First Reference company logo

First Reference Talks

News and Discussions on Payroll, HR & Employment Law

decorative image

The role of ‘threat management’ within a workplace violence prevention and intervention program

A growing body of research suggests that serious acts of workplace violence are frequently precipitated by “warning signs” (i.e., less serious incidents and/or observable “behaviours of concern”). Perhaps the most famous example in the cultural consciousness is the continuing signs of mental instability exhibited by Seung Hui Cho for a number of months prior to perpetrating the mass shooting at Virginia Polytechnic Institute (“Virginia Tech”) in April, 2007.


In Canada, the recent shooting of four armoured car guards by a fellow guard at a major Canadian University appears to have been foreshadowed by disturbing comments posted by the perpetrator on social media sites, such as Facebook. The assailant in the more recent mass shooting at an Aurora, Colorado movie theatrewas a university student who had reportedly exhibited concerning behaviours referred to, but seemingly not followed up by, the institution’s Threat Assessment Team.

A common question permeating the intense media coverage accompanying each sensationalized workplace violence incident is, “could this tragedy have been prevented”?  The answer to this question often boils down to how well an employer or property owner is prepared to identify the early indicators of aggressive behaviour, and the extent to which identified threats are then assessed and managed before manifesting into serious acts of violence. This process is commonly known as “threat management”.

What is threat management?

In the context of violence prevention and intervention, threat management is defined as:

Actions taken to identify, assess and manage threats of violence whether such threats are:

  • directly reported/received
  • observed first hand, or,
  • discerned from the problematic or concerning behaviours/actions of individuals which can reasonably be interpreted as early indicators of future violence or threatening behaviour”

The objective of threat management is to allow the organization to identify potential threats of violence at the earliest possible stage to:

  1. facilitate action aimed at defusing threats before violence occurs, and
  2. enable a more effective response in the event of a violent act

Threat identification

The first step in threat management is the early identification of actual or threatened violence, as well as any problematic behaviours that could portend future violence. In order to bring threatening conduct to the attention of senior managers, the organization should develop practices and protocols to maximize the reporting of possible danger signs and troubling behaviours. In this regard, employees need to know what to report, when to report, how to report, and to whom to report incidents, complaints or concerns.

In many cases, incidents and behavioural concerns can be reported to a direct supervisor. However, provisions should be made to provide additional reporting lines in the event an employee wishes to report his/her concerns elsewhere within the organization. In its excellent resource guide, Workplace Violence: Issues in Response, the Federal Bureau of Investigation (2004: 24) sums up the importance of having a clear avenue for reporting:

To encourage reporting, employers can create a climate in which safety is accepted as a common goal for workers and management and all employees….feel free to report disturbing incidents or possible danger signs. [A] designated office or person to whom complaints are directed….can provide a concrete and clear venue for reporting.”

Workplace violence prevention and intervention policies should clearly define workplace violence as well as identify violent, threatening and disruptive actions/behaviours that will not be tolerated in the workplace. Taking this step will ensure that employees know what is not allowed and can be guided in the required action to be taken if they witness any of the prohibited acts or behaviours.

Organizations should implement the most appropriate system to facilitate timely and consistent reporting and recording of information.  To the extent possible, all complaints and reports should be received in writing.  The adoption of a centralized electronic database to record all violent acts, threats, behavioural incidents and complaints will ensure that the required information is captured in a manner that facilitates the ongoing identification and tracking of patterns of workplace aggression.

In addition to clear reporting practices and protocols, employers should also prioritize employee training. The training provided to front-line employees and non-supervisory personnel should address threat identification and reporting responsibilities, including:

  • Relevant excerpts from the workplace violence prevention and intervention policy
  • Identification and recognition of prohibited actions and behaviours
  • Conflict resolution, crisis diffusion and/or verbal de-escalation techniques, as applicable

In addition to receiving the basic employee training, supervisors and managers require additional training including:

  • How to respond to violent or threatening incidents
  • How to respond to complaints from employees
  • When to come forward to senior management with behavioural concerns that fall outside of the normal performance management and disciplinary process

Threat assessment

Once a threat has been identified the next step is to evaluate the potential for violence. The objectives of the threat assessment process are twofold:

  1. To evaluate the nature and extent of the threat itself
  2. To evaluate the person(s) who may pose a threat to workplace safety

The combined result is a fact-based, risk-proportionate judgement identifying the level of dangerousness posed by the threat source and the type of intervention, if any, most appropriate in the circumstances. Arriving at such an informed judgement is perhaps the most challenging aspect of any workplace violence prevention and intervention strategy.

