Crisis Management

Do Nonprofit Boards Face Cyber Security Risk?

Do Nonprofit Boards Face Cyber Security Risk?

By: Eugene Fram      Free Digital Image

Solarwinds and Target and others may seem far afield from the concerns of nonprofit directors, except for the giants in the area, like AARP. However, think about this hypothetical scenario.

A group of high school students hacked into the computer system of a local nonprofit offering mental health services and gain access to records of clients, perhaps even placing some of the records of other teenagers on the internet.  Considering the recent introductions of new AI tools, the power of immature teenagers and adults to initiate Cyber Security (CS) problems seems unlimited.  

What due care obligations did the board need to forestall the above situation? A move to recruit directors with special expertise in information technology or cyber security would be nonproductive. A nonprofit director has broader responsibilities such as the overview of management, approval of budgets, fostering management and staff growth etc. Similarly, when social media became a prominent issue a few years ago, boards debated the advisability of seeking directors with that specific kind of background. Today, a consultant with management is likely to provide guidance to directors on these issues.

After listening to a group of cyber security experts discuss for-profit challenges in this area, I have the following suggestions on how nonprofit boards might respond to similar types of challenges.

1. Carefully “wall off” all confidential information – Have management be certain that private information such as health records, are encrypted and separated from operating data that may be considered public in a nonprofit environment.
2. Review D&O and other liability policies – Determine whether or not the D&O policy protects directors and managers from CS intrusions. (It likely does not, but I understand that some carriers may offer some protection along with smaller policies.) It is clear that most general liability policies do not protect the organization against CS.
3. Board Encouragement – Devote some meeting time, perhaps 10 minutes, to a discussion of the CS topics so that management and staff are aware of the board’s concerns on the subject and will take action when necessary. Appropriate due care actions like frequent password changes should become routine. Some checklists are available online, suggesting questions directors might pose to raise awareness on the topic and avoid potential CS breaches.
4. Can third party payer help? – Many nonprofits deal with third party payers with sophisticated CS systems and may offer the nonprofit some advice or assistance.
5. Education and training of employers – Many CS crimes have been successful because employees have violated or forget to effectively protect their working accounts and information. Proper education and training can help reduce these types of lapses.
6. Finance & Audit Committees – Recent data indicate that only 20% of nonprofits have a CS vulnerability assessment in place and only about the same proportion have a plan  in place should a CS breach take place . *  Due care responsibilities seem to be missing among a large portion of nonprofits.

If a nonprofit, like the one described, is attacked, not only will records be compromised, but also the reputation of the agency will be destroyed, probably along with the nonprofit organization itself. SolarWinds and Target may be able to survive such an attack, but the typical nonprofit may not.

*https://communityit.com/nonprofit-cybersecurity/

The “Compliant” Nonprofit Board—A CEO Takes Charge Like a Founder!

The “Compliant” Nonprofit Board—A CEO Takes Charge Like a Founder!

By Eugene Fram              Free Digital Image

According to BoardSource, “ Founderitis’ and ‘founder’s syndrome’ are terms often used to describe a founder’s resistance to change. When founderitis surfaces, the source of the dilemma often is a founder’s misunderstanding of his or her role in an evolving organization.” * I would like to suggest that a nonprofit CEO also might suffer from the “founderitis illness,” sometimes with the board only being mildly or completely unaware of it.

Board Member Tenure versus CEO

The average board member tenure is six years (e.g., two three year terms) as compared with the average almost 13-year CEO tenure. ** The CEO has twice as longer period to influence polices and strategies. More importantly, she/h has more opportunity and time to acquire background knowledge and influence the organization’s culture.

“CEO Founderitis”—Typical Board Members & CEO Behaviors

  • The board is a dependent one, cancels or reschedules major committee/board meeting when the CEO can’t attend.
  • The CEO is overly verbose in presenting background information at meetings.
  • Concurrently, the number of board member comments is limited at most meetings.
  • The CEO places limits on the types of contacts the staff can have with board members, in the name of avoiding staff “end runs. “
  • The CEO carefully covets outside relationships and donor relationships. Board members are only marginally involved in fund development.
  • The Executive Committee does not challenge the CEO when setting the agenda.
  • The nonprofit board is satisfied with marginal gains each year, without seeking broader challenges to provide enhanced client services.
  • The CEO’s performance isn’t rigorously assessed.
  • The board rarely, if ever, overviews CEO and staff talent successions.
  • Board actions and activities are not rigorously reviewed or discussed.
  • Led by the CEO, Board resistance to change is substantial.

What should the board do if the CEO takes charge like a founder?

Three Options:

Does Nothing: This assumes the CEO is performing reasonably well in developing positive program impacts, not outcomes. (i.e, Program objectives can be achieved, but they can have little impacts on clients.)

The CEO and Board are satisfied with program outcomes as performance measures. As a result, the organization inadvertently may not be innovative. In addition, long-term organizational sustainability may be compromised. There may be long-term challenges on the horizon that go beyond the typical three to five year planning cycles.

