Management Antisystems

Author: Alberto Guevara Valencia

alberto.guevara@cmdcertification.com.co

Bogotá Colombia.

Certification Management & Development SAS – CMD Certification SAS

December 2022.

Moral and patrimonial rights in the name of Alberto Guevara Valencia – General Manager of CMD Certification SAS.

1. Summary

In various organizational management issues, tools and models have been incorporated so that the results are optimal and benefits are maximized. Some standards of the International Organization for Standardization (ISO) are being applied by thousands of organizations on the planet, such as ISO 9001 in Quality Management Systems or ISO 37001 in Anti-Bribery Management Systems. The Management System concept is based on conscious elements that are structured from the corporate strategy, which base their configuration on controlled processes and effective risk management. But there are issues in organizations that cannot be controlled, but must be avoided, such as money laundering or asset laundering, terrorist financing, merchandise theft, cargo contamination, bribery, corrupt actions, workplace harassment or bullying. Faced with this type of threats or weaknesses in the operation of organizations, it is much more effective and efficient for the organization to understand the anatomy and taxonomy of these harmful and undesirable issues so that it can design and maintain an immunity system against them. The harmful system is called Management Antisystem and its systematic weakening is the purpose of the Management System that the organization can control. It is much more effective and efficient for the organization to understand the anatomy and taxonomy of these noxious and undesirable issues so that it can design and maintain an immunity system against them. The harmful system is called Management Antisystem and its systematic weakening is the purpose of the Management System that the organization can control. It is much more effective and efficient for the organization to understand the anatomy and taxonomy of these noxious and undesirable issues so that it can design and maintain an immunity system against them. The harmful system is called Management Antisystem and its systematic weakening is the purpose of the Management System that the organization can control.

2. Keywords

Management Systems, Management Antisystems.

3. Introduction

This document explains a new concept for the application of management models that the author seeks to incorporate, defines «Management Antisystem» as the set of elements that operate in one or several organizations, interrelated, with sequence, purpose and in a controlled manner, which They seek, in an environment of illegality, to attack, undermine, reduce operations, subtract resources or harm the operations and results of an organization around a specific component.

A Management System is configured from certain interacting elements based on a purpose or objectives, but presupposes knowledge of the basic component, such as the quality of a product or its environmental impact.

When this basic component is not known or its configuration is not fully accessible, the risk analysis methodology may be insufficient when faced with the characterization of uncertain events that would affect the achievement of the objectives. In this sense, it is very useful that when the component basic is uncertain, the figure of the Management Antisystem is used.

4. Development of the concept of Management Antisystem

The concept of Management System was popularized by the International Organization for Standardization (ISO) since 1987 when the first version of the ISO 9001, ISO 9002 and ISO 9003 Quality Assurance Systems standards were published.

In the standards of the ISO 9000 series of 1987, the Quality System was defined as the «structure of the organization, procedures, processes and resources necessary for the implementation of quality management», the latter understood as the «set of activities of the administrative function that determine the quality policy, objectives and responsibilities», which is achieved, according to the vocabulary standard (currently canceled) ISO 8402, with quality planning, quality control, quality assurance and quality improvement.

At present (2022), the definition of the Management System, which is found in the ISO 9000 standard and in chapters No. 3 of the various Management System standards, such as ISO 14001, ISO 37001, ISO 45001, ISO 39001, among others, refers to the «set of elements of an organization, interrelated or interacting, to establish policies, objectives and processes to achieve these objectives».

This definition, globally accepted and incorporated into all ISO, IEC Management System standards and various national standardizers that develop their own models, assumes that the organization determines a policy related to the management system (or the part of the management system according to the analytical approach adopted by the organization), which is consistent with its strategic framework and the “purpose” of the organization and from there determines the expected results or associated objectives.

In order for the organization to meet its objectives, it must establish, plan, control, monitor and improve the processes and projects necessary for this purpose, in such a way that the Management System processes are the instrument for achieving the objectives, strengthened, if necessary, with specific projects that are undertaken to seek the achievement of the objectives. This is the dynamics of a Management System: Strategic Framework – Purpose – Policy – Objectives – Processes and Projects – Review of the strategic framework and purpose – Review and adjustments to the policy and objectives – adjustments in processes and projects.