In its recently-enacted standard, ‘Workplace Violence Prevention and Intervention’ the Society for Human Resources Management (“SHRM”) and ASIS International (“ASIS”) identify the establishment of a “Threat Management Team” as an essential cornerstone of effective threat assessment and violence prevention/intervention (ASIS/SHRM, 2011: 15).

In environments such as higher education and healthcare, such teams are commonplace in the wake of many high profile shootings and violent incidents. In other environments, however, the thought of an organized threat management team (or similarly named group) is often a foreign concept and this can hamper workplace violence prevention and intervention efforts.

Threat management team

A threat management team is defined in the ASIS/SHRM (2011: 3) standard as:

A multi-disciplinary group of personnel selected by an organization to receive, respond to and resolve reports of problematic behavior made under the organization’s workplace violence prevention policy.”

Broadly speaking, the threat management team is focused on three core objectives:

  1. To effectively identify, evaluate and manage a range of problematic or concerning behaviours (ranging from ‘inappropriate’ to ‘violent’)
  2. To bring together the appropriate tools and resources (including external stakeholders) to form a systematic, multi-disciplinary approach to threat management
  3. To actively coordinate, monitor and evaluate threat management activities across the organization

Many managers and senior leaders are wary of implementing or serving on a threat management team. Some senior managers are concerned about the liability they perceive to be attached to internal judgements about workplace violence threats. Other managers feel they are unsuited or unqualified to assess “violence-prone behaviour”. Whilst both of these viewpoints are understandable to some extent, they are not based on a clear understanding of the role of a threat management team and the potential consequences to the organization of failing to address threat management in a structured, defensible manner.

Threat management teams are typically comprised of management individuals from Human Resources, Security/Operations, Legal Department and other applicable stakeholders. Some larger organizations may have additional internal resources to act as team members such as health and safety professionals or counseling staff. In some small to mid-sized organizations the team could be comprised of two people.

The threat management team should be supported by a clear governance and operating framework that sets out the team’s mandate, authority and operating protocols. In addition to developing policies and procedures the threat management team should also be formally trained in threat identification, threat assessment and violence risk management. Such training should include:

  • Understanding of roles, responsibilities and lines of authority
  • Objective threat assessment techniques, including violence risk screening
  • Intervention and threat/incident management strategies
  • Case management and reporting requirements
  • Information-sharing practices

Incident (threat) management process

Once a report of an act/threat of violence or behavior(s) of concern is received (i.e., under the workplace violence prevention policy), the threat management team should gather to establish an incident management strategy.  An essential step to be taken at the outset of the incident management process is a “violence risk screening”. The ASIS/SHRM (2011: 3) standard defines a violence risk screening as:

The investigative and analytical process followed by a Threat Management Team to make a gross and general determination of whether particular behavior should be viewed as generating a concern for possible violence and therefore should be treated under an organization’s threat management protocol.”

As stated within the ASIS/SHRM (2011: 27; 29) standard, the violence risk screening is undertaken to assist the threat management team in determining the exigency of the threat and the appropriate initial actions required to counter any danger posed.  The initial risk screening should provide answers to the following questions:

  1. Is a concern for violence unwarranted, so that the incident can be handled (when involving an employee) within normal human resources, disciplinary, or employee relations protocols?
  2. Is some concern for violence warranted but not significant or urgent, so that the Team can continue with additional fact-gathering and its Incident Management process?
  3. Is a concern for violence urgent, so that emergency or urgent action should be taken, such as immediate consultation with a violence risk assessment professional or law enforcement?

