PHILADELPHIA – There is no better way to close out a conference than to hear the inimitable Gordon Graham address a full house of law enforcement professionals on risk management.
At the start of Graham’s session on the final day of the 124th International Association of Chiefs of Police Conference, he promised to deliver 10 steps attendees could immediately implement in their department to lower risk and improve officer safety.
If you’ve never seen Graham speak, know that he is one of the most entertaining, enlightening and educational presenters in public safety, whose unassuming appearance belies a master of wit and wisdom. Graham has dedicated his life to risk management, both in his 33-year career as a CHP officer and in his practice as an attorney.
He began his presentation with a provocative question: Why have we taken the broad spectrum of risk management and dumbed it down to being “safety stuff”?
“Risk is ubiquitous,” said Graham. “Everything you do both in life and law enforcement involves a level of risk. When you hire people, there is a level of risk. When you fire people, there is a level of risk. When you back up a patrol car, there is a level of risk. When you swear on an affidavit of warrant, there is a level of risk. I want to outline the breadth and depth of risk management to give you workable practices to take back to your agency so you can protect yourself, your department and your team.”
When risk managers study a tragedy, said Graham, they look for the cause. Understanding what causes tragedy enables agencies to design control measures and develop policies to prevent tragedies from happening again.
But there’s a problem: “We do not know jack about risk management and, worse than that, we think we do,” said Graham.
When a tragedy occurs, people tend to focus on the immediate event that precipitated the tragedy. For example, we blame the iceberg for sinking the Titanic, not the culmination of events that led up to that disaster.
“In any occupation, it is rarely a single incident that generates a tragedy, but a culmination of events,” said Graham. “While you can identify the proximate cause of a tragedy, you cannot build control measures on proximate causes alone.”
The practice of risk management identifies related contributory causes that were essentially “problems lying in wait,” said Graham, which people should have known about. Your daily and ongoing responsibility as a line officer, supervisor, manager or executive, is to ask yourself, what are your problems lying wait?
A cop with racial bias is a problem lying in wait.
A jail deputy who doesn’t understand policies is a problem lying in wait.
A street cop who doesn’t understand the Fourth Amendment is a problem lying in wait.
A supervisor who wants to be everyone’s best friend is a problem lying in wait.
A supervisor who lacks supervisory skill is a problem lying in wait.
Ignore these problems at your peril as they will align to create a triggering event that can be followed by tragedy and, when the post-incident investigation identifies the problems lying in wait, someone will have to be held accountable.
While identifying all potential problems lying in wait may sound overwhelming, Graham has collated the thousands of risks law enforcement faces every day into 10 families.
1. External risks
This is the most difficult family of risk you face, noted Graham, and includes risks as diverse as weather, pandemics, criminal street gangs, terrorists or train tracks through your community. Police agencies must ensure their disaster management plans are current and work with private corporations to ensure the same. Gordon explained to the audience that many multimillion-dollar industries have disaster plans grossly out of date, but in a disaster scenario, the media will hold first responders culpable for a mismatched, archaic response.
2. Legal and regulatory risks
Is your law enforcement agency in full compliance with laws and regulations? You can bet when lawyers start digging around in the aftermath of a tragedy, said Graham, that they will unearth examples of non-compliance.
Are you familiar with and understand laws like FMLA, ADA and the Pregnancy Discrimination Act? Few departments have the resources for a dedicated in-house counsel, but your average city attorney may not be the failsafe you think. While they may be able to offer advice on slip-and-fall cases, they know little about K-9 bites, said Graham. Be aware of specialist attorneys who will sue your department as they know everything about their practice area. Graham recommends smaller police agencies pool resources with neighboring departments to hire dedicated counsel for advice on legal and regulatory risks.
3. Strategic risks
Strategic planning is essential not only for the next year, said Graham, but the next 20-30 years. Agencies need to address issues on the horizon like regionalization, consolidation and privatization. And individual cops need to look out for their own future. One of the biggest mistakes you can make as a police officer is to not contribute to a deferred comp plan. Find the money any way you can, said Graham.
4. Organizational risks
Graham addressed several areas of organizational risk.
One of the biggest problems lying in wait (and not necessarily in wait anymore) is police recruitment. One solution is to decentralize our recruitment process, said Graham. If every cop on duty was encouraged to recruit one good cop, we could keep ahead of attrition. Just imagine the impact that same officer could have if they recruited one cop every six months or more.
Once you fix your recruitment plan, review your background investigations strategy: “Spend your money on comprehensive background checks. Many departments only do criminal background checks, but my recommendation is ongoing background checks, with full checks every five years, as some people go bad over time. Don’t wait until after a tragedy to find that out,” advised Graham.
Take performance evaluations seriously, as they are a great risk management tool. “Unfortunately, I’ve never met a law enforcement agency that takes them seriously,” said Graham. “Average employees get overrated so no one complains, but when we overrate personnel, we set ourselves up for failure.”
As for police training, it’s a joke in the U.S., said Graham: “You get hired as a cop, but after probation, if you chose never to promote, when do you next have to take a serious test?” A limited number of tasks are overrepresented in tragedies, showing the need for ongoing training in key areas.
5. Operational risks
We can teach cops how to do things, but we need to remember to teach them how to think, noted Graham: “We have to teach police officers how to manage the risks of specific tasks and incidents. Cops need a decision-making process, especially for low-frequency/high-risk events.”
Using a decision-making process he learned in law school, Graham suggests officers adopt the following 10-step, decision-making process:
- Identify what needs to be decided. (If perseveration of life is at issue, go directly to step 8.)
- Do I have time to think?
- Do I have jurisdiction?
- What does the policy say?
- Look at past practice to be consistent.
- Consider the ethics: Am I doing the right thing, not just am I doing things right.
- Use consequence analysis to understand the significant consequences if you don’t do things right.
- Make the call.
- Document as necessary.
- Learn something new and then share your institutional knowledge.
6. Knowledge risks
Do you have accurate information to make a decision? We can’t rely on luck to inform the decisions we make in law enforcement, you have to rely on process, said Graham.
7. HR risks
Human resources is an expensive risk management minefield for a law enforcement agency. Talk to counsel before making any employment law decisions, noted Graham, then let your HR department make the call.
A mandatory review of harassment policy with all employees should be part of the review process. Know what constitutes a hostile work environment.
8. Technology risks
All organizations, both public and private, face myriad risks when it comes to technology. Your department could be brought to a screeching halt by ransomware. You can no longer trust that the street cop with the most computer experience is the best candidate to consult on technology risks, said Graham. Who is your CTO? And are they really a CTO? Police leaders need to accept that their skill set is not technology. Find someone who is a techno expert.
9. Financial and reputational risks
Anything dealing with money is filled with risk. Your budget is filled with risk. Grant monies are filled with risk. Asset seizure funds are filled with risk. You need a solid process for all money issues, said Graham.
When it comes to reputation risks, police departments need a robust presence on social media not only to promote positive community engagement but to defend against accusations. It takes little more than three people bad-mouthing a department for the public to start believing disparaging comments. Being active on social media can help your department combat the rumor mill, said Graham.
10. Political risks
Finally, said Graham, stay away as much as possible from the fray of politics.
In closing
Attending a Gordon Graham lecture should be on every cop’s bucket list. Whether you are a police executive, supervisor or street cop, his risk management message resonates at every level. Until you have the opportunity to see him live, visit Graham’s Lexipol website to access a wealth of resources.