A majority of board members may feel comfortable with this option because the CEO acts strongly, even though he/s occasionally may encroach on a board’s perogrative.

Makes Changes: This will probably require the CEO & Board to change, modifying some of the behaviors listed above. The CEO then forms a partnership with a changing independent board.

Some board members will be satisfied the status quo, little is required of them. But others may want to remove a CEO who leads like a founder. Internal conflict will likely arise on both sides to delay or abort change.

A Solution? Don’t rock the boat. Only when the CEO, especially one with long tenure, suffering from “founderitis” makes a graceful exit will there be opportunity for change. Hopefully, the new CEO will develop a partnership culture with the board.

https://boardsource.org/resources/founders-syndrome/

** See: “Average tenure of nonprofit CEO Nonprofit Times”

Wanted: Nonprofit CEOs with Entrepreneurial People Skills

Wanted: Nonprofit CEOs with Entrepreneurial People Skills

By: Eugene Fram      Free Digital Image

The need for superior leadership skills is as critical to CEOs in nonprofits as it is in the entrepreneurial world. Following are four such skills and the unique challenges they bring when employed in the nonprofit environment.

 

  • The CEO’s Power of Persuasion

A nonprofit CEO and the board must take the lead in creating the organization’s mission, vision and values. However, since the board majority is usually composed of volunteers who are seldom involved in the day-to-day implementation of the organization’s mission, it becomes the responsibility of the CEO to present viable options for the future — and then to effectively share the board-approved “vision” with three discrete audiences: the board, professional staff and other stakeholders. But…

Board members, in the roles as part-time overseers, often do not have the time to critically evaluate alternatives when presented, particularly if a revised mission is under consideration.

Nonprofit staffs tend to be conservative, especially when change may jeopardize their positions. (e.g. “Don’t change the program, the position that may be dropped can be yours!”)

And foundations, donors, and supporters, who are possibly considering funding requests from other nonprofits, need to be approached by a CEO who is equipped with outstanding people skills.

While business organizations have somewhat similar challenges, obviously their revenue sources are not dependent on financial gifts.

  • The Right Hires

Just as in business, the process of judicious hiring endlessly challenges a nonprofit CEO. Nonprofit salary levels are simply not competitive with those of established commercial organizations, especially in the area of hard-to-find skills such as finance or IT. But these challenges can be overcome! I have seen nonprofit CEOs develop a collegial working atmosphere in their search for employees, resulting in new personnel who are not only dedicated to the mission but feel encouraged to exercise their own creative potential.

  • Face of the Organization

The nonprofit CEO, like his entrepreneurial business counterpart, must be the top marketing executive who is the face of the organization. While board members can assist with promotion, CEOs are the leaders to whom stakeholders and employees look to promote the organization’s impacts. Alternatively, they must take the blame for failures. No longer should a nonprofit CEO be able to use the old excuse with a failed program, “The board forced me to take the action.” But to shepherd an entrepreneurial CEO, the board needs to be able to tolerate some failures as long as they were based on reasonable “business judgment.” No one does their job with unfettered perfection.

  • Growing the Organization

If a nonprofit decides to expand the scope of the organization, the skill sets needed in a CEO are quite different from those needed to maintain a status quo operation. Rarely can the executive who simply “minds the store” adjust to the complexities of the new environment and must be replaced or moved elsewhere. A nonprofit’s commitment to expansion is both exciting and terrifying. In any case, it demands a nonprofit CEO who, in partnership with a supportive board, can handle the requisite financial development and continual networking with stakeholders.

 

Nonprofit Boardroom Elephants and the ‘Nice Guy’ Syndrome: A Complex Problem?

Nonprofit Boardroom Elephants and the ‘Nice Guy’ Syndrome: A Complex Problem?

By: Eugene Fram    Free Digital Image

At coffee a friend serving on a nonprofit board reported plans to resign from the board shortly. His complaints centered on the board’s unwillingness to take critical actions necessary to help the organization grow.

In specific, the board failed to take any action to remove a board member who wasn’t attending meetings, but he refused to resign. His three-year term had another 18 months to go, and the board had a bylaws obligation to summarily remove him from the board. However, a majority of board members decided such action would hurt the board member’s feelings. They were unwittingly accepting the “nice-guy” approach in place of taking professional action. (more…)

People Problems Can Put Nonprofits at Risk

People Problems Can Put Nonprofits at Risk

By: Eugene Fram   Free Digital Image

Like the Streisand song lyric, nonprofit people who need people must first have the know-how to choose and cultivate those people! If not, the risks to a board can range from modest to substantial. It all begins with making the right choices and vetting board and CEO candidates.  Most nonprofit board members know that they are only required to make one hiring decision—the engagement of the CEO. This is a process that always involves some risk factors. Take the case of the university that has expended substantial amounts to engage a CEO. After a brief “honeymoon period” it was determined that the candidate lacked the requisite background to move the organization forward. His resignation was forthcoming, and with it, a disruption that was costly not only in dollars but in board/faculty morale and public confidence.

