them than with the police force in an economically elevated suburb in far western Kendall County 50 miles west of Chicago which does not possess the same criminal activities as Chicago or Cicero or the same prevailing legal climate which also plays a role in the risks faced by a police department (Archbold, 2005). When considering the risks that are present for the officers of the Cicero Police Department it is apparent where these events fall into the frequency and risk spectrum. The below information is an attempt to asses some of the risks faced by the Cicero Police Department and the actions in place to mitigate the impact of these risks. These risks are among the many faced by the department; reflect their severity and frequency as well as any steps that the department has taken towards mitigating the risk based upon the policies and records of the Cicero Police Department. Officer involved shooting high risk/low frequency o There have only been 6 such incidents over the previous five years resulting in no fatalities for officers or suspects. Four of these incidents have involved suspects being fired upon after using a vehicle as a weapon directed at an officer. Such incidents are mitigated by procedures to increase officer safety, policies and laws

Running Head: PROTECTING THE PROTECTORS

regulating use of force as well as internal and state police investigations into each incident. Complaints of excessive force high risk/high frequency o Such complaints are commonplace for a department as large a Ciceros and with nearly 3,000 annual arrests according to the Cicero Police Departments Records Division. While informal complaints are frequent, formal complaints with the Internal Affairs Division are not as common and most result in a finding that supports the officers actions. In 2010 only 8 complaints of excessive force proceeded further than an investigation, and of these only 1 was not disposed of by a settlement. While these complaints have a potential to cost a municipality large sums of money, insurance policies help to alleviate these costs and officers adherence to use of force training and laws ensures that their actions are appropriate. Motor vehicle accidents high risk/low frequency o Accidents are a surprisingly uncommon event considering that a police department operates a fleet of vehicles that are on the road 24 hours a day 7 days a week. Such police operations also involve the high speed response to in progress calls that increase the risk of an accident in such a crowded urban area as well as round the clock operations in all weather conditions. Given these factors there is an increased risk of an accident involving serious harm or death as well as a large financial loss. In order to reduce these risks and their potential losses, supervisors are responsible for monitoring their officers conduct while responding to calls, regular checks of officers driving records to check for

Running Head: PROTECTING THE PROTECTORS

violations and license validity and having a full time employee whos responsible for the upkeep and maintenance of the vehicles in the fleet. Unauthorized release of information low risk/low frequency o The operations of a police department frequently involve the obtaining of persons sensitive identifying information or criminal/driving histories. Due to this widespread use there is the chance that information that is not properly secured or disposed of could accidently be released or obtained by someone outside of the police department. The risk of this is relatively low in that the information is information that is available through internet sites or data bases and the number of people with access to the areas in which the officers handle this information is also very low. Regardless of this the department does have policies in place that are meant to safeguard peoples information and protect the department against liability for such a breach. Detectives and gang unit officers are expected to secure case files in their desks each day and not to leave files or other information lying about on their desks when they are out of their offices. Patrol officers are not allowed to leave the secured front desk area with criminal history or driving record information and there is a specific garbage can in that area just for the proper disposal of this type of information. Prisoner escape high risk/low frequency o Having persons detained in a police facility either charged with or waiting to be charged with criminal offences would make the prospect of escape a very real risk especially when considering the safety risks to the community that surrounds the police station. Even with this risk this is an event that has happened only twice in

Running Head: PROTECTING THE PROTECTORS

the last five years and both subjects were apprehended within a few minutes. The opening of the new police station in 2008 addressed gaps in security at the old station that made a prisoners escape a more realistic possibility. Physical security designs have made it so that a prisoner is taken from the transporting vehicle inside an enclosed sally port and taken immediately into the lock up area through two secured doors. These doors both require a computer coded pass card to open and the two doors from lock up into the station also need a four digit code entered before the doors will open. Policies at the new station also ensure that all areas of the lock up are under constant video monitoring from both the lock up control room and the watch commanders desk at the front of the station and that all prisoners not being moved within the lock up are to be secured in a cell or to a handcuff secured to the wall. While the above listed risks are but a small sampling of the risks faced by the Cicero Police Department and law enforcement agencies across the country. These risks are faced on a daily basis and affect everyone within a police department therefore it is important that everyone within the department understand the elements of the risks that are faced and how they can impact them. As pointed out by Hutto having everyone involved in the risk process creates a sense of buy in with risk management in their department as well as how practices and policies that are in place help to protect them and diminish the risk to them as officers from both a potentially financial risk as well as risks to their personal safety (2009). Considering the risks involved in policing today and the potential for loss associated with police work it is surprising that more departments do not have an established risk management process or team who work constantly to protect officers, departments and municipal governments.

Running Head: PROTECTING THE PROTECTORS

References Archbold, C. (2005). Managing the Bottom Line: Risk Management in Policing. Policing, 28 ASIS International. (2005). Business Continuity Guidelines: A Practical Approach for Emergency Preparedness, Crisis Management and Disaster Recovery. Alexandria, VA. _______________ (2003). General Security Risk Assessment Guidelines. Alexandria, VA. Bowman, D. (2003). Comparing Law Enforcement Accreditation and Private Security Standards. Journal of Security Administration, 26 (1). 17-26. Chabot, R. & Barker-McCardle, J. (2008). Essex Police Authority & Essex Police Joint Risk Management Strategy 2009-2012. London. Essex Police Authority. Cicero Police Department. (2011). Cicero Police Department Policy and Procedure Manual. Commission for Accreditation of Law Enforcement Agencies. (2012). Two Risk Management Studies Support Accreditation. Retrieved from: www.calea.org/content/two-researchstudies-support-accreditation.html Cukier, W., Cheshak, T. & Rodrigues, S. (1997). Quality Assurance, Risk Management, and Audit in Canadian Police Services: Current Status and Emerging Trends. Toronto: Ryerson University. Hutto, J. (2009). Risk Management in Law Enforcement: A Model Assessment Tool. (unpublished dissertation) Texas State University: San Marcos, TX. International Association of Chiefs of Police. (1998). Police Facility Planning Guidelines: Desk Reference for Law Enforcement Executives. Police Executive Research Foundation [PERF]. (2011). Managing Major Events: Best Practices for the Field. Washington DC: PERF. Price Waterhouse Coopers. (2007). Business Risk Assessment. [Power Point Slides]. Retrieved from: