of Risk Management
D. Ashley, M.S., M.L.S., MFCI, ARM
is Risk Management?
Risk Management is a "process for managing the risks that you
can identify -- and insuring those you can't manage." It uses accepted
managerial techniques in order to preserve the assets of the organization or
entity. The Risk Management process is comprised of two separate, but
equally important components, risk control and risk financing.
Risk control involves identifying the organization’s risk
exposures, examining the various alternatives available to either eliminate
those risks that can be eliminated or mitigate the effects of those that can
not be eliminated, selecting the best alternative or combination of
alternatives to deal with each risk exposure, implementing the chosen
techniques, and monitoring the process for the purpose of altering or
improving the program based on the observed results. Risk financing is the
method or methods by which an organization chooses to pay for those losses
that result from the various risk exposures the organization faces.
Because the decision as to how to finance losses is generally left to
the elected officials within each particular municipality, you (and your
department’s administrators) will have little control or influence on this
aspect of the risk management function. The area where your efforts will
best impact, where your influence and control will be felt, and noticed, is
in the risk control arena. For this reason, the remainder of this article
will focus on the risk control aspects of your municipality's overall risk
Definitions – Terms to Know
Before proceeding further, it is important that we all know and
understand the terms and their meanings, as used frequently within the risk
An exposure is any circumstance, item or situation that has the potential to
cause a loss.
actual expenditure as a result of an incident. An expenditure does not
necessarily require a monetary outlay. The lost service of an employee is a
degree of likelihood that a loss will occur.
condition or situation that has a high probability of causing a loss.
An occurrence with a potential for a resulting loss.
formal notification that an incident has occurred.
LOSS: A loss arising when an individual or organization files suit alleging
wrongdoing. A loss is incurred whenever funds are expended as a result of
the lawsuit—to investigate or defend the suit, and to pay a settlement,
judgment or award—whether the suit has merit or not. A loss results
irrespective of any judgment or award.
Dispelling the Myth
All too often, people mistakenly believe that risk management is
something created by, and for the benefit of, insurance companies. Nothing
is further from the truth. Controlling risk is a management function,
created by management to reduce its need for, or reliance on, traditional
commercial insurance companies as the sole means of paying for losses.
In fact, most professional risk managers judge the success of their
efforts based on the amount of insurance they are forced to purchase after
implementing their program. The less insurance they need, the more
successful their efforts. The theory is that although risk cannot be
entirely eliminated, the frequency and severity of those losses that do
occur can be minimized. This, in turn, allows the organization to finance
losses by alternative methods such as retaining them rather than by paying
the seemingly exorbitant premiums charged by traditional commercial
insurers. The entity can invest the monies saved or use them to grow and
expand the organization. This philosophy is completely compatible with the
needs of municipal government. With more tax dollars available, the
municipality can more effectively, with increased cost efficiency, provide
the services the community has come to expect. The increased savings can be
used to purchase patrol cars, increase manpower, pay for sidewalk
reconstruction, or finance any other priority item.
Due to this increased awareness of the need to manage risk, many
public entities are joining together to form risk management pools, which
are very unlike traditional commercial insurers.
Most pools are tax exempt, non-profit, quasi-governmental
organizations that provide insurance type coverages and services by way of a
joint arrangement. Participating municipalities "pool" their funds
to cover each other's losses by group purchase of insurance coverage,
thereby avoiding the prohibitive premium prices charged to individual
municipalities by commercial insurers.
Its very much like buying wholesale.
For this reason, it is to everyone's benefit to contain and control
losses. For risk control practices to provide maximum benefit to all pool
members, all members must aggressively participate in the risk control
As a police professional, you are a risk manager. You train for and
manage the hundreds, or thousands, of interactions between yourself and the
public, and you do this on a daily basis. These interactions all carry the
potential for litigation, but more importantly they create the possibility
of injury to you, your fellow officers or citizens. It is your
responsibility to train for and manage your daily activities in such a
manner as to maintain the lowest possible chance of loss. That's the bad
news. The good news is that, if
your municipality is a member of a risk management pool, you're not in this
Until recently, police professionals in pool member municipalities
had nowhere to turn for advice, input, or direction on ways to manage their
department's unique exposures. However, many pools are committed to
providing the best possible coverage at the lowest possible price and
believe that the risk control function will assist in achieving these goals.
In some pooling organizations, this has led to the creation and funding of
specific law enforcement risk control efforts. Now, through the development
of a strong, long term relationship with your law enforcement risk control
specialists, many law enforcement officers, trainers and administrators have
a resource available through which information and recommendations can be
obtained. Through this relationship many benefits and advantages can be
achieved. Primary among these benefits is the opportunity to provide input
that will affect the decisions made concerning the type and nature of
services provided, specially tailored to your department's needs. Through a
cooperative effort, by everyone working toward the same objective, you will
greatly impact the amount of losses your department, and thus your pooling
Where to Start?
Before you can take positive steps to reduce your risk exposures, you
have to know what risks you face. You must analyze and identify the areas
within your day-to-day activities that hold the potential for causing
losses. This can be done in a variety of ways, many of which your law
enforcement risk control specialists are ready and able to assist you with.
At the management level, exposures can be identified by examining past loss
experience and histories, on-site surveys, questionnaires, and by consulting
with experts both from inside and outside your department. The
identification process is the most important step in any concerted risk
At the line level, exposures are best identified by you, the officer
on the street. Do this by
examining the tactics and techniques that you employ in managing people and
situations. Think about your
attitude, your approach to people, and the “vibes” that you give off.
Review your department'’ risk management techniques.
Work within these efforts to manage your personal, and therefore your department’s, risk of injury, property damage, and litigation.
Of the various identification techniques available, on-site risk
assessment surveys conducted by your pool’s law enforcement risk control
staff members, and a review of loss "runs" or histories provide
the greatest amount of insight into those exposures unique to the delivery
of police services, and identify trends or patterns within your department
that may be cause for concern. Loss histories, which can be provided by most
pooling organizations, document not only the severity (cost) of past losses,
but the frequency with which they occur. If your agency or department does
not have a significant history of losses, much valuable information can be
gleaned from examining loss histories of comparable agencies or
Frequency vs. Severity
By looking at past occurrences, we frequently can predict future
events. By examining how frequently a loss-causing situation has occurred in
the past, we can predict with a certain degree of accuracy how often it will
occur in the future. By reviewing the cost, or severity, of prior losses we
can make an informed decision as to which conditions deserve priority
attention and how best to finance the larger losses.
When reviewing loss histories your managers will quickly discover
that, fortunately, there is usually an inverse relationship between
frequency and severity. Those events that occur most frequently tend to be
less severe in nature. Conversely, the most severe incidents
occur much less
frequently. With enough experience, or history, an analysis will further
show that based on the frequency with which events occur a reasonably
accurate forecast as to the severity of future losses can be made. That's
the good news. The bad news is this creates another problem that police
officers, trainers and executives must deal with.
Statistically we know that frequency predicts severity. The issue,
then, becomes one of foreseeability. If an event is predictable, is its
future occurrence foreseeable, in a legal sense? And, if it's foreseeable,
do we have a duty to act? AND, if we fail to act, are we behaving in a
negligent manner? The answer to all of these questions is most probably Yes!
The courts often refer to this as being on "notice". Stated
simply, you knew, or should have known, that a particular event or
occurrence would take place. Courts have further ruled that if the need to
take action is obvious, failure to act demonstrates a "deliberate
indifference" towards the civil rights effected citizens. In other
words, if something is foreseeable, if it is predictable, if it is likely to
occur, it cannot be ignored as a potential problem.
Beyond the potential for litigation when a critical situation is left
unresolved, is the likelihood of officer injury as a direct result of a
department’s failure to deal with such a situation (lack of or improper
training is a good example). Not
only do sound risk control practices insure a higher level of officer safety
and result in cost savings to the municipality, but they are also, in some
instances, required by contemporary court decisions.
Risk Control Techniques
Once your risk exposures are identified, the next step is to choose
the technique, or combination of techniques, best suited to effectively
eliminate or control the exposure. There are five basic risk control
techniques. Some can produce the desired results in and of themselves,
others work best when used in combination, dependent on the particular
exposure being dealt with. These
five basic techniques are defined here:
AVOIDANCE: Voluntarily choosing to no longer participate in the
activity that creates or causes the loss. If you no longer provide the
service or perform the function that created the loss exposure in the first
place, you are no longer faced with the exposure. Examples of risk avoidance
would include disbanding a SWAT team or canine unit, refusing to allow
civilian ride-alongs in patrol cars, prohibiting misdemeanor pursuits, or a
prohibition on the carrying of blackjacks or sap gloves.
enforcement, risk avoidance is not always an option. There are some things
we just have to do, but it is nonetheless a desirable technique where its
implementation does not significantly interfere with the delivery of vital
and necessary police services.
OF LOSSES: Prevention involves measures or activities undertaken
before a loss occurs, in an attempt to prevent the loss-causing event from
happening, or to render its impact less significant. Examples of preventive
measures are the creation and implementation of sound policies that provide
appropriate guidance to line level officers, continuous and on-going
in-service training, patrol cars equipped with prisoner screens, and the
issuance of latex gloves for the prevention of infection. The primary
objective of loss prevention is to reduce the frequency with which the loss
causing event occurs.
