Gordon Graham: The “Go to Guy” for Understanding Risk Management in Public Safety

By: Robert Avsec, Executive Fire Officer

I first heard Gordon Graham speak about risk management in the realm of public safety many years ago when he was the keynote speaker at the Mid-Winter Conference of the Virginia Fire Chiefs Association. From that moment I became a true believer in one of Graham’s core tenets “Predictable is preventable,” along with his concept of evaluating risk in public safety by asking two key questions:

  • What’s the level of risk for an activity or operation?
  • What’s the frequency for that risk?
Graham is a 33-year veteran of law enforcement who “made his bones” in the California Highway Patrol (CHP) where he rose to the rank of captain. While on the job, he earned a master’s degree in Safety and Systems Management from University of Southern California and a Juris Doctorate from Western State University (Yes, he’s an attorney!).

Beginning while he was a member of CHP, Graham used his education and law degree to develop his knowledge and skills as a risk management expert and has presented a commonsense risk management approach to hundreds of thousands of public safety professionals around the world.

Graham is also the co-founder of Lexipol, where he serves on the current board of directors (Lexipol provides mission-critical solutions—state-specific policiesonline training, mobile wellness resourcesgrant services and industry news sites—to help public safety agencies in improving the quality of life for all community members). 

Beginning in November 2017, FireRescue1.com (One of the many fine public safety websites hosted by Lexipol) began running a series of articles written by Graham. Whether you’re a reader who is familiar with the work of Gordon Graham, or someone for whom this is your introduction to Graham, this compilation of those articles should become part of your professional development “library.” So, let’s get started with the Editor’s Note from FireRescue1 that “kicked off” the series.

This article series is designed to introduce you to the concept of real risk management—an approach that goes way beyond a safety program to encompass the 10 Families of Risk and to demonstrate how better understanding these risk families can help you anticipate and mitigate the risks in your own organization. Whether this is your first introduction to Gordon Graham and risk management, or if you’ve been following his innovative approach for years, this series has something for every public safety leader. We encourage you to follow along as we publish additional installments.

10 Families of Risk

In this series of articles, Graham delves into what he refers to as the 10 Families of Risk for public safety agencies:

1. External risks

2. Legal and regulatory risk

3. Strategic risk

4. Organizational risk

5. Operational risk

6. Information risk

7. Human Resources (HR) Risk

8. Technology risk

9. Financial risk

10. Political risk

“The errors we’re going to make can be predicted from the errors we already made,” Graham said, paraphrasing the words of Archand Zeller. “Predictable is preventable.”

I’ve placed the articles in the chronological order in which they appeared on the FireRescue1 website, so you can more easily “get into the flow” as each of Graham’s articles as it connects to the next one in the series.

So, without further ado, here’s Gordon Graham in 15 “bite-size” pieces (Seriously, it only takes about 3-5 minutes to read each article. That’s another one of Graham’s endearing qualities: He knows your time is valuable and he writes accordingly!).

External Risks, Legal and Regulatory Risks, and Strategic Risks

Are You Biased When It Comes to Risk Management?

Public safety organizations in the U.S., especially law enforcement agencies, have been accused of “bias” quite a bit lately and there is a lot of sensitivity about how this word is used. Racial bias is a very hot topic, as is news media bias.

But Graham approaches bias as it relates to the bias he faces every time he talks about “real risk management.”

Are There Walruses in Your Risk Management Plan?

Graham begins his discussions about the 10 Families of Risk with External Risk to get his readers thinking about what specific risks apply to them and their organization in each of these families, and the necessary control measures that must be in place to address each of the identified risks.

Lack of Compliance Creates Instant Liability

Regardless of the type of public safety agency you work for, there are laws and regulations that control your existence as an organization. According to Graham, “I am always amazed (and simultaneously disappointed) when I see how many public safety agencies are not in compliance with these laws and regulations.”

Seeing the Future: How Strategic Risk Management Can Improve Your Operations

In this article, Graham takes on the subject of Strategic Risk when he states, “This family of risks is of great concern to me because if it is not taken seriously, it can threaten the very existence of your organization.”

Five Root Causes of Risk for Public Safety Agencies

Another of Graham’s tenets is the Five Pillars of Organizational Success which he conversely considers the Five Root Causes for many risk management problems that plague public safety organizations (Figure 1 below).

Figure 1. Original graphic by Robert Avsec.

Proximate Cause and Root Cause

In this piece, Real Risk Management: Getting to the Root of the Problem (April 2018), Graham provides an excellent overview of why he considers those to be root causes for problems that arise in public safety organizations.

The “People” Root Cause

In his next five articles, Graham discusses the first root cause, people in the organization, from the perspective of recruitment, hiring, and evaluating performance.

Public Safety Recruitment: A Job for Everyone

Why Employment Background Checks Are a Necessity in Public Safety

Evaluating the Probationary Employee

Performance Evaluations for Public Safety: Sowing the Seeds of Risk?

Making Public Safety Performance Evaluations Work

The “Policy” Root Cause

In, Good Public Safety Policies Support Good Public Safety People, Graham outlines why it is necessary for public safety agencies to have clear—and up to date—policies and procedures for everything that they do. And that those policies and procedures are congruent with all applicable local, state, and federal laws (And his dismay at how many organizations have policies that are not written, up-to-date, or that fail to comply with local, state, and federal laws).

The “Training” Root Cause

According to Graham in, 3 Stages of Public Safety Training, public safety organizations should address training as a root cause of risk from three perspectives: entry-level academy-based training, training provided to probationary employees (e.g., the field training officer (FTO) process in law enforcement), and continued professional training. But Graham cautions that those three different training methodologies must be designed to be complementary programs.

Figure 2. Original graphic by Robert Avsec.

Graham “piggy-backs” on that last article in, Thinking Critically About Public Safety Policy Training where he emphasizes the critical nature of providing ongoing training for every member of your agency throughout their career. For those who are familiar with Graham’s work over the last 40 years, you know his position on this issue. Every day must be a training day—and training must be focused, not random. You must train every day on the “core critical tasks” specific to every job description in your department.

FireRescue1 continued Graham’s series as 2019 began with, Learning from Mistakes – Before They Become Tragedies. According to Graham, public safety organizations would be best served to learn from events that don’t even cause a mishap resulting in a death or injury. “Call them errors, lapses, omissions or anything else you want, but if you have a “close call” you need to share it with the “group,” (e.g., fire, law enforcement, EMS organizations in your department and/or state). If Graham had his way, those “close calls” would also be entered in national databases for sharing on a national basis. If I had my way, close calls would also be shared on national basis.

The 4th Root Cause for Public Safety Risk

In, The Importance of the First-Line Supervisor in Public Safety Agencies, Graham speaks to the critical role of the first-line supervisor in regulating risk in high-risk occupations (e.g., the sergeant in your police department, the company officer in your fire department, or the field supervisor in an EMS agency).

“Show me a tragedy in public safety and I will show you a “proximate cause” of “X”—but the real problem lying in wait is all too often a supervisor not behaving like a supervisor,” Graham writes. “Or alternatively, a supervisor who tried to behave like a supervisor and was not supported by management and/or executive personnel.”

Graham continues his focus on the key role of the supervisor in a public safety agency with, Does Your Promotional Process Pass the Test? Before he delves into the subject, he poses a question for the reader: How does your department select, train, mentor, and develop its cadre of first-line supervisors, for both the uniformed side and the non-uniformed side of your agency?

Well, there are fifteen of Graham’s postings; only thirty-seven more to go! In the next part of this “Gordon Graham Anthology” we’ll begin with his discussion of the “5th Root Cause of Risk for Public Safety Agencies,” Discipline. Until them, remember “Predictable is preventable.”

About Robert Avsec, Executive Fire Officer

Battalion Chief (Ret.) Robert Avsec served with the men and women of the Chesterfield County (VA) Fire and EMS Department for 26 years. He’s now using his acquired knowledge, skills, and experiences as a freelance writer for FireRescue1.com and as the “blogger in chief” for this blog. Chief Avsec makes his home in Cross Lanes, WV. Contact him via e-mail, [email protected].