team building

Do Nonprofit Boards Face Cyber Security Risk?

Do Nonprofit Boards Face Cyber Security Risk?

By: Eugene Fram      Free Digital Image

Solarwinds and Target and others may seem far afield from the concerns of nonprofit directors, except for the giants in the area, like AARP. However, think about this hypothetical scenario.

A group of high school students hacked into the computer system of a local nonprofit offering mental health services and gain access to records of clients, perhaps even placing some of the records of other teenagers on the internet.  Considering the recent introductions of new AI tools, the power of immature teenagers and adults to initiate Cyber Security (CS) problems seems unlimited.  

What due care obligations did the board need to forestall the above situation? A move to recruit directors with special expertise in information technology or cyber security would be nonproductive. A nonprofit director has broader responsibilities such as the overview of management, approval of budgets, fostering management and staff growth etc. Similarly, when social media became a prominent issue a few years ago, boards debated the advisability of seeking directors with that specific kind of background. Today, a consultant with management is likely to provide guidance to directors on these issues.

After listening to a group of cyber security experts discuss for-profit challenges in this area, I have the following suggestions on how nonprofit boards might respond to similar types of challenges.

1. Carefully “wall off” all confidential information – Have management be certain that private information such as health records, are encrypted and separated from operating data that may be considered public in a nonprofit environment.
2. Review D&O and other liability policies – Determine whether or not the D&O policy protects directors and managers from CS intrusions. (It likely does not, but I understand that some carriers may offer some protection along with smaller policies.) It is clear that most general liability policies do not protect the organization against CS.
3. Board Encouragement – Devote some meeting time, perhaps 10 minutes, to a discussion of the CS topics so that management and staff are aware of the board’s concerns on the subject and will take action when necessary. Appropriate due care actions like frequent password changes should become routine. Some checklists are available online, suggesting questions directors might pose to raise awareness on the topic and avoid potential CS breaches.
4. Can third party payer help? – Many nonprofits deal with third party payers with sophisticated CS systems and may offer the nonprofit some advice or assistance.
5. Education and training of employers – Many CS crimes have been successful because employees have violated or forget to effectively protect their working accounts and information. Proper education and training can help reduce these types of lapses.
6. Finance & Audit Committees – Recent data indicate that only 20% of nonprofits have a CS vulnerability assessment in place and only about the same proportion have a plan  in place should a CS breach take place . *  Due care responsibilities seem to be missing among a large portion of nonprofits.

If a nonprofit, like the one described, is attacked, not only will records be compromised, but also the reputation of the agency will be destroyed, probably along with the nonprofit organization itself. SolarWinds and Target may be able to survive such an attack, but the typical nonprofit may not.

*https://communityit.com/nonprofit-cybersecurity/

Reversing Traditional Nonprofit Board Barriers

Reversing Traditional Nonprofit Board Barriers

By: Eugene Fram          Free Digital Photo

Clearly the purpose of a nonprofit board is to serve the constituency that establishes it—be it community, industry, governmental unit and the like. That said, the “how” to best deliver that service is often not so clear. An executive committee, for example, can overstep its authority by assuming powers beyond its scope of responsibility. I encountered this in one executive committee when the group developed a strategic plan in an interim period where there was no permanent ED. The board then refused to share it with the incoming executive. In another instance, an executive committee took it upon itself to appoint members of the audit committee—including outsiders who were unknown to the majority on the board.

The fuzziness of boundaries and lack of defined authority call for an active nonprofit system of checks and balances. For a variety of reasons this is difficult for nonprofits to achieve:

  • A typical nonprofit board member is often recruited from a pool of friends, relatives and colleagues, and will serve, on a median average, for four to six years.   This makes it difficult to achieve rigorous debate at meetings (why risk conflicts with board colleagues?). Directors also are not as eager to thoughtfully plan for change beyond the limits of their terms. Besides discussing day-to-day issues, the board needs to make sure that immediate gains do not hamper long-term sustainability.
  • The culture of micromanagement is frequently a remnant from the early startup years when board members may have performed operational duties. In some boards it becomes embedded in the culture and continues to pervade the governmental environment, allowing the board and executive committee to involve themselves in areas that should be delegated to management.
  • The executive team is a broad partnership of peers –board members, those appointed to the executive committee and the CEO. The executive committee is legally responsible to act for the board between meetings–the board must ratify its decisions. But unchecked, the executive committee can assume dictatorial powers whose conclusions must be rubber-stamped by the board.

Mitigating Oversight Barriers: There is often little individual board members can do to change the course when the DNA has become embedded in the organization. The tradition of micromanagement, for example, is hard to reverse, especially when the culture is continually supported by a succession of like-minded board chairs and CEOs. No single board member can move these barriers given the brevity of the board terms. But there are a few initiatives that three or four directors, working in tandem, can take to move the organization into a high-performance category.

  • Meetings: At the top of every meeting agenda there needs to be listed at least one policy or strategy topic. When the board discussion begins to wander, the chair should remind the group that they are encroaching on an area that is management’s responsibility. One board I observed wasted an hour’s time because the chair had failed to intercept the conversation in this manner. Another board agreed to change its timing of a major development event, then spent valuable meeting time suggesting formats for the new event—clearly a management responsibility to develop.
  • “New Age” Board Members: While millennial directors may be causing consternation in some legacy-bound nonprofit and business organizations, certain changes in nonprofits are noteworthy. Those board members in the 43- and- under age bracket need some targeted nurturing. I encountered a new young person who energized the board with her eagerness to try to innovative development approaches. She was subsequently appointed to the executive committee, deepening her view of the organization and primed her for board chair leadership.

Board members who understand the robust responsibilities of a 21st century board need to accept responsibilities for mentoring these new age board people, despite their addictions to electronic devices.

  • Experienced Board Members: Board members who have served on other high-performance boards have the advantage of being familiar with modern governance processes and are comfortable in supporting change. They are needed to help boards, executive committees and CEOs to move beyond the comfortable bounds of the past. They will be difficult to recruit, but they are required ingredients for successful boards.
  • NEW Projects: Boards and the CEO must be bold and try new approaches to meet client needs. For example instead of going through a complete planning process for a new program the board must ask management to complete a series of small experiments to test the program. When a series of results are positive, the nonprofit can work on a plan to implement the program.

Conclusion: Individual board members working alone will probably become frustrated in trying to contend with the three overview barriers discussed. But working with three or four colleagues, over time, on a tandem basis, they can make inroads on the barriers. Meetings can become more focused on policies/strategies, new age board members can become more quickly productive, experienced board members can become role models and new programs and other projects can be more quickly imitated via the use of small scale experiments.

Can Nonprofit Virtual Meetings Be Humanized?

 

 

Can Nonprofit Virtual Meetings Be Humanized?

By: Eugene Fram               Free Digital Image

From my observations and those of my colleagues, virtual meetings are more efficient for reporting operational items like compliance updates.  But they lack the robust human social interactions provided by face-to-face meetings. 

 Some nonprofits will continue to increase the proportion of virtual meetings post-covid, both groups, those using it now and those using it post-covid, may now be looking to reduce the human deficit incurred.

Here are some suggestions:

More But Shorter Meetings:  Instead of monthly board meetings, schedule meetings every two months.. With the social intensity in the environment, some boards are being required to meet more frequently.  In advance of the meetings, ask the CEO to send a list of announcement types items, hopefully limited to one page.  (Have it understood that the one page may not meet the requirements of her/h high school English teacher!)

Onboarding New Board Members: A friend joined a nonprofit.  As a result of all virtual board and committee meetings she feels adrift of human connection. She might even not recognize some of her new colleagues if she passed them on the street.  This problem can be alleviated to some extent by arranging for the new member to have brief individual virtual meetings with other board members and senior managers.  It’s a hopefully a quick fix to a problem.

Strategic Planning. It was evident in the pre-corvid period that strategic planning needs to have a longer focus than the traditional three to five-year plan in order to achieve organizational sustainability. There are enough evidences of post-covid changes to continue strategic planning with small committees.  This involves more frequent, but shorter, virtual meetings for the planning committee and updates to the board.

Building Trust:  Having trust among board colleagues is critical to having a fully functioning board.  Talking directly to them, listening carefully and even watching body language or  face colorings.   Some people, for example, when agitated develop a flushed face.  None of this appears when meetings are virtual!  There are several actions Board Chairs and/or CEOs can take to help members to be better acquainted, hoping to lead to trusting relationships.

·      Good & Welfare Periods:  At the beginning or end of the virtual meeting ask members to share personal or professional events—promotions, marriages, children or grandchildren, etc.

·      Outside Presentation: At a virtual meeting, arrange for a local or national authority to  briefly talk about a mission related topic

·      Invite the board members’/managements’ spouses or significant others to also be involved. 