OF LOSSES: Reduction techniques can be implemented either before or
after a particular loss occurs, in an attempt to reduce the amount of the
loss or damages that may result. Sprinkler systems, fire extinguishers, soft
body armor, and vehicle safety belts are examples of reduction measures.
These activities are intended to minimize the potential severity of loss.
They do not prevent the loss causing event from occurring.
OF RESOURCES: This technique actually consists of two separate
elements—duplication and separation, both having substantially the same
goal: to segregate the agency's resources so that no one event can
significantly impair the overall operation of the organization. Basically,
segregation involves not placing all your eggs in one basket.
involves the use or creation of spares or backups, to be used only in the
event the primary or original item is damaged or destroyed. Examples of
duplication are tape backups of computerized data, spare patrol cars left in
reserve, or an Emergency Operations Center (EOC) housed in another location
that is only utilized if a power failure or natural disaster renders the
primary communications facility inoperable. These items for the most part
sit, unused, until after a loss occurs. Duplication efforts are intended to
reduce the severity of potential losses because the department can still
function, although possibly with less efficiency.
is similar to duplication in that facilities, operations or items are
duplicated in other locations. The difference is that these facilities or
items are used on a daily basis. Examples of separation would be the
creation of precincts or mini-stations that provide full service on a daily
basis, and can serve to take up the slack in the event the primary location
becomes disabled or inoperable. Separation also targets potential severity,
but because of its daily usage, can actually increase the frequency of
OF RISK: Transfer techniques are used to transfer, or move, the risk
from one party to another. The most common examples of transfer strategies
are the use of waiver forms, hold harmless agreements, insurance policies,
and contracting with others for services such as prisoner transports or
lodging. Ideally, to receive maximum benefit from transfer arrangements, the
organization strives to transfer both legal and financial responsibilities
for an incurred loss, although this is not always possible.
Implementing an Effective Risk Control Program
With an understanding of risk control fundamentals it is now possible
for you, the police professional, to begin to design and implement a
personal risk control program tailored to your individual needs.
When planning how best to implement your risk management effort, it's
important that you never lose sight of the fact that effective risk control
practices involve more than just litigation avoidance. Of primary importance
is officer safety and survival. A program that is founded on this premise
will not only encourage officers to work safer and smarter, but will also,
because of an obvious overlap in the issues that create both injury and
liability, significantly impact liability concerns.
While researching the losses incurred by your department you will
probably find that you and your officers are getting hurt in the process of
creating liability. The same
things that cause officers to get hurt cause many of the civil suits we are
forced to defend. Police officers are routinely involved in inherently
dangerous situations, they carry a variety of weapons that can injure or
kill, they drive cars at high speeds, and they have to take violent or
resistive subjects into custody. All of these activities can result in
officer injury or litigation. It
is entirely that a concentrated effort to reduce the potential for officer
injury will positively influence your liability exposures. The law
enforcement profession has, however, routinely placed a greater emphasis on
avoiding liability. Not only has this failed to work, but it has also
resulted in the loss of the valuable service of some of our best and
brightest officers. We must, therefore, shift our emphasis, and implement a
risk control program based on a top-down initiative. All levels within the
agency, beginning with the chief executive, must be sold on the need and
value of such a program, and encouraged to implement and practice sound risk
control measures in all of their daily encounters with the public.
Police executives, supervisors, and line officers must feel a sense
of ownership in the program. They must all feel they have participated in,
or been allowed the opportunity to provide input into, the decision making
process that led to the development and implementation of the program.
At the executive level, managers must willingly take responsibility
for oversight and control of the program by developing sound procedural
documents and by providing crucial in-service training in critical skills
areas, and supervisory training to the agency's middle level managers.
At the supervisory level, employees must accept responsibility for
oversight of line officers' daily activities to ensure that they conform to
department policy, and are performed in a manner consistent with the
agency's approved training. Supervisors must also communicate with police
executives concerning the effectiveness, or continued feasibility, of the
chosen techniques, policies, training, or programs.
Finally, if risk control techniques are to be effective, line level
officers need to believe in the principles on which they are founded, so
that the basic concepts are appropriately translated to the streets. They
must understand the need for and comply with requirements to report all
relevant and important data, so that activities can be monitored and
measured against the intended goals of the risk control program. Without the
line officer's feedback, it is impossible to monitor the risk control
program and make necessary and appropriate adjustments to enhance and