Complaints and behaviours that are determined not to constitute a threat of violence can be addressed under the regular performance management or disciplinary process. If the threat is determined to be “non-urgent” the threat management team should gather initial information, conduct a violence risk screening and implement preliminary action based on the nature of any risk posed. Once such initial steps are taken, the threat management team should then perform a more thorough, continuing investigation and additional incident management steps should be taken as applicable.

In the case of an “urgent” threat that poses an imminent risk to personal safety, emergency response personnel and police authorities should be contacted and emergency response procedures should be implemented by the organization (ASIS/SHRM, 2011: 26).

A number of threats, once preliminarily screened by the threat management team, are found to fall somewhere between “urgent” and “non-urgent”. In many of these cases, an organization can benefit greatly from consulting with an external threat assessment professional to obtain a formal “violence risk assessment”. The ASIS/SHRM (2011: 3) standard draws a clear distinction between the internal violence risk screening and the external risk assessment.  A violence risk assessment is defined in the standard as:

“The investigative and analytical process followed by a professional qualified by education, training or experience to determine the nature and level of risk of violence presented by a person and the steps that could be taken to respond to, manage and mitigate the risk.”

The use of tabletop exercises by the threat management team to test the effectiveness of current or proposed threat management strategies and approaches is highly recommended.  Organizations should also develop a process for auditing the continuing effectiveness of its threat management program. Such a review can help to ensure the policy and procedures meet the evolving needs of the organization, its employees and community stakeholders.

History shows all too clearly that violent workplace incidents are commonly foreshadowed by some type of warning sign(s). Developing a capacity for the early identification and assessment of violence, threats and emerging aggression in the workplace provides the best opportunity for threat management and overall violence prevention. The recently issued ASIS/SHRM (2011) standard ‘Workplace Violence and Intervention’ is an excellent resource to support the development of an operationally-viable and legally-defensible workplace violence program incorporating a robust threat management process.

David Hyde, M.Sc., CPC
David Hyde and Associates

Follow me

David Hyde

Security and business risk consultant at David Hyde and Associates
David Hyde, M.Sc, CPC is a security and business risk consultant, author and educator with 26 years of broad-based leadership experience. He is principal consultant with David Hyde and Associates and in this role is a trusted advisor to a number of Canada’s top corporations on operational and reputational due diligence matters. Read more
Follow me

, , , , , , , , , , , , , , , ,

Comments are currently closed.

7 thoughts on “The role of ‘threat management’ within a workplace violence prevention and intervention program
  • David Hyde says:

    UPDATE: Around 9am this morning (August 24th, 2012) a disgruntled worker who had been released in a company downsizing returned to the workplace and shot and killed a co-worker outside the Empire State Building in New York. Police responded quickly and shot and killed the assailant. Nine bystanders were wounded in the process. The video clip available at the URL below is an interview with a workplace violence expert who refers to the need for Threat Assessment Teams in a workplace violence prevention program (at 1.58 of the clip). This tragic incident reinforces the points made in the article as well as the benefits of threat management……!3BC04F84-63F1-4A78-AD82-FD00869AAE2A

  • David,

    Wait a minute. Did you say 14 workplace homicides? As in fourteen? Wow! Two thirds by persons known to the victim and only 1 in 20 during robberies? It seems the experience of your violent neighbors to the south differs in both magnitude and distribution.

    In their excellent 2012 study Restrepo and Shuford analyzed the 542 workplace homicides in the US in 2009.

    69% were committed during robberies and similar crimes
    12% by coworkers
    9% by clients
    10% by relatives and acquaintances (5% each)

    According to the BLS in 2010 there were 518 workplace homicides, half as many as when the annual numbers first were recorded in the mid-1990s. At least we’re trending in the right direction.

    Thanks for the eye opener.


    Bureau of Labor Statistics (2011) Revisions to the 2010 Census of Fatal Occupational Injuries (CFOI) counts. Bureau of Labor Statistics: Washington.

    Restrepo, T. and Shuford, H. (2012). Violence in the Workplace. National Council on Compensation Insurance Inc: Boca Raton, FL.

  • David Hyde says:

    Just one additional clarification. From an occupational health and safety (OHS) perspective, the regulation of certain industries in Canada falls under a federal jurisdiction – examples include transportation, broadcasting and banking, as well as other federally regulated occupations/workplaces. Workplace violence statistics in the federal jurisdiction (i.e., under the “Canada Labour Code”) only represent one portion of the overall Canadian workforce and are recorded in a similar vein to the Provincial statistics.