·      Other Interests: Invite board members/management persons to discuss unusual skills they have or other groups to which they belong that promotes the public interest.

·       Board Education:  Where possible continue board education via a virtual approach.  If staff persons participate, be certain presentations are rehearsed and that time restrictions are carefully followed.

Focusing on any of these four areas  in a time-compressed nonprofit environment can be difficult. In my opinion, nonprofit boards should review them to determine if they can help alleviate the obvious deficits inherent with virtual meetings.        

Lifestyle & Behavioral Information – Some New Ways To Seek High Performance Nonprofit Board Members?

Lifestyle & Behavioral Information – Some New Ways To Seek High Performance Nonprofit Board Members?

By: Eugene Fram            Free  Digital Image

Over several years, I have conducted nonprofit board recruitment projects. Two boards with which I worked had rather similar challenges.
• They had concerns recruiting sufficient numbers of board members to fill their needs.
• Current board members, largely composed of younger people, in the 30-40-age range, had significant problems balancing work and family obligations and attending board and committee meetings.
• Attendance was sporadic. Although the boards were small, board members really did not know each other, and, in another situation, a board member sent a  work subordinate to attend board meetings. A well-regarded board member never attended meetings and only occasionally met with the ED to offer advice. In both instances EDs and board chairs had significant power. One of the EDs complained she was doing the work of operating the organization and operating the board, and this may lead to too much potential personal liability.
• Although these organizations, with budgets in the $8-$10 million range were operating successfully, the EDs involved realized that they were in line for long-term problems if board recruiting didn’t change.

What to Do
• Consider establishing two boards, a board for governance and a consulting board. For the governance board, make certain the typical directors in the 30-40 year age range have a good understanding of their work-family obligation to be able to devote time for the organization.
• For the consulting board, ask volunteers to work on projects that have a defined time limit. They will not be asked to be involved in more than one or two projects per year, an ideal inducement for millennials who are used to short bursts of activities. It may be necessary to recruit several persons with the same skills to provide coverage for several projects.
• Keep communications flowing to the consulting board like one would to the governing board. Have social and educational events that allow the groups to meet informally. If the organization has a volunteer manage the consulting  board, this person should be charged to keep the communications flowing. Members of the consulting board will only have occasional contact with the organization.
• Overlay the traditional nonprofit skills grid with several time dimensions to recruit:
1. Recently retired people, both those traditionally retired and those who retried early, who may have time to be candidates for both the governing and consulting boards.
2. Seek individual contributors who may have more control of their time, such as medical doctors, lawyers, professors and small business owners.
3. Seek successful entrepreneurs who can schedule their own time, can resonate with the organization’s mission, vision and values and who want to give back to the community.
• Beyond the time requirement, seek persons with experience on for-profit or nonprofit boards so they can share their board knowledge and become models for those having their first board experience. Their questions and behaviors can teach as much or more than formal seminars.

Summary
The traditional nonprofit board skills grid can still be helpful in the 21st century. However it needs to incorporated lifestyle and behavioral information for each board candidate. These are important candidate attributes that must be thoroughly vetted.

Nonprofit Boardroom Elephants and the ‘Nice Guy’ Syndrome: A Complex Problem?

Nonprofit Boardroom Elephants and the ‘Nice Guy’ Syndrome: A Complex Problem?

By: Eugene Fram    Free Digital Image

At coffee a friend serving on a nonprofit board reported plans to resign from the board shortly. His complaints centered on the board’s unwillingness to take critical actions necessary to help the organization grow.

In specific, the board failed to take any action to remove a board member who wasn’t attending meetings, but he refused to resign. His three-year term had another 18 months to go, and the board had a bylaws obligation to summarily remove him from the board. However, a majority of board members decided such action would hurt the board member’s feelings. They were unwittingly accepting the “nice-guy” approach in place of taking professional action. (more…)

Using A Nonprofit’s DNA In Planning?

Bob Harris, CAE, suggests a nonprofit’s DNA consists of five elements. ** Following are my thoughts on how they can be applied, if a nonprofit board wants to develop an understanding of the “real world” applications of the Harris DNA elements. This needs to take place prior to the planning efforts.

Board Structure: Nonprofit boards must effectively operate with a series of board committees. The number of committees varies widely. I have observed some with as few as three committees and others with as many as 15 committees. The latter group rationalizes the number by suggesting board member involvement leads to better understandings of missions, vision, and values. More desirable board candidates live time-compressed work and lifestyles and can’t become involved with committees that meet without defined charters or try to micromanage management decisions.