The dynamics of global Management System standards also include risk and opportunity tools that are directly linked to the organization’s ability to meet objectives, which means that Management System planning, including functional structuring of processes and projects, you must consider uncertainties and their effects on the objectives.

This panorama, where the organization begins its structuring from the strategy, defining policy and objectives, identifying and conforming processes and evaluating risks and opportunities, is also based on a hypothesis of the «certainty of the basic component»:

Board 1: Examples of basic component certainty

Source: Author Development

This «basic component certainty hypothesis» allows Management Systems in general to be based on component analysis, on identifying characteristics, risks and opportunities, but what happens when the basic component is uncertain and can be manipulated? or sabotage?, as this condition occurs in some Management Systems such as Security in the Supply Chain (Security) with ISO 28000, ISO 28001 or BASC, in Management Systems related to issues of corruption prevention , fraud, money laundering, financing of terrorism and bribery, in the latter case as described in the ISO 37001 standard and in other systems such as those that seek to prevent workplace harassment, the protection of human rights and those that they seek to minimize bullying or bullying practices.

This differentiation of the certainty of the basic component allows classifying Management Systems into two categories, as follows:

• predictable component management systems, and
• Uncertain component management systems.

Predictable component management systems are then those where the component characteristics are visible or can be obtained as a result of analysis, including various scenarios such as normal, abnormal and emergency operation, but where it is not assumed that any of the Interested parties have a real and intentional interest in causing damage.

In these management systems with a predictable component, the analysis of risk and opportunities allows planning to be improved so that it is not done solely based on the planned activities or expected results, and in this way uncertainties and their effects can be incorporated, generating actions on those that have a greater potential to distance the organization from its ability to meet the planned objectives.

In Management Systems with an uncertain component, part of the functional context is that some of the interested parties expect to cause harm to the organization or to any of its members, which includes committing crimes, willful misconduct against obligations and the loss of resources for the organization or the impact on the development of the communities.

In this type of systems, risk management may be insufficient in adequacy, level of detail and coverage, since risk analyzes are based on System activities, including some non-routine activities and, in the best of cases, include an analysis under normal, abnormal and emergency operating conditions, but the basis of the analysis is the visible processes of the organization and not the activities that are carried out in a hidden manner or with the intention of causing damage, loss or affecting legality.

In order for these Management Systems of uncertain component to be more effective, it is necessary that in their planning a fundamental characterization of the antagonistic System or the «anti-system» is made and, based on its characteristics, actions are continuously established to counteract the actions of the Antisystem.

“A chain is only as strong as its weakest link” expressed the philosopher Thomas Reid, which applies perfectly to a Management System and the respective Antisystem. Given that a Management System is a set of elements of an organization, interrelated or that interact, to establish policies, objectives and processes to achieve these objectives, it can then be deduced that a Management System is as strong as its strongest element. weak, which also occurs with the anti-system.

The operation strategy, or the continuous planning of the actions of the Uncertain Component Management Systems, will depend on the visible or predictable characteristics of the Anti-Management System. Anti-Management Systems also have planning, execution, monitoring, learning and improvement elements, which are continually reviewed and updated to maintain their operational capacity and to achieve their own expected results, for example, in a Money Laundering System. Assets, which is the Antisystem of the Management System for the Prevention of Asset Laundering, the group of people who agree to carry out asset laundering, carry out a process of identification of operations susceptible to asset laundering,

Using the previous example, the organization must characterize the Management Antisystem of the criminal organization, which is used to launder money, going to the greatest degree of detail of the operations and practices, in such a way that they can detect all the elements of its Management Antisystem and weaken as many critical elements as possible, thereby weakening the entire antisystem by creating weak elements: a Management System is only as strong as its weakest element.

Risk analysis of the Management System is essential, but it may be insufficient to be able to characterize the elements of the Antisystem, avoiding the detection of critical elements and those susceptible to attack in this anti-system and substantially reducing the effectiveness of the Management System.

