Risk Management & Workplace Violence

Risk Management and Workplace Violence

Risk Management & Workplace Violence

By Craig S. Gundry, PSP, cATO, CHS-III

Workplace Violence: The Risk in Perspective

By comparison to many other security risks, workplace violence incidents are low-moderate frequency events and rarely result in lethal consequences. According to US labor statistics, workplace violence is only responsible for 18% of deaths in professional office and healthcare settings—less than transportation accidents or even slips and falls.[i] Nevertheless, nearly 2 million American workers report having been victims of workplace violence each year.[ii] For reasons of liability, productivity, and duty of care, it is important that all employers implement reasonable measures to mitigate the probability and impact of workplace violence incidents.

Most incidents of workplace violence are examples of impromptu violence, spontaneous and unplanned acts of aggression often happening in the heat of the moment.[iii] These types of incidents can range from verbal threats and oral abuse all the way up the continuum of aggression to physical assault and non-premeditated murder.

Of greatest concern from a risk management perspective are acts of intended violence (also referred to as ‘targeted aggression’) which result in a planned, premeditated act.[iv] Most acts of mass homicide in workplace environments are examples of targeted violence and result from progression on a ‘pathway’ of development over time.

Mass Homicide in the Workplace

Many individuals who perpetrate mass violence align with Dr. Park Dietz’s definition of a Pseudocommando.[v] Pseudocommandos often evolve from angry, narcissistic personalities and harbor perceived injustices as a grievance for revenge. Violent fantasies become a refuge for the pseudocommando’s damaged ego and provide a sense of power and control.[vi] Without intervention, this process may continue into obsession and escalate until violent fantasy becomes a template for action. If this pathway progression continues unabated until nihilism takes place, commitment to violence is affirmed and often commenced in a planned manner or initiated by a trigger event (e.g., termination, demotion, family crisis, etc.).[vii]

By contrast to other security threats and even incidents of impromptu violence, acts of mass homicide are extremely low in frequency and rarely does probability as a sole factor justify risk reduction. In most cases, it’s the potentially devastating consequences of an attack that warrant concern. Aside from the obvious and horrific impact of loss of life, active assailant attacks universally result in extended disruption of facility operations, loss due to reduced productivity, and diversion of leadership attention to crisis management. The duration of operational disruption can span months before police release the facility as a crime scene, cleanup and remediation are completed, and post-incident recovery activities have concluded.

In cases where the horror of the event is deeply imprinted into the psyche of the public, the facility may be deemed permanently inhabitable due to its presence as a reminder of the tragedy. Rather than repair and restore Sandy Hook Elementary School, Newtown Public Schools opted to demolish the building and build a new replacement school at an estimated cost of $50M.[viii] Similarly, Florida’s Marjory Stoneman Douglas High School Public Safety Act authorized $25 million to replace building 12 in Parkland, Florida. In the aftermath of the 2016 Pulse Nightclub shooting, the owner decided to permanently close the business as a nightclub and rebuild the site as a memorial and museum.

Depending on the organization’s responsiveness in managing the post-incident psychological consequences, the effects of an attack can easily result in an exodus of employees and long-term negative impact on workplace culture. In addition to psychological wounds suffered by victims of attacks, the trauma of mass violence can extend far beyond the local community with measurable effects of sadness and anxiety experienced vicariously by people nationwide.[ix]

When all risk factors are assessed in context, it is often the combined results of duty of care obligation (i.e., legal and moral responsibility for occupant safety), community perceptions and expectations, and the potentially catastrophic consequences of an event that warrant a balanced and diligent approach to risk control.

Risk Management Strategy and Workplace Violence

Effective risk management programs employ a multi-layered approach to controlling risk by reducing both the Probability and Criticality of events.

In the context of security risk management, risk probability is the result of Threat (an adversary with intent and capability to cause harm) and Vulnerability (the state of conditions that would allow the adversary to succeed in causing the risk event). Proactive measures aim to reduce Risk Probability by either reducing Threat or reducing Vulnerability. If proactive measures are implemented effectively, they may be successful in reducing Risk Probability, but there is always an element of uncertainty. To further reduce risk, reactive/mitigative measures should be employed to reduce the harmful effect of risk events (Risk Criticality).

In protective design theory, this concept of employing multiple layers of proactive and mitigative measures aimed at risk reduction is often described as concentric rings of protection. The following diagram illustrates this concept as it relates to workplace violence. The outermost rings of the diagram (colored in blue) represent proactive measures aimed at reducing risk probability. This is then followed by inner rings (red) representing mitigative measures aimed at decreasing the impact of events.

Workplace Violence Prevention Program

Workplace Violence Prevention (Proactive Measures)

Proactive risk management starts with reducing potential Threat. As a first step, measures should be employed where feasible to reduce the likely presence of violent perpetrators. One example is subjecting applicants to criminal record checks and carefully screening candidates for indications of previous behavioral problems. Next, measures should be employed to reduce potential conditions that contribute to the formation of violent intent or progression on the pathway of targeted violence. Measures such as reinforcement of positive workplace culture, providing access to employee assistance programs, and using management practices that reinforce employee dignity all contribute to reducing potential threat.

Other threat reduction measures aimed at reducing the likelihood of violence by nonemployees (e.g., angry customers, criminals, etc.) include training personnel in conflict de-escalation, ‘do-not-admit’ and trespass of threatening patrons, and presence of visible security measures as a deterrent to aggressive behavior.

To address the possibility of a dangerous employee already within our midst, threat assessment and management is our next line of defense. Extensive research over the past 25 years has established that most acts of targeted aggression by employees are precipitated by behaviors that if recognized and properly assessed can warn of potential violence and provide opportunity for intervention. Effective implementation of threat assessment and management as a protective strategy requires establishing a system for investigating and assessing threats, training supervisors to identify behaviors of concern, and managing potentially threatening situations before they result in violence.