  • David Hyde says:

    Mr. Brady,

    No offense taken and no apology required. I haven’t studied the rates of workplace homicide in the US in any great depth but my sense is that the statistics in Canada differ in several important ways. Firstly, we do not have a federal agency (i.e., OSHA) overseeing the broader issue of workplace safety. Instead, the regulation of occupational health and safety in Canada rests at the Provincial level. In the context of “national statistics” this poses a logistical challenge as different provinces define and record occurrences in different ways.

    In Canada, the national statistics on workplace violence (WV) are extracted from broader criminal victimization surveys. Overall WV statistics are an aggregate of three criminal offence types – physical assault, sexual assault and robbery. The most recent WV statistics available come from the 2004 CVS (criminal victimization survey) and were published in 2007. Some interesting facts:

    • Only incidents that occurred at a commercial or institutional location are included – thus WV incidents involving police officers, paramedics, bus drivers, taxi drivers and security guards, to name a few, are not represented.
    • Incidents occurring at residential settings are not included – this leads to the exclusion of violent incidents against home cleaning staff, home care workers, child care workers, etc.
    • An average of 14 homicides occur in Canadian workplaces each year (2001-2005)
    • 66% of homicides are perpetrated by someone “known to the victim”
    • Only 5% of workplace violence incidents were related to robberies

    There are other interesting findings reported in the 2004 CVS on workplace violence – link is below:

    Thanks again for your feedback and please keep reading First Reference Talks.


  • Mr. Hyde

    Very well said. I apologize for giving offense. Thanks again for your contributions to this important topic.

    While we’re on the line, do the rates and ratios of workplace homicide in Canada differ from those in the States?

    Be well.

    Michael Brady, MA, CPP

  • David Hyde says:

    Mr. Brady,

    Thank you for taking the time to post your thoughts about the article. I appreciate your perspective and agree with the views that you clearly and thoughtfully present. I do wish to share a few comments related to the conclusion that you appear to have drawn.

    I can say at the outset that the scope of “workplace violence” (WV) in my consulting work and in my professional writing includes the four commonly accepted “types” of WV and therefore encompasses both internal and external threats, including armed robberies and other violent crimes committed by non-employees.

    I decided in this post to focus on the role of “threat management” in a WV prevention and intervention program as it is a timely subject. The article clearly stakes out its terrain and is intended to address one important aspect of a far broader subject. For example, the article did not mention domestic violence in the workplace, but this in no way suggests that domestic violence in a work setting is not workplace violence.

    In this month’s post I made a conscious choice, with a limited word count, to focus on the role and function of threat management as this topic has been highlighted in a spate of recent high profile incidents. The extent to which the column applies or does not apply to external criminal threats such as armed robbery is a moot point as this is not the subject matter under discussion. Rather than viewing the column as “excluding” external crime threats I view it as addressing one (often overlooked) aspect of a broad, far-ranging and multi-faceted subject area.


  • Mr. Hyde,

    You are a thoughtful professional and skilled writer but your approach to this article shares a fault found even in the ASIS/SHRM workplace violence standard. In common usage the term “workplace violence” has come – incorrectly – to mean “workplace mass murder-suicide by a coworker acting as a pseudocommando.” Limited to that context your article’s approach to threat management is spot on. However, the fact remains that in the US most workplace killings (~70%) are the result of robbery-homicide and other criminal activity. Two-thirds of all workplace violence injuries in the US are inflicted by healthcare patients upon their caregivers and service providers. The traditional warning signs or behaviors of concern do not apply to robberies or a dementia patient biting a nurse. Perhaps the numbers are different in Canada, but here in the States if we’re going to ignore the majority of the incidents of homicide and violent injury at work perhaps we should give them their own conceptual and record-keeping categories. Of course, were we to strip homicides by conventional criminals from the workplace homicide category this new definition of WPV would represent a much reduced ~125 fatalities a year.

    Be well.

    Michael Brady, MA, CPP