Eight recommendations for why and how practitioners should use developments in the risk and threat assessment field.

This brief article presents eight recommendations for why and how practitioners and academics should develop from their current focus, using developments in the general risk and threat assessment field as an invaluable guide to the potential for improvement.

1. Act on your assessment

The sole purpose of risk assessment is to inform risk management – and the purpose of risk management is harm limitation at least or, at best, harm prevention. The assessment of risk without any intention of, or plan for, managing the concerns raised by the assessment should be regarded as both unethical and reckless.

It is not enough to compile lists of risk factors in the absence of attention to how evidence of their presence will be turned into a plan of preventative action based on the nature of the risks detected or suspected.

2. Take a dynamic approach

The assessment and management of violent extremism risk is, or should be, a dynamic and real-time undertaking. Efforts to mitigate risk must inform the understanding evaluators have of its occurrence, which should, in turn, inform bespoke risk management in a continuous and circular process 

Risk assessment and management is an ongoing, live, and dynamic process rather than one that is static or a snapshot in time.

3. See the bigger picture

Risk factors for violent extremism, covering the range of internal (e.g. extremist ideology) and external (e.g. world events) experiences and responses, do not operate in isolation from other risk factors (e.g. a sense of grievance or threat, social support for an extremist world view, personal factors, etc.). Further, they do not operate in isolation from protective factors (e.g. barriers to action, non-extremist social support, etc.) or from the context in which they occur and are experienced.

The risk of an act of violent extremism is about the interplay – in an individual in a particular context and in real-time – of multiple risk and protective factors. This range of factors and their interplay should feature in risk assessment and management guidance in the violent extremism field as it does in other fields of harm prevention.

4. Seek a range of guidance

As with any risk, the risk of an act of violent extremism may be assessed at different points:

  • at discovery
  • at initial investigation
  • at preparation and implementation of a risk mitigation plan
  • at periodic reviews thereafter

This will continue until the risk is assessed to have achieved managed status and the case is closed to the lead agency responsible for its management. At that point, the case may be closed entirely, or it may be handed over to a partner agency to maintain or monitor that managed risk status over a prolonged period. For example, police may detect and initially manage the risk, and following management action, may hand over the case to mental health services to monitor if mental health problems were a particularly salient risk factor in the individual case.

Further, different agencies may have access to quite different kinds of information. For example, mental health practitioners may have direct access to the individual who is the subject of concern, while law enforcement agencies may have less or indirect access only, but instead have access to a potentially rich vein of intelligence information that mental health practitioners may never see. Thus, each evaluation is a complex undertaking, requiring the balancing of multiple forms of evidence, dependencies, and contingencies that are relevant in different ways to the agencies involved.

Accordingly, a range of guidance in the assessment and management of violent extremism risk needs to be developed that will be sensitive to the requirements of different stages in the process in addition to evidence types as well as being aligned to one another to ensure continuity of case management across time and agency. Therefore, just as Ordnance Survey maps are available to travellers in different levels of granularity and focus for each of their regions, so too should there be a range of risk assessment and management guidance available to practitioners, from which they can choose according to need.

Practitioners in the violent extremism field should have available to them guidance that informs direct versus indirect assessments, guidance on in-depth assessments that will vary from that supporting long-term case management, guidance that supports the process of understanding the risks posed by individuals versus groups, and so on. The availability of a range of guidance – like maps of the terrain – is both good practice and a protection against the failure to take important variables and processes into consideration in the vital business of harm prevention (see Gawande, 2011 in Read More).

Different guidance (sometimes referred to as risk assessment tools or instruments) – focusing on different priorities and outcomes, from triage through to decisive action and review – is required at different stages in the task of understanding and managing individual risk. No single set of risk assessment and management guidance can achieve all the requirements of the process of preventing violent extremism.

5. Take the SPJ approach

Structured professional judgement (SPJ) is the recommended approach to the assessment and management of violent extremism risk (see Borum, 2015 and Monahan, 2015 in Read More). SPJ is an approach and not a specific set of risk assessment and management guidance or a particular tool or instrument. The SPJ approach requires investigators to identify the most relevant risk and protective factors in the individual case, using a synthesis of the empirical and professional research as their guide.

Based on what they have found out during the assessment stage, investigators are then required to articulate their hypotheses about individual risk potential and its motivational drivers (e.g. revenge, retribution, honour, esteem). Thus, the investigator tries to articulate what they think the person is at risk of and why, based on which a risk management plan is then designed and implemented. Its impact is used to inform further the investigator’s understanding of the case and ongoing risk management. Consequently, the SPJ approach focuses on the whole person and not just on one or a limited selection of risk factors.

The SPJ approach focuses on the whole person and not just on one or a limited selection of risk factors. 

Several SPJ guidelines are available for practitioners, which embody the approach in different ways and to varying degrees of granularity; these are some of the first maps of this terrain.

The Multi-Level Guidelines fully operationalises the SPJ approach and to a very granular level. This guidance is suitable for use by practitioners experienced in understanding and communicating complex human behaviour (e.g. psychologists).

The Extremism Risk Guidance-22+ (ERG-22+), the Violent Extremism Risk Assessment-2 Revised (VERA-2R;), and the Terrorist Radicalisation Assessment Protocol-18 (TRAP-18;) operationalise SPJ partially – the guidance offered to practitioners to try to think through their understanding of the case and risk management planning is limited or, in the case of the VERA-2R and the TRAP-18, absent. (See Read More).

However, both the VERA-2R and the TRAP-18 have been written with law enforcement practitioners in mind, and these sets of guidance are more attuned to the interests of those professionals than any other. In contrast, the ERG-22+ is intended for the use of psychologists, although, at present, its use is limited to those who work in HM Prison and Probation Service in England and Wales.

Risk management should be about the person rather than their behaviour, and the SPJ approach intends to take practitioners towards the integrated individual and away from counting disarticulated behaviours. Guidance informed by the SPJ approach – such as the MLG, ERG-22+, VERA-2R and the TRAP-18 – helps ensure that practitioners do just this in the different settings in which they work.

6. Study the problem

Good practice in risk assessment and management requires an understanding of both the problem to be prevented (e.g. violent extremism) and the practice of risk assessment and management. Attendance at a training course in the application of a particular set of violent extremism risk assessment and management guidance will not make up for a poor understanding of violent extremism.

Expertise in one area is not a guarantee of good practice in the other. Practitioners who are competent risk managers must have proficiency in both risk assessment and the nature of the harm they are trying to prevent.

7. Be transparent

Risk assessment and management concerning violent extremism is an undertaking likely to be subject to the highest level of scrutiny by multiple agencies with competing agendas (e.g. police, security services, politicians, the courts, the media).

The task of assessing and managing risk should be transparent and accountable to facilitate reasonable scrutiny and defensible practice, nurturing continued support from these essential stakeholders.

8. Evaluate, evaluate, evaluate

Evaluation is critical to demonstrating good practice to key stakeholders, including the public who fund their protection through taxation and politicians who legislate for national security.

No process for understanding risk with a view to managing it should be implemented without regard for how improved practice may be measured and demonstrated.


Risk assessment and management in the field of violent extremism is a complex undertaking. This brief article has considered some of those complexities and offered eight recommendations for their negotiation. Central to each recommendation is working in partnership, which is a vital requirement in the management of threats to national security. The SPJ approach lends itself to such cooperative working arrangements.

However, more diversity is required in the range of guidance available to practitioners to assess, understand, and manage the risk of violent extremism in all its forms, over time and working across agencies. In addition, more attention needs to be paid to the evaluation of risk management practices for us to know better what works in this field, and to move attention away from the identification of risk factors and on to the more substantial process of harm prevention.

Read more
  • Borum, R. (2015). Assessing risk for terrorism involvement. Journal of Threat Assessment and Management, 2, 63–87. Available at: tinyurl.com/kzwr3r9h
  • Cook, A.N., Hart, S.D., & Kropp, P.R. (2013). Multi-Level Guidelines (MLG) for the assessment and management of group-based violence. User Manual. Burnaby, BC: Mental Health, Law, and Policy Institute. Available at: tinyurl.com/3mffasy9
  • Gawande, A. (2011). The checklist manifesto. London: Profile Books Ltd.
  • Lloyd, M., & Dean, C. (2015). The development of structured guidelines for assessing risk in extremist offenders. Journal of Threat Assessment and Management, 2, 40–52. doi: 10.1037/tam0000035
  • Logan, C., Gill, P., & Borum, R. (in preparation). Violent Extremism: A handbook of risk assessment and management. London: University of London Press
  • Meloy, J.R., & Gill, P. (2016). The lone-actor terrorist and the TRAP-18. Journal of Threat Assessment and Management, 3, 37–52. doi: 10.1037/tam0000061
  • Monahan, J. (2016). The individual risk assessment of terrorism: Recent developments. Virginia Public Law and Legal Theory Research Paper, 57. doi: 10.2139/ssrn.2665815.  Available at: tinyurl.com/yp9scyyk
  • Pressman, E., et al. (2016). VERA-2R Violent Extremism Risk Assessment Version 2 Revised: A Structured Professional Judgement Approach. Utrecht, The Netherlands: NIFP/DJI