The concept of risk management is now familiar in various institutional contexts, including health, criminal justice, national security, and business. In the sphere of policing, risk management initiatives seek to address some long-standing inefficiencies in police practice. As such, it is an umbrella concept that subsumes both a new orientation to the job of policing as well as a number of specific policing projects.

The risk management framework is usefully contrasted with several attributes of the traditional crime fighting model. That approach is characterized by a reactive ”call for service” orientation where officers spend most of their time being dispatched to an eclectic array of incidents that prompt calls to the emergency 911 system. Officers often arrive on the scene only long after a crime has occurred, making the entire approach subject to the criticism that it resembles closing the barn door after the horse has escaped. Moreover, over periods of weeks or months, officers can make several return visits to particularly troublesome locations without ever resolving the problem that is at the root of such repeat calls. While this reactive model still represents the type of service that citizens expect from their police, it is increasingly criticized for being a highly inefficient use of resources. Blame for this failure is often directed at the police tendency to prioritize the use of criminal law and criminal justice institutions, both of which are now recognized as being rather blunt and ineffective tools for modifying human behavior and reducing crime.

Risk management, in contrast, approaches crime in a manner that is reminiscent of an insurance model (Reichman 1986). It explicitly focuses on anticipating the likelihood of future untoward eventualities and developing prospective initiatives to manage those risks. In such an orientation most crimes are recognized as being rather mundane and resulting from the contextually specific actions of unremarkable individuals. Crimes, therefore, are not considered to be the acts of morally reprehensible criminals that violate deeply held sentiments. All but the most spectacular (and rare) crimes are increasingly approached as being amoral; that is, they are predominantly understood to be negative eventualities that can be prospectively guarded against or eliminated through a combination of expert advice, insurance, environmental design, and anti-crime technologies (O’Malley 1992). In the process, anticrime initiatives start to resemble how most individuals mitigate the prospect of a car accident.

Risk management is consciously proactive in that it involves attempts to anticipate the statistical likelihood of untoward events and to prospectively mitigate or eliminate those risks. One of the most significant developments of this orientation is that it privileges the place of information work and data analysis in policing. While police still occasionally investigate spectacular crimes and capture notorious criminals, the reality of everyday police work is much more mundane. Officers spend much of their time simply collecting and processing data about assorted low-level incidents on myriad official forms and databases. While individual officers often resent such work, this police-initiated process of social enumeration generates knowledge that is vital to risk management initiatives. Because risks are typically understood to entail some form of statistical probability, it is necessary for officials to have accurate and timely data that would allow them to construct risk profiles and develop appropriate policies (Ericson and Haggerty 1997).

Only a fraction of the information that officers accumulate, however, is required to process offenders through the courts. Most is collected on behalf of a network of public and private agencies such as customs, immigration, alcohol and drug research centers, and insurance companies. These institutions use police-generated knowledge to fashion programs to manage the risks posed to different populations and client groups. Hence, a significant portion of the risk management work of the public police involves collecting a plethora of data on behalf of risk management institutions external to the police.

A quite different development characteristic of the risk management approach is that the mandate of the public police starts to expand beyond ”law enforcement” to include ”security provision.” This change entails an important reconfiguration of the police role. It provides the police with a much wider ambit of expertise than is typical of their ”law enforcement” mandate, as officers are now expected to offer advice on how to manage a host of additional eventualities that are only tangentially related to crime including urban disorder, fear, and quality-of-life issues. These initiatives assume many different forms, such as having officers sit on urban planning boards, give lectures to schoolchildren, and encourage community groups, corporations, and individual citizens to take steps to enhance their security. Much of this guidance involves persuading citizens to take responsibility for their own security by capitalizing on the security expertise of other private and public institutions and to use assorted security services and technologies.

In the process the traditional emphasis in police culture on using the criminal law to try to resolve any and all problems is displaced in three distinct ways. First, criminal law becomes simply one among many forms of risk management. Intelligence-led policing, for example, entails efforts to capitalize on statistical knowledge about the patterns and regularities of criminal events and to deploy officers pro-spectively to specific areas at particular times that are known to be problematic. In such an orientation law enforcement is not conceived of as an end in itself, but as a means to manage the crime risks characteristic of certain geographic locations. Second, the criminal law is also displaced as alternative legal regimes are recognized as providing potentially useful ways to manage risk. This is particularly apparent in efforts toward addressing urban disorder problems through administrative and regulatory law and in attempts to employ the considerable powers vested in contract law to manage public housing problems. Third, risk management approaches often forgo the criminal law entirely in order to mitigate security risks through advances in urban planning and design. This forges a tight connection between risk management efforts and the criminological focus on microengineering local environments to reduce the risk of crime and disorder (Felson 2002).

The emphasis on capitalizing on aggregate knowledge in developing risk management regimes also encourages the greater embrace of new information and surveillance technologies in policing. Such devices are not used simply to monitor individual offenders, but are also key in allowing officers to collect, manage, and exploit the information they collect, and to communicate risk knowledge to appropriate audiences.


There are also a series of questions about the assumptions and practices of the risk management model. One important issue relates to the degree to which risk management initiatives actually live up to their statistical, quantitative, and actuarial pretensions. Much of what passes for risk management can actually be developed in the absence of statistical knowledge of risks (O’Malley 2004). Part of the reason for this is that many events that police agencies try to manage are sufficiently rare or unique that there is no opportunity to collect the baseline data necessary to create statistical profiles. Even in those situations where the police do collect a great deal of information, however, another potential problem arises. In particular, the proliferation of statistical knowledge about various routine events creates an opportunity for police officials and politicians to selectively draw from such studies to legitimate programs and policies that have been developed because they cohere with local political priorities or institutional preferences. In such situations the police fail to live up to the type of objective model of policy development that the risk management paradigm suggests.

Concerns about the objective and actuarial basis of risk management initiatives also encourage a reconsideration of the claim that risk management programs are amoral. Rather than security risks being treated as amoral eventualities, it is more accurate to suggest that a re-moralization of crime and deviance is occurring. Moral considerations, for example, inform what risks are selected as warranting official response and the nature of that response. Risk management also prompts new forms of moral evaluation of citizens who might not live up to their responsibilities for managing their own risk profile.

The claim that risk management initiatives are proactive whereas crime control approaches are reactive also needs to be refined. In fact, both crime fighting and risk management efforts have forward-and backward-looking dynamics. The forward-looking dimension of risk manage-ment—which entails attempting to predict the future likelihood of untoward eventualities—is itself predicated on the analysis of historical data about prior events. Likewise, although crime fighting efforts clearly involve reacting to prior incidents, the entire justification for the crime-control response has always entailed a forward-looking desire to prospectively reduce crime through some combination of deterrence or incapacitation.

In conclusion, it is worth emphasizing that the risk management orientation exists alongside and often builds on other policing models and initiatives. Some longstanding police practices have been supplemented by the risk management focus, whereas others have been reconfigured as a form of risk management. Policing remains a multifaceted endeavor that cannot be neatly captured by any prevailing model of police practice.

Next post:

Previous post: