About the Author 

Malcolm K. Sparrow is Professor of the Practice of Public Management at Harvard’s John F. Kennedy School of Government. He is Faculty Chair of the school’s executive program “Strategic Management of Regulatory and Enforcement Agencies.”  

Professor Sparrow’s recent publications include:

  • Handcuffed: What Holds Policing Back & the Keys to Reform (Brookings Press, 2016)
  • The Character of Harms: Operational Challenges in Control (Cambridge University Press, 2008)
  • The Regulatory Craft: Controlling Risks, Solving Problems, and Managing Compliance (Brookings Press, 2000)
  • License to Steal: How Fraud Bleeds America's Health Care System (Westview Press, 2000) 

He served for ten years with the British Police Service, rising to the rank of Detective Chief Inspector. He has conducted internal affairs investigations, commanded a tactical firearms unit, and has extensive experience with criminal investigation. His research interests include regulatory and enforcement strategy, fraud control, corruption control, and operational risk management. He is also a patent-holding inventor in the area of computerized fingerprint analysis and is dead serious at tennis. He holds an MA in mathematics from Cambridge University, an MPA from the Kennedy School, and a PhD in Applied Mathematics from Kent University at Canterbury.

Book Description

How should we deal with societal ills such as crime, poverty, pollution, terrorism, and corruption? The Character of Harms argues that control or mitigation of 'bad' things involves distinctive patterns of thought and action which turn out to be broadly applicable across a range of human endeavors, and which need to be better understood. Malcolm Sparrow demonstrates that an explicit focus on the bads, rather than on the countervailing goods (safety, prosperity, environmental stewardship, etc.) can provide rich opportunities for surgically efficient and effective interventions - an operational approach which he terms the sabotage of harms. The book explores the institutional arrangements and decision-frameworks necessary to support this emerging operational model. Written for reflective practitioners charged with risk-control responsibilities across the public, private, and non-governmental sectors, The Character of Harms makes a powerful case for a new approach to tackling the complex problems facing society.


“I was amazed, reading Malcolm Sparrow’s book, at how powerfully a careful, focused definition of a problem can open the way to novel solutions. Often, Sparrow makes clear, what is needed is to reverse direction, from the general good to the specific harm. He shows how to do that, and how to proceed from there. It is a joy to read someone who, from experience, knows what he is talking about.” — Thomas C. Schelling, Distinguished University Professor, University of Maryland, Nobel-Laureate in Economics

Sparrow uses his skill in blending the academic and practical to help us decode the complexity and multi-dimensional character of risk and harm reduction. This inquiry is both broad and deep, and yet meticulous, full of great advice and replete with relevant examples. The analysis of organizational culture, structure, functions and processes hits the reader between the eyes. An indispensable read for practitioners, public administrators, CEO's, political advisors, and anyone else with a serious interest in the art and science of harm reduction.— Tony Dean, Cabinet Secretary, Ontario, Canada

The Virtual Book Tour was brought to you by HKS Library & Research Services. As of Spring 2019, our faculty video series is called Behind the Book. Contact us with inquiries.

Malcolm Sparrow:

Hello. My name is Malcolm Sparrow. I'd like to tell you a little bit about my latest book, which is called The Character Of Harms, Operational Challenges In Control that I just published. For 10 or 15 years I've been teaching mostly regulators who work for agencies of social regulation and what they all have in common, whether they come from police agencies, environmental protection, tax, customs, occupational safety, or any other social regulatory agency. What they have in common is that their agencies exist principally to control some type of social harm or risk. And that might be pollution. It might be trafficking in drugs. It might be terrorism. It might be corruption.

And one of the things that's been happening in the last three to five years is that quite a few folks who are not normally thought of as regulators have been showing up for the course or for the courses. They've been coming from public health. They've been coming from the not-for-profit sector, from the United Nations, from international nongovernmental organizations. I always ask them why they're applying for this course. They're not regulators. What makes them think that they belong? And many of them have said in the last few years, "Well, what you're actually teaching here is operational risk management or operational harm control." Or if you'd like a more generic phrase, the control of bad things. There's lots of organizations that are in the risk reduction or harm mitigation business who are not actually regulatory agencies, per se, and if the officials give that kind of explanation, we certainly welcome them to the class and we welcome them to the subject.

I am convinced now that the business of controlling bad things is a science or an art worth studying, worth understanding. A lot of folk take a different view. They'd say, "Well, the control of bad things is no different from the construction of good things. If you want to talk about controlling corruption, you could instead talk about promoting integrity. If you want to talk about controlling crime, you could talk about promoting public safety." But there are quite distinctive and much celebrated patterns of activity that we've been watching over the last decade or so, which really are distinctive and that require a very special focus on the bad itself.

And on the front cover of this book, you'll see a knot, because I've found the analogy of untying knots quite useful of late. If you give a knot to an adult who's developed all of the right cognitive skills on understanding and you watch the way that they behave, typically what they will do is look at it quite carefully and they don't leap into action. They study it and they look at it from this side and from that side, multiple perspectives until they really get a sense of the structure of the thing itself. As soon as they have that clear sense of the structure, then a plan is forming. Now they begin to understand, "Oh, I see. If I loosen this strand, it will release that one. And if I pass the whole ball of wax through this loop, then the whole thing falls apart." And if they've understood the specific structure of this specific knot well, then the whole thing disappears and often is no more.

By contrast, if you give the same knot to a child who hasn't developed the same cognitive skills and say, "Undo it," watch the way that they behave. Well, they don't pay such close attention. They're looking around, they're talking to their friends, they're immediately tugging and pulling and jumping into action. Typically will make things worse. And then we'll actually have to pass it to an adult to get it fixed.

I used that analogy recently in Canada and a very senior Canadian regulator came up to see me after my talk and said, "Well, that child, that's what my agency does. We have a generic approach. We jump into action. We don't pay particular attention to the structure of the thing itself. And as a result, we often feel after the fact that we just made things worse." And all kinds of agencies around the world are celebrating a new type of action where they organize around very specific concentrations of a risk, very specific objects, problem definition with some precision and then serious analysis of the defined problems so that they can basically take a bite out of the risk, substantial bites that count.

So this book's divided in two halves. The first half actually lays out as best as we understand it, what is distinctive about this pattern of activity? What does it mean to organize around specific concentrations of risk or harm and why is this different from functional organization and process management that government agencies on the whole understand really quite well? And then the second half of the book pays attention to some very special categories of harm or properties that specific harms can have that make them really awkward to control. In some fields these are referred to as wicked problems. One of the most common categories for instance is invisible problems where you don't know the underlying underlying scope of the issue and therefore what you see is only the piece you detect and that might be a tiny sliver of the underlying problem. Another category is catastrophic risks. Things that have very small probability but very high impact if they did ever happen, such as nuclear terrorism or a recent example, a category four hurricane finally hitting New Orleans with a direct hit.

People responsible for control in these domains have to give an account of their performance even when the number of events that happen year after year is typically zero zero, zero. All of the work has to be defined and divided and conducted way back in the realm of precursors to the risk itself. Another category that I look at quite closely is risks or harms that actually have a brain behind them, that exhibit adaptive behaviors and basically put you in a game playing role. Lots of risks have that character. Drug smugglers, thieves, terrorists, computer hackers, all of these are trying to understand the controls and deliberately thwart them.

A lot of other risks don't have that property. Most occupational hazards, if you eliminate them, or transportation hazards, if you eliminated those, they don't go searching for some new way to kill you. They don't display the same adaptive capacity. Some microbes, viruses and diseases, we have seen exhibit quasi-adaptive behaviors through the evolutionary process.

I think it's quite useful and interesting to look at these properties across many different professions rather than looking mostly at risks inside one profession, such as environmental protection or aviation safety, and never having these different domains talk to each other. A basic understanding of these common properties, I think, is part of risk control 101 and I hope that this book helps to establish that as a core art in public policy.