If an employee of concern is terminated, procedures should be employed to ensure the safety of staff and best alleviate potential grievance. Some examples of safety measures include conducting the termination in a manner that preserves the individual’s dignity, scheduling terminations in the late afternoon, having security nearby, and avoiding early warning or breaks which provide an opportunity for retrieving a weapon. If concerns are substantial, additional measures may be justified such as severance pay or surveillance over the following weeks to monitor the ex-employee’s behavior and warn/intervene if the individual travels to the facility without an appointment.

Consequence Management and Workplace Violence

The aforementioned measures are often effective in reducing the probability of violence. But if measures employed to prevent attacks are unsuccessful or someone targets the facility in a manner that evades our proactive influence, physical security becomes the next line of defense. In the case of a convenience store, this may simply mean the installation of bullet-resistant glazing at the checkout counter. For organizations at risk of active assailant attacks, effective physical security is paramount in reducing the overall consequences of the event.

For best performance, physical security design should integrate Detection, Delay, and Response elements in a manner that mathematically reconciles the time required for an attacker to commence mass killing and the time required for detection and response by security or police.

If an event does occur, additional measures should be implemented to mitigate the impact of the risk event. This includes items such as early event detection and alert communications, emergency response plans and employee training, effective provisions for egress/escape, availability of safe refuge rooms, and the expedited response of armed security or police officers capable of effectively neutralizing an attacker before he/she can cause mass casualties.

Risk Management and Adversary Applicability

Obviously, not all risk reduction measures are equally applicable to all situations. Measures that may be necessary and justified in an office environment are often quite different from those in settings such as retail stores or hospitals. Risk management strategy should focus on relevant workplace violence risks in a manner that satisfies the organization’s risk appetite while tending matters of operational needs, culture, branding, and budget.

Below is a table describing the general relevance of measures in reducing different types of workplace violence risks using the FBI’s four-category classification system:.[x] 

    • Type I – Violent acts by criminals who have no other connection with the workplace, but enter to commit robbery or another crime.
    • Type II – Violence directed at employees by customers, clients, patients, students, inmates, or any others for whom an organization provides services.
    • Type III – Violence against coworkers, supervisors, or managers by a present or former employee.
    • Type IV – Violence committed in the workplace by someone who doesn’t work there, but has a personal relationship with an employee—an abusive spouse or domestic partner.
Workplace Violence Prevention Measures

ANSI/ASIS Workplace Violence Prevention and Intervention Standard as a Guide for Best Practices

For those seeking to develop or improve a workplace violence prevention program, the newly updated ASIS/ANSI Workplace Violence Prevention and Intervention Standard is a great place to start. The ASIS/ANSI standard (formerly ASIS/SHRM WVP.1-2011) “provides an overview of policies, processes, and protocols that organizations can adopt to help identify, assess, respond to and mitigate threatening or intimidating behavior and violence affecting the workplace.”[xi]

The measures outlined in the standard are largely universal and can be adapted to organizations of almost any size. Some of the items addressed include the role and responsibilities of stakeholders, needs assessment, elements of policy, threat assessment and management practices, critical incident planning, employee training, and more.

In early 2020, a multi-disciplinary committee of experts completed a two-year review and revision of ASIS/SHRM WVP.1-2011 including the addition of a new Active Assailant Annex. In an upcoming article, we’ll explore some of the key measures outlined in the standard and differences between the updated document and the previous edition.


Copyright © 2019 by Craig S. Gundry, PSP, cATO, CHS-III

CIS consultants offer a range of services to assist organizations in managing risks of workplace aggression and active shooter violence.  Contact us for more information.


[i] Census of Fatal Occupational Injuries (CFOI). Bureau of Labor Statistics. N.p. 2015. | Cited percentage of 18% is derived from analysis of 2015 workplace fatalities for NAICS categories Health care and social assistance, Professional and business services, and Professional and technical services

[ii] Workplace Violence Overview. Occupational Safety and Health Administration. US Department of Labor. N.p. https://www.osha.gov/SLTC/workplaceviolence/. Accessed 25 October 2017.

[iii] Calhoun, Fredrick, and Weston, Stephen. Threat Assessment and Management Strategies: Identifying the Hunters and the Howlers. CRC Press. Boca Raton, FL. 2016. pp 25.

[iv] Ibid.

[v] Dietz, Park D. “Mass, Serial, and Sensational Homicides.” Bulletin of the New York Academy of Medicine.  62:49-91. 1986.

[vi] Meloy, J. Reid, and Hoffman, Jens. International Handbook of Threat Assessment. Oxford University Press. New York, NY. 2014.

[vii] Knoll, James. L. “The “Pseudocommando” Mass Murderer: Part II, The Language of Revenge.” The Journal of the American Academy of Psychiatry and the Law. 38:263–72, 2010

[viii] Delgadillo, Natalie. With Shootings on the Rise, Schools Turn to ‘Active Shooter’ Insurance. http://www.governing.com/topics/education/gov-cost-of-active-shooters-insurance.html. June 2018.

[ix] Dore, B., Ort, L., Braverman, O., & Ochsner, K. N. (2015). Sadness shifts to anxiety over time and distance from the national tragedy in Newtown, Connecticut. Psychological Science, 26(4), 363–373.

[X] Workplace Violence. Issues in Response. Federal Bureau of Investigation, U.S. Department of Justice, Washington, D.C. N.d.

[xi] ASIS/SHRM WVP.1-2011, Workplace Violence Prevention and Intervention. 2011.