Three to about six committees seems to be optimal for a mature board in the 21st century. A startup board will require more committees to allow board members to assume operational roles. One warning! If this large committee DNA format is allowed to carry over into maturity, it can lead to a dominating board that will be difficult to change.

Strategy: “A Board must act strategically—not tactically” ** In terms of its DNA, strategy must be the “lifeblood” that helps relate all major decisions to the nonprofit’s mission.

Start-up nonprofits often focus on tactical discussions at Board meetings. Founders and board members must address tactical issues because board members have two responsibilities. They must govern and act as part or full-time staff.  But as the organization matures it becomes essential to fashion all agendas on policy/strategy issues. The responsibility for action resides with the Board Chair and CEO. The Board Chair, however, has a special obligation to proactively discourage lengthy discussions of tactical issues, frequently characterized as “weed discussions.” It should be emphasized that these are operational and management responsibilities, not Board agenda items. 

Sustainability: This factor involves several critical keystones. First is the sustainability of income sources. If, for example, the nonprofit is heavily dependent on governmental funding, to what extent is the nonprofit able to secure private and foundation sources should governmental support abruptly decline? Managers and audit committee members need to be continually alert to seeking new funding sources.

A second keystone involves succession planning. The Board has direct responsibility for CEO succession and must overview staff succession. The latter involves knowing who among staff personnel are promotable, or, with training, be able to fill managerial positions. In my opinion, most nonprofits boards don’t provide significant overview attention to staff promotions.

Relatively short board terms or tenures for most board members (4-6 years) allow the board to introduce new thinking. However, they may not motivate board members to come to grips with issues related to long-term sustainability. Board members are traditionally active for one planning cycle, assuming strategic planning takes place every three to five years. From a sustainability perceptive, this restricts discussions of DNA changes that may impact stakeholders in the seven to ten-year time frames.

Relevance: Two keystones are also important here. First clients and funders must be able to perceive that the nonprofit is fulfilling its mission with integrity and a focus on stakeholder satisfaction.

The second involves maintaining a strongly committed board. To achieve this goal, the Board Chair and CEO must take actions to make certain that each board member perceives that her/h contributions are meaningful.   These perceptions can only be determined from candid conversations with each board member. It’s the responsibility of both the Board Chair and CEO to annually assess that each board member is involved with meaningful activities.

Unlike humans, the DNA of nonprofit organizations can change with careful interpersonal adjustments. For example, assumed it is desirable to have emergency client services available 24/7 instead of the normal 40-hour working week. Then management and staff should work together to modify the DNA (fair scheduling hours, etc.,) to accommodate the change.

Performance: The approaches to assessing the value of nonprofits have recently changed. Focus has changed from assessing program outcomes to assessing program impacts. ***

Program objectives can be achieved, but they can have little impact on clients lives. For example, marriage counseling can be helpful in eliminating symptoms of problems to meet client satisfaction, but the results may lack impact because they don’t address the problems’ root causes. Data analysts are being employed by some nonprofits to model impact information that is being requested by foundations and donors. The task, however, can take a long time to implement.

Suggestion: Most well-run nonprofits review their missions, visions, and values every three to five years. A review of their DNA factors, prior to the planning cycle can enhance the process.

 

Raising the Bar for Nonprofit Board Engagement

 

Raising the Bar for Nonprofit Board Engagement

By Eugene Fram                            Free Digital Image

It’s no secret that some board members cruise through their term of board service with minimal involvement. McKinsey Company, a well-known consulting firm, has suggested five steps that can be used to counteract this passivity in for-profit boards. * With a few tweaks, McKinsey suggestions (in bold) are relevant to the nonprofit board environment where director engagement is often a challenge.

Engaging between meetings: Nonprofit boards traditionally meet monthly, bimonthly or quarterly. Unless the board is a national one, these meetings range from one to three hours, with the three hours being typical of quarterly meetings. The meeting agendas are usually packed, and they leave little time for individual directors to enhance discussions. ** In addition, a sense of anonymity develops among board members who do not know each other personally, a significant barrier to team building. I have encountered nonprofit boards where disconnect between board colleagues is simply a nod—or less– when passing each other.

