A study of business boards by Stanford University yielded the following results:
Only one-third (36%) of board members surveyed believe their company does a very good job of accurately assessing the performance of individual directors.
Almost half (46%) believe their boards tolerate dissent.
Nearly three quarters of directors (74%) agree that board directors allow personal or past experiences to dominate their perspective.
And, perhaps most significant, the typical director believes that at least one fellow director should be removed from the board because the individual is not effective. *
Given that many of these business boards have the financial power to employ legal counsel or consultants to conduct a rigorous impartial evaluation, what can a nonprofit board, with limited financial resources, do to make sure that the board and its members are being fairly evaluated to drive change?
A blog developed by an internationally known board expert* raises some pertinent governance questions mainly targeted to for-profit boards. Following are my suggestions how these questions could apply to nonprofit and trustee boards. In addition, field examples show what happened when the questions had to be raised in crises situations.
Does bad news rise in your organization? “You may be the last to know.” For example, the board of a human services organization knew that the professional staff was not happy with a new ED with an authoritarian management style, but the board felt it needed to give him a chance to modify his style. Board members didn’t know that the staff professionals had been meeting with a union organizer for nine months. A labor election resulted, with the professional staff agreeing to work under a trade union contract.
Do your CEO & CFO have integrity? “If the CEO or CFO holds back, funnel information, manages agendas, is defensive or plays…. cards too close to the, vest, this is a warming sign.” For example, a CFO was delinquent in submitting a supplementary accounts receivable financial report. The board and CEO accepted his excuses, but the data, when submitted, had a significant negative impact on the financials. Both the CEO and CFO lost their positions. Should the board have also accepted some responsibility for the crisis?
Do you understand the (mission) and add value? The board members need to seriously answer this question: If this organization were to disappear tomorrow, who would care?
Do you know how fraud can occur in your (nonprofit)? Common wisdom prevails that there is little for-profit or nonprofit boards can do avoid fraud. To review nonprofit boards actions that can be taken, especially for medium and small size nonprofit boards, see; Eugene Fram & Bruce Oliver (2010) “Want to Avoid Fraud? Look to your Board,” Nonprofit World, September/October, pp.18-19.
Do you compensate the right behaviors? “You are at the helm as board members. Whatever you compensate, management will do.” Be certain the organization is compensating for outcomes and,more importantly, today impacts. Too often compensation is given for completing processes that are not tied to client impacts
Do you get disconfirming information? Management is only one source of information. With the agreement of management, visit privately with people below the management level. Set a Google Alert for the name of the organization to see what others on the Internet are saying about your nonprofit’s relationships.
Do you get exposures to key (operational areas) and assurance functions? “Bring key people into the boardroom, without Power Points. See how they think on their feet. It is good for succession planning and is an excellent source of information.”
Do you get good advice and stay current? “Bring tailored education into the board room and stay on top of emerging developments. “ This is especially important for the nonprofit directors or trustees who serves on a board that is out of their area of expertise. For example, bankers might serve on a hospital boards.
Do you meet with (stakeholders) – apart from management? Board members need to join with management in meeting key funders occasionally to determine if their expectations are fully met and what the board might do to foster a continuing relationship. This lets funders know that the board is involved over-viewing the organization’s outcomes and impacts.
*Richard Leblanc, “The Board’s Right to Know and Red Flags To Avoid When You Don’t.” http://www.boardexpert.com/blog, September 14, 2012 Note: Bold & quoted items are from the above blog.
The “Compliant” Nonprofit Board—A CEO Takes Charge Like a Founder!
By Eugene Fram
According to BoardSource, “ ‘Founderitis’ and ‘founder’s syndrome’ are terms often used to describe a founder’s resistance to change. When founderitis surfaces, the source of the dilemma often is a founder’s misunderstanding of his or her role in an evolving organization.” * I would like to suggest that a nonprofit CEO also might suffer from the “founderitis illness,” sometimes with the board only being mildly or completely unaware of it.