A nonprofit board is usually confronted with several people risks. Following are some that should be noted by board members.

(more…)

Tightening the Oversight of Nonprofit Boards?

 

By: Eugene Fram   Free Digital Image

Tightening the Oversight of Nonprofit Boards?

By: Eugene Fram      Free Digital Image

Clearly the purpose of a nonprofit board is to serve the constituency that establishes it-be it community, industry, governmental unit and the like. That said, the “how” to best deliver those services is often not so clear.

The fuzziness of boundaries and lack of defined authority call for an active nonprofit system of checks and balances. For a variety of reasons this can be difficult for nonprofits to achieve. (more…)

Nonprofit CEOs and Board Directors: How Expert Is Your CFO?

 

Nonprofit CEOs and Board Directors: How Expert Is Your CFO?

By: Eugene Fram        Free Digital Image

When hiring a chief financial officer (CFO), nonprofit organizations often find themselves with a major challenge, since many financial and accounting functions and compliances are identical with those of for-profit organizations. To compete, the nonprofits may need to offer higher salaries than typical for nonprofit organizations. Some may trim the level of expertise required to fill the position.  They hire a person with a bookkeeping background when the organization needs somebody with financial analysis skills.  This is a dangerous move, especially when the organization is growing. It is difficult to terminate a financial person who is satisfactory for a startup, but isn’t able to navigate the challenges of rapid growth.  Also it is a continuing challenge for the Board and CEO, to make certain that the person in the position now has the requisite skills.  A mistake by a person who is not current with financial changes and compliances can make a major error that will harm the organization’s reputation, leading to a board restructuring and/or firing the CEO.

Both the nonprofit CEO and the board need to assess the CFO’s expertise annually by:

*Asking knowledgeable board members if they are receiving financial data and analysis in a format helpful for decision-making.

*Having an executive session with the external auditors yearly to obtain the firm’s assessment of the expertise of all financial personnel with whom they had have contact.

*Keeping track of reports that are submitted late. Something might be radically wrong. (I know of one case where the Board and CEO were only receiving a subsidiary report intermittently. The problem was the data reported involved old accounts that should have been written off months ago. The organization had to hire forensic accountants to determine what needed to be done to resolve the situation. The board terminated the CFO and then the CEO.)

*Making certain all financial personnel take two weeks vacation each year, so that a substitute needs to handle the duties.

*Having the CEO review the CFO’s expertise annually with knowledgeable board members, external accountants or others.  Acknowledging the growth point when the nonprofit needs a CFO with analytical abilities as opposed to bookkeeping ones.  

*Reviewing the causes for a high turnover rate among financial personnel.

*Providing local financial support for the  CFO and others to stay current with accounting and compliance regulations. 

For a current case of a board that evidently failed to adhere to such guidelines see:

http://www.nonprofitquarterly.org/management/23235-existence-of-a-reserve-fund-in-this-nonprofit-threatens-its-future.html

 

 

 

 

 

 

A Nonprofit Board Has A Problem With A Recently Hired CEO – What To Do?

 

A Nonprofit Board Has A Problem With A Recently Hired CEO – What To Do?
By: Eugene Fram.         Free Digital Image

With some possible variations, is the following scenario one that is frequently repeated elsewhere?

• The nonprofit board had engaged, Joe, an experienced ED.  The prior ED had been in place for 25 years, and was evidently unwilling to move to meet changing client needs. For example, the agency only offered counseling services five days a week, 9 am to 5pm, with hours extended to 8 pm on Thursday night. There were no client options for emergency calls during nights or during weekends.

(more…)

What Nonprofits Can Do To Maintain Liquidity

What Nonprofits Can Do To Maintain Liquidity

By: Eugene Fram    Free Digital Image

It doesn’t take a pandemic to make a nonprofit question its capacity to survive. Events such as a loss of major funding, a damaged reputation, huge unpredicted expenses could swiftly reduce the lifeblood of the organization, plunging the nonprofit into deep concern for its long-term survival.

Any nonprofit CEO has the data to predict how long the organization can stay afloat without income. This, however, would be only one rough measure of the nonprofit’s liquidity. Board members need to take the discussion further. They need to realistically appraise total liquidly from fixed/variable expenses and income venues as they relate to mission accomplishment.

(more…)

How Nonprofit Boards Can Support Management & Staff and Refrain From Micromanaging!

How Nonprofit Boards Can Support Management & Staff and Refrain From Micromanaging!

By: Eugene Fram                    Free Digital Image

The dilemma is common to nonprofit organizations. As start-ups, everyone aspires to do everything. Passion for the mission and determination to “get it right” imbue board members with the desire to do it all. But once the organization starts to mature, board roles shift to focus more broadly on policy and strategy issues. With the advent of qualified personnel to handle operations, there are many overview activities, sans micromanaging, available to board members. Following are some ways that boards can assist and demonstrate support for operations, CEOs and staffs without interfering.

(more…)