The success of a Management System, when the specific component is uncertain, will be linked to the precision with which it is possible to continuously characterize the operation of the Management Antisystem and to continuously establish controls that weaken critical activities and interrelationships to make it permanently weaker. that the Management System managing to neutralize its operation, and thus avoiding the damage intended by the Antisystem.

As a conclusion, the definition of Management Antisystem is the set of elements that operate in one or more organizations, interrelated, with sequence, purpose and in a controlled manner, which seek, in an environment of illegality, to attack, undermine, reduce operation, subtract resources or harm the operations and results of an organization or its members around a specific component.

5. Example of characterization of a Management Antisystem

The description below corresponds to a hypothetical case, which serves as an example for the characterization of the Antisystem.

An organization managed to identify a continuous process of theft of inventories inside, which surely had been happening for a long time and had been consolidated. The detection mechanism was based on anonymous complaints that made it possible to quantify the magnitude of the theft, at least in the last twelve months.

The complaint led to the identification that, in the process of dispatching the finished product to the clients, quantities were underreported and part of the product was unloaded in an alternate warehouse near the organization to later deliver the correct quantity to the client.

Within the framework of the investigation with those involved, it was possible to determine that a network of people had been formed within the organization to advance this process, preventing checks and inventories from easily revealing the shortages.

In general, it was possible to discover that the main activities and elements of the Antisystem were the following:

• Expanded diagramming of the logistics process of the organization, which allows observing the step by step of the activities and thus being able to identify the moments, stages and managers where it is more convenient to generate the deviation of information and products. The advantage of this step is that the process information is visible and up-to-date.
• Selection and formation of the work team, made up of key people with a significant impact on information management: At this stage, the search was made for people with similar characteristics, such as financial needs or high personal expenses, with a low ethical barrier and highly observers. The approach was made directly, depending on how visible their ethical barrier was or through the offer of bribes.
• Planning of the activities at the appropriate time and place to manage to manipulate the information and extract the products with the complicity of the work team.
• Risk assessment of each activity, including the controls arranged by the organization.
• Construction of a contingency plan for possible errors or detections of the organization’s control system.
• Disabling the organization’s system controls. In this phase, activities are carried out to eliminate the effectiveness of the controls arranged in the organization, having as a favorable point that the controls are public knowledge and the update is too long in time, quickly becoming obsolete.
• Creation of distractors, especially when it is not easy to disable controls.
• Analysis, evaluation and learning: which includes incidents that could be detected by the organization’s control system and that lead to the need to adjust procedures, actions or the linking of new members to the network.

These elements of the Antisystem can be seen in interaction like this:

Illustration1: Visual of an Antisystem example

Source: Author development

 6. Planning of the Uncertain Component Management System

The planning of the Management System that counteracts the action of the Antisystem, is based on the detected characteristics and functionality of the Antisystem, which implies several issues to consider:

• The Antisystem is dynamic, it evolves over time, especially when its leaders are aware of the actions of the Management System designed to counteract it.
• The Anti-System control disabling methods are strengthened, and may lead the Management System to execute unnecessary activities.
• When the Management System identifies risks, the compatibility of the risk management results and the operation model of the Management System must be analyzed, since both point to the same result.
• The Management System must establish processes and procedures that neutralize or render the Antisystem ineffective, but this is dynamic and consequently the actions and processes for monitoring and measuring the Management System must be frequently reviewed and updated as the results show.
• The use of Red Flags strengthens the characterization of the Antisystem, it is relevant and necessary that a process of identification and analysis of Red Flags or Warning Signs be implemented as a process of the Management System.

7. Research continuity

The model of management antisystems is still being developed by the author, with the support of the Specialization in Integrated Management Systems of the Agrarian University of Colombia Foundation, in one of its lines of research, likewise through the development of research works. degree for specialization by groups of students.

Any support that people or institutions want to do for the development of this experimental model will be well received. Contact me by email alberto.guevara@cmdcertification.com.co

In this link you can see a video (in Spanish)

Bibliography

• Management Systems Standards, International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), based on ISO and IEC HLS Annex SL. (ISO 9000, ISO 9001, ISO 14001, ISO 37001, ISO 37301, ISO 39001, ISO 28000, ISO 28001, etc.).
• Management System Standards for control and security in the supply chain, BASC.