Board Member Tenure versus CEO
The average board member tenure is six years (e.g., two three year terms) as compared with the average almost 13-year CEO tenure. ** The CEO has twice as longer period to influence polices and strategies. More importantly, she/h has more opportunity and time to acquire background knowledge and influence the organization’s culture.
“CEO Founderitis”—Typical Board Members & CEO Behaviors
The board is a dependent one, cancels or reschedules major committee/board meeting when the CEO can’t attend.
The CEO is overly verbose in presenting background information at meetings.
Concurrently, the number of board member comments is limited at most meetings.
The CEO places limits on the types of contacts the staff can have with board members, in the name of avoiding staff “end runs. “
The CEO carefully covets outside relationships and donor relationships. Board members are only marginally involved in fund development.
The Executive Committee does not challenge the CEO when setting the agenda.
The nonprofit board is satisfied with marginal gains each year, without seeking broader challenges to provide enhanced client services.
The CEO’s performance isn’t rigorously assessed.
The board rarely, if ever, overviews CEO and staff talent successions.
Board actions and activities are not rigorously reviewed or discussed.
Led by the CEO, Board resistance to change is substantial.
What should the board do if the CEO takes charge like a founder?
Three Options:
Does Nothing: This assumes the CEO is performing reasonably well in developing positive program impacts, not outcomes. (i.e, Program objectives can be achieved, but they can have little impacts on clients.)
The CEO and Board are satisfied with programoutcomes as performance measures. As a result, the organization inadvertently may not be innovative. In addition, long-term organizational sustainability may be compromised. There may be long-term challenges on the horizon that go beyond the typical three to five year planning cycles.
A majority of board members may feel comfortable with this option because the CEO acts strongly, even though he/s occasionally may encroach on a board’s perogrative.
Makes Changes: This will probably require the CEO & Board to change, modifying some of the behaviors listed above. The CEO then forms a partnership with a changing independent board.
Some board members will be satisfied the status quo, little is required of them. But others may want to remove a CEO who leads like a founder. Internal conflict will likely arise on both sides to delay or abort change.
A Solution? Don’t rock the boat. Only when the CEO, especially one with long tenure, suffering from “founderitis” makes a graceful exit will there be opportunity for change. Hopefully, the new CEO will develop a partnership culture with the board.
For-Profit Boards Versux Nonprofit Boards: Similar Challenges?
The wise person learns from his/h own experiences. The wiser person learns from the experiences of others. Chinese Proverb
The CEO Forum published an article covering the governance views of five business board members, known for their wisdom and vision. Following are some of topics in the article that relate to nonprofit boards. *
Good governance is dependent upon well-curated boards. This means that nonprofit boards must look beyond the functional competencies (e.g. accounting, marketing, law, etc.) for candidates. Within these groupings, they need to seek candidates who have strategic outlooks, are comfortable with critical thinking and have documented leadership skills. This requires recruiting and vetting efforts that go well beyond the friends, neighbors and colleagues who traditionally have been the sources for board positions. Also related is the issue of board succession, since that many will leave the board after a four to six year period. The current board(s) has an obligation to make rigorous recruiting and vetting become part of the nonprofit’s culture.
Assessing long-term sustainability. In the past, nonprofits have projected longevity because there will always be a need for the services or products they provide. This is no longer an assured proposition. Nonprofit day care centers now must compete with those that are for-profit. Improvements in medication have decreased the need for individual counseling and many new technologies can quickly solve problems that are embedded in the nonprofit’s mission.
Review governance best practices carefully! Know who is suggesting them and make certain they are appropriate for a specific organization. For example, some experts suggest that executive committees should be eliminated. However an executive committee that is responsible for a slim board committee structure can be effective in driving change and promoting better communications throughout the organization. **
Changing public accounting firms. Nonprofit accounting practice suggests changing public accounting firms about every five years. However one expert suggests, “It is important to ensure that judgment areas such as nonGAAP disclosures are well-defined, supporting calculations are well-documented and that the definitions and calculations are consistent across reporting periods.” At times of accounting firm change, nonprofit board members need to be able to add these issues to their question that they pose to management.
Ethics & Compliance. Like business organizations, nonprofits are subject to significant lapses in ethics and compliance. One study of nonprofit fraud found that it 46% involved multiple perpetrators. *** As shown in the recent Wells Fargo debacle, establishing the tone for rigorous applications of a standard needs to start with the board and flow through all management levels. In the current environment, audit committees have to be especially alert and take immediate actions when red flags arise in either the ethics and/or compliance areas. In my opinion, a nonprofit audit committee that meets only once or twice a year is not doing the necessary job.
Strategy. The nonprofit board has an obligation to help management see “around the next corner.” This involves board members assessing coming trends and sparking civil and meaningful board and committee discussions.
Board member comfort zones. Like their business counterparts, few nonprofit board members are “comfortable testing how to rock the norms.” It is easier to acculturate new directors to the current norms, a process that is inward bound and self-defeating. But a start can be initiated with questions such as, “If we were to start a new nonprofit across the street, what would it look like and who of the present board and a staff members would we ask to join us?
Is Your Nonprofit Forward-Focused or a Prisoner of the Past?
By: Eugene Fram
Governance arguably suffers most … when boards spend too much time looking in the rear view mirror and not enough scanning the road ahead. *
It has been my experience that nonprofits rarely address the possibilities and perils of “…the road ahead.” An endless stream of current and pressing issues can cause both Board and CEO to take a myopic view of their nonprofit responsibilities — either totally ignoring strategic issues or procrastinating a discussion of the subject. The results can be damaging to the organization. Here are some “prompts” that might guide nonprofit board members and CEOs as they attempt to provide leadership in this important but neglected area:
Balanced Agendas — Include and highlight strategic issues on every board meeting agenda (not just when a committee report is presented) until they are resolved with action plans, policy development or thoroughly discussed and removed. This constant emphasis on planning can go a long way towards achieving concrete actions on topics of future concern. A discussion of immediate issues juxtaposed with ongoing strategic concerns will provide a balanced meeting format that may possibly discourage board member’s attempts to micromanage, a very common tendency in nonprofit boards!
Short Term Focus — In a BoardSource report, “…only 33 percent of nonprofits report that their board members are actively involved in advocating for their missions, and many organizations aren’t advocating at all.”** To inspire and challenge board leaders to actively serve as ambassadors. The explanation for weak performance in this area is often attributed to the fact that the directors’ terms of service on the board are usually three to six years during which time people’s interest in the long-term future of the organization may be compromised. Some boards may be disproportionately represented by “millennials” whose participation comes with heavy time constraints. Problems of this type can be mitigated by seeking board members who are partially or fully retired. They are likely to be better equipped to focus on the important governance functions and the fundamentals in which the nonprofit operates. Boards need to look to look further out than anyone else in the organization… There are times when CEOs (those operationally concerned with strategy) are the last ones to see (environmental) changes coming.
Board Recruiting — Nonprofit recruiting can be a hit-or-miss process, often producing candidates who are readily available and familiar to the current board. Rarely will the committee seek out people who have strong track records as strategists and/or competent visionaries. This is a real challenge, but a forward focused board should make every effort to identify potential directors who have these types of experience and skills. The topic of recruitment is a challenging one and the process should have continual annual evaluation.
Can Nonprofit Boards Work Smarter Not Harder? As noted earlier, nonprofit board people are often limited in the amount of time they can devote to board participation. Given these constraints, the board chair and CEO can choose from a range of options that will help orient directors to better understand the external landscape in which the organization operates. These initiatives can include visits to comparable facilities, opportunities to attend field related conferences or inviting experts in the same or similar organizations to interact with board members. The purpose is to infuse each member of the board with an informed view of the organization’s long-term future and prepare them to take the appropriate action. The CEO and board chair must address this question with a viable plan: What actually helps… (to develop) a board environment that encourages participation and allows board members to derive meaning, inspiration and satisfaction from their (board) work?
Talent: The Key to Nonprofit Success — A nonprofit board has one hiring decision to make: the engagement of the CEO. But it also has a significant responsibility to overview long-term talent development in the staff and management. The board of a family service agency needs to assure that its counselors are up to date on current modalities of counseling. A recreational organization must be operating in the context of accepted fitness practices. Annual talent reviews need to be scheduled with CEOs and the appropriate staff. In addition, individual board members, with the concurrence of the CEO, may want to have occasional professional contact with key people below the senior management.
Make strategy part of the board’s DNA — (Many nonprofit) … CEOs present their strategic vision once a year, the directors discuss and tweak it at a single board meeting (or a short retreat), and the plan is then adopted. The board’s input is minimal and there’s not enough in-depth information to underpin proper consideration of the alternatives.
An educated nonprofit board will have the depth of understanding to be alert to the future needs and problems of its organization. Typically there is usually an unanticipated “fork” in the road ahead. Status quo, “minding the store,” participation by rote are all too easy mindsets that will only hobble the progress of an organization. Board chairs and CEOs are key actors in turning an existing board environment into one that is focused on moving forward.
*Christian Casa and Christian Caspar (2014) “Building a forward-looking board,” McKinsey Quarterly, February. Note: Quotations from this article are presented in italics.
How Seriously Does Your Nonprofit Board Take the Matter of Ethics?
By Eugene Fram
Most board members are aware of their obligation to ensure their nonprofit’s compliance with certain standard regulations e.g. making tax payments, submitting IRS Form 990s and/or avoiding potential fraud. But what I have found missing in the nonprofit environment is a sense of board member responsibility to provide for and sustain a viable ethics program.
Board members, as representatives of a community, profession or industry, have a significant responsibility to mitigate risks for their supporting constituencies. To ensure their integrity and prevent tainting the organization’s reputation, an internal ethical culture must prevail. An emphasis on ethical conduct should cover everyone from board members to the lowest ranking employee, and address issues that range from personal use of facilities to various types of harassment.
Following are some thoughts on putting ethics in their rightful place:
• The Audit Committee in responsible-business organizations often have a full-time corporate counsel or compliance officer who are charged with seeking evidence of unethical behavior. On the other hand, nonprofits must vest significant ethics responsibilities in the audit committee. As a base approach, the audit committee should have the CEO investigate installing a hotline system that can surface questionable behaviors and issues.
• Ethical Behaviors Start with the Board – A review of existing ethical standards should be included in the orientation process of every new board member or employee– and reinforced briefly each year. Potential conflict of interest in board members can skew decision-making and jeopardize outcomes. Engaging in “sleight of hand” decisions can reverberate throughout the organization. For example: it is not unusual for nonprofit boards to seek grant dollars that support programs that are not directly related to the organization’s mission. Similar relaxation of standards can propel an organization down the slippery slopes of ethical boundaries. This also applies to senior managers whose behavior or actions are perceived to be inappropriate.
• Seeking Information – Although the Sarbanes-Oxley act suggests that board directors are obliged to seek information from persons below top management, this can sometimes become controversial in the nonprofit environment.
The bottom line is that (ethics) compliance must be pervasive, ongoing and actively tested, experts say, in order to maintain a healthy culture throughout the organization. By rewarding ethical behavior and mitigating risk, nonprofit board members will be doing all they can to protect themselves and preserve values for shareholders (and help to assure ethical actions in a mission-centrist nonprofit.)*
* Boardmember.com (2014), “Compliance Oversights Starts and Ends with the Board,” May 14th.
Nonprofit Board Discourse: a Meeting of the Minds??
By: Eugene Fram
Several years ago, a nonprofit board member complained to me that there was too little “conflict” at board meetings. Too few hands were raised to challenge or simply question the efficacy of certain important agenda items. Having participated in hundreds of nonprofit meetings, I have observed that this laissez-faire response still typifies a significant number of board member’s attitudes, especially for items that deserve vigorous discussion. Why is that? And why can the term conflict be perceived as an asset to an organization that is determined to move forward?
Below are some answers based on my own experience in the nonprofit environment.
Major Focus is on Operations: As I have commented in other posts, focusing on operations seems to be a default option for many nonprofits. Unlike members of business boards who have substantial financial investments in their organizations, nonprofit board members are volunteers with little personal risk and with insufficient motivation to challenge the status quo. Since the median nonprofit director’s term of service is seldom greater than 6 years, a board member can lack significant interest in the nonprofit’s long-term future. In addition operational items are more concrete and inherently more interesting because many center on people related decisions. Then there’s the “nice guy” impulse—directors’ meetings are usually brief (1 to 1.5 hours) and board member are often reluctant to voice dissenting views that may offend colleagues and extend meeting times.
Encouraging “Constructive Conflict”
Preparation Is Critical: Review of governance agenda materials leads the way to more rigorous discussions. This requires nonprofits to provide meeting materials at least one week in advance to facilitate fact- based discussions. Some may argue that busy board members will ignore materials well in advance of the meetings. But isn’t it a solid advantage to have some of the most interested board members well briefed for the meeting?
The importance of mission: As much as possible, the board chair needs to frame each agenda item in light of its impact the nonprofit’s mission. This helps eliminate frivolous comments and questions, e.g., voting on the color of the menu at the annual diner. These distractions, like responding to tweets, detract from discussing substantive issues. Chairs can diplomatically eliminate them by simply suggesting the distraction issue can be handled “off line.”
Recruitment: Nominating candidates for the board who have the abilities to interact effectively at meetings are important to improving the quality and quantity of meeting discussions. While nonprofits often need a diversity of board members from different fields and backgrounds, they also must have a core of directors who know the differences between governance and operational activities, who understand what is involved in critical thinking, have demonstrated leadership elsewhere and have broad understandings of what constitutes strategic planning. Otherwise the board, like the one I encountered, had many very busy middle level managers types who did well on time-constrained specific projects, but they had no interest in governance or strategic planning. The de facto result was that the Board Chair authoritatively operated the board.
Getting Together: Currently, most nonprofit board members live time-compressed lifestyles and only connect with others at formal board or committee meetings. To build an effective team decision-making, board members need to know each other personally and professionally. Board chairs and CEOs must take steps to provide social or professional occasions for the board at which directors can interact. Sometimes a simple 10-minute agenda item at a meeting asking each member to briefly review personal or professional events can help—as proven by organizations like Rotary.
Passion vs. Passivity:The nonprofit board member who lamented the absence of “conflict” in the boardroom recognizes that an engaged and often challenging governing body is in the best interest of a healthy and forward moving organization.
Ideally, change takes place only when is a critical mass of board and staff want it. A significant portion of leadership must realize that the status quo won’t do. Based on my experiences, this ideal is rarely achieved because:
The CEO needs to support the changes being suggested and/or mandated by a majority of the board. But, if not fully invested in the change, the CEO can accede to board wishes for action but move slowly in their implementations. The usual excuse for slow movement is budget constraint.
Complicating the situation is the fact that most nonprofit boards are hesitant to remove a CEO who has a nice personality but lacks vision, makes modest revisions each year and keeps budgets in balance. As volunteers, board members know that removing a “status quo” CEO can cause board and staff conflict. These events require more meeting times and can cause board members to turn against one another. Volunteers accept board positions to promote positive outcomes, not to become involved with the stresses that accompany conflict.
Changing a CEO, board members or the governance model, etc., can easily send negative signals to the staff because they may view it as leading to disruption in their jobs and working environments. Most nonprofit staffs are only one or two organizational levels away from the board and may become concerned that new influential board members can have significant impact.
For example, two professors persuaded their board colleagues that the agency needed a “management by objectives program.” The staff became so involved in establishing and measuring objectives that they neglected client services .
Critical actions that boards can take to overcome these barriers.
Agreement about what “change” means. Perhaps it is increasing clients served and/or simultaneously having to increase donations to maximize the mission’s service? These changes can be readily measured. However, nonprofits often have revisions that can only be measured approximately in the short-term because of the significant costs involved. These include such items as improving public awareness or community influence. They require use of more qualitative measures over time to assess trends and improve the measures. *
Those responsible for change need to be reminded that words have meaning, and the words used to describe revisions can create negative attitudes from board members and staff. Those with negative connotations include “profit, efficiency and restructuring.” Positive words include “mission, serving and compassion.”
Radical honesty about the hurdles standing in you way. It’s important to be upfront about the “bandwidth” in staff and board resources needed to implement any major modifications. This involves having three or four board members who are experienced with implementing change, willing to assume leadership of the process and have the interpersonal skills necessary to “sell” other board members on the benefits of the new plan. In one situation, where a governance model was changed and the ED’s title revised to President/CEO, a traditional board member was dissatisfied. He complained about the new title “What do we call the ED now, Presco?” The implication was that the new title was satisfactory for the head of a business organization but too sophisticated for the operating head of a nonprofit organization.
Commitment to do whatever it takes. Driving changed from a nonprofit board position isn’t for the person or team that gives up easily. A realistic plan is to anticipate the bumps in the road along the way. For example, if some board members agreed to a revision with limitations, it’s the responsibility of the CEO and board members to make certain they are consulted as the change progresses, helping them, if they can, to be more comfortable with it. If the change has substantial impact on the staff, the CEO and board members need to be certain that false rumors are handled appropriately when they appear. This also applies to rumors circulating in the community or in an industry, if the nonprofit is an association.
When boards fail to take the types of actions cited above, the impact can affect the nonprofit’s culture for decades. For example, a nonprofit engaged a new executive director with an authoritarian leadership style. His long-term predecessor developed a relaxed culture, often casually taking staff meeting time to read poetry. The Board concluded major changes were necessary.
As a first step to solve the problem, the board made a mistake by demanding the new ED modifies his authoritative management style. But concurrently, a union organizer heard about the dissatisfaction and persuaded the social workers on the staff to form a union. Results: the problematic ED was finally terminated, and an experienced ED, who had worked previously at the agency, was engaged. But the social work staff is still unionized. Trust between management and the professional staff was never restored.
The Nonprofit Board’s New Role In An Age of Exponential Change
By Eugene Fram
Most nonprofit boards are being faced with huge pressures—reduced financial support, challenges in integrating new technologies, recovering from Covid impacts and difficulties in hiring qualified personnel who will consider “nonprofit” wages. To survive long term, board members need to be alert to potential opportunities. These may be far from the comfort zones of current board members, CEOs and staff.
What needs to be done?
Look for scalable opportunities to reformat the nonprofit: This may include merging, partnering or acquiring other organizations, obviously in an attempt to make both organizations more effective and efficient. One nonprofit, operating a sheltered workshop for the blind and visually impaired affiliated with a local Goodwill nonprofit. The change over many years allowed the original service organization to grow from a budget of $5 million with 160 employees to today’s budget of $50 million. Currently it has 800 employees, serving 150,000 clients annually.
To achieve results like these, the board had to move out of its comfort zone, learn about new types of operation that can help fulfill the mission and initiate bold moves. To explore and manage such changes, a “Lean Management”* approach using small-scale experimentation can be helpful.*
Acknowledge the inherent limitations of nonprofit board tenure:
The median tenure for nonprofit board members is from four to six years. With only reputation and/or emotional investment in the organization, this creates a short-term time line horizon for many board members. The CEO, probably the only one with long-term organizational memory, has an obligation to motivate the board to consider long-term actions in this time-compressed tenure environment.
Led by the Chair & CEO what can be done?
First recognize that not all board members will be interested in developing a future scenario that goes beyond their tenure limits. The argument will be that a three-year strategic plan is sufficient. The answer is to have the board chair and CEO form a discussion group, not a committee to highlight longer term opportunities. It should be composed of board members who appear to be visionary in the mission field, in their career backgrounds back along with management and staff representation.
Pose questions like these:
What do you see the mission of this organization will be a decade from now?
What might shape it now to grow, decline gradually or stay stable over the decade?
What can management do now to prepare for the next decade?
Are there small-scale experiments that will assist in preparing for these changes?
What succession plans are required to make available strong or stronger management abilities available in the next decade?
Once a scenario is developed from the discussions, ask management to develop one or two experimental programs. If successful, it will help guide the nonprofit for the next decade. Hopefully, future board members will see the value of this work, develop an appreciation for longer term planning and continue the process.
This process is all a matter of aligning board members to long-term thinking. It involves using conceptual considerations by board and management. It motivates the CEO to consider managerial abilities that will be required, and it also should be especially helpful for board members whose careers are outside the mission area of the nonprofit.
Solarwinds and Target and others may seem far afield from the concerns of nonprofit directors, except for the giants in the area, like AARP. However, think about this hypothetical scenario.
A group of high school students hacked into the computer system of a local nonprofit offering mental health services and gain access to records of clients, perhaps even placing some of the records of other teenagers on the internet. Considering the recent introductions of new AI tools, the power of immature teenagers and adults to initiate Cyber Security (CS) problems seems unlimited.
What due care obligations did the board need to forestall the above situation? A move to recruit directors with special expertise in information technology or cyber security would be nonproductive. A nonprofit director has broader responsibilities such as the overview of management, approval of budgets, fostering management and staff growth etc. Similarly, when social media became a prominent issue a few years ago, boards debated the advisability of seeking directors with that specific kind of background. Today, a consultant with management is likely to provide guidance to directors on these issues.
After listening to a group of cyber security experts discuss for-profit challenges in this area, I have the following suggestions on how nonprofit boards might respond to similar types of challenges.
1. Carefully “wall off” all confidential information – Have management be certain that private information such as health records, are encrypted and separated from operating data that may be considered public in a nonprofit environment. 2. Review D&O and other liability policies – Determine whether or not the D&O policy protects directors and managers from CS intrusions. (It likely does not, but I understand that some carriers may offer some protection along with smaller policies.) It is clear that most general liability policies do not protect the organization against CS. 3. Board Encouragement – Devote some meeting time, perhaps 10 minutes, to a discussion of the CS topics so that management and staff are aware of the board’s concerns on the subject and will take action when necessary. Appropriate due care actions like frequent password changes should become routine. Some checklists are available online, suggesting questions directors might pose to raise awareness on the topic and avoid potential CS breaches. 4. Can third party payer help? – Many nonprofits deal with third party payers with sophisticated CS systems and may offer the nonprofit some advice or assistance. 5. Education and training of employers – Many CS crimes have been successful because employees have violated or forget to effectively protect their working accounts and information. Proper education and training can help reduce these types of lapses. 6. Finance & Audit Committees – Recent data indicate that only 20% of nonprofits have a CS vulnerability assessment in place and only about the same proportion have a plan in place should a CS breach take place . * Due care responsibilities seem to be missing among a large portion of nonprofits.
If a nonprofit, like the one described, is attacked, not only will records be compromised, but also the reputation of the agency will be destroyed, probably along with the nonprofit organization itself. SolarWinds and Target may be able to survive such an attack, but the typical nonprofit may not.
Nonprofit Management 