Board cohesion based on interpersonal relationships has an important impact on the quality of board discussions. It allows a board member to more fully understand the perspectives and goals of his/her fellow board members or “where they’re coming from.” With this information at hand on both sides of a discussion, it increases the possibility of creating “win-win” impacts for the nonprofit.

Responsibility for promoting between-meeting engagements needs to rest with the board chair. As a staring point, the chair can sponsor a few informal Jefferson dinners. The topic should be a cause which can excite the invitees. It needs to be, a challenge to the directors. ***

Engage with strategy as it’s forming—do not just review & approve it: Traditionally most of what becomes an organization’s strategy will emanate from the management and staff. But the board must proactively help to form strategy or step in to fill gaps when the management refuses to do it.

In forming strategy the board has an obligation to make certain all viewpoints are heard. Staffs as well as management ideas need to be considered. In addition, the board may need to take direct actions when the organization fails to fulfill a mission obligation. Example. A counseling agency only offered services during normal business hours–9 am to 5pm, five days a week. Its board required management to offer services, 24/7 with an emergency line when the office was not open. The management, a creative group, found a way to do it, without increasing costs.

Cultivate talent: The nonprofit board has several responsibilities in regard to talent.   First, it must engage and then evaluate the CEO. This is a complex duty because the vast majority of the board members are not full-time employees and many have only tangential attachments to the organization’s mission field. Second, the board must overview the quality of the staff talent so that it is in line with budget constraints. Third, it must be aware of those within the staff who may be promotable to management. Finally it must be alert to succession opportunities internally and externally in the event the CEO were to leave abruptly. Succession planning for the CEO must also include considerations about the talents that will be needed beyond the current one.

Engage the field: Since nonprofit board members have full-time occupations outside the mission field, it’s important that they receive a flow of information about leading edge changes taking place outside the organization. However, CEOs sometime can operate a “mind the store” nonprofit, by looking at past successes without a visionary component. To help avoid this occurrence, specific directors might be assigned to become more deeply familiar with key projects in order to assess their progress.

Engaging on tough questions: A difficult task on a nonprofit board where politeness is an overriding value. Peers are friends and business associations and generally there are few potential penalties for “going along to get along.” In all my decades as a nonprofit board member, I have yet to see one board member ask that his/h dissenting vote be recorded in the minutes. A necessary action when he/she feels that the vote being passed by the majority may lead to harming the organization.

*http://www.mckinsey.com/business-functions/organization/our-insights/changing-the-nature-of-board-engagement

** In California, the Brown Act might prohibit such meetings. The Brown Act covered concerns over informal, undisclosed meetings held by local elected officials. City councils, county boards, and other local government bodies that were avoiding public scrutiny by holding secret “workshops and study” sessions.

***For details on the background and planning for Jefferson dinners see: http://jeffersondinner.org/jefferson-dinner/

WHAT NONPROFIT & TRUSTEE BOARD MEMBERS HAVE A RIGHT TO KNOW.

By Eugene Fram        Free Digital Image

A blog developed by an internationally known  board expert* raises some pertinent governance questions mainly targeted to for-profit boards. Following are my suggestions how these questions could apply to nonprofit and trustee boards. In addition, field examples show what happened when the questions had to be raised in crises situations.

Does bad news rise in your organization?
“You may be the last to know.” For example, the board of a human services organization knew that the professional staff was not happy with a new ED with an authoritarian management style, but the board felt it needed to give him a chance to modify his style. Board members didn’t know that the staff  professionals had been meeting with a union organizer for nine months.
A labor election resulted, with the professional staff agreeing to work under a trade union contract.

Do your CEO & CFO have integrity?
“If the CEO or CFO holds back, funnel information, manages agendas, is defensive or plays…. cards too close to the, vest, this is a warming sign.” For example, a CFO was delinquent in submitting a supplementary accounts receivable financial report. The board and CEO accepted his excuses, but the data, when submitted, had a significant negative impact on the financials. Both the CEO and CFO lost their positions.  Should the board have also accepted some responsibility for the crisis?  

Do you understand the (mission) and add value?
The board members need to seriously answer this question:
If this organization were to disappear tomorrow, who would care?

Do you know how fraud can occur in your (nonprofit)?
Common wisdom prevails that there is little for-profit or nonprofit boards can do avoid fraud. To review nonprofit boards actions that can be taken, especially for medium and small size nonprofit boards, see; Eugene Fram & Bruce Oliver (2010) “Want to Avoid Fraud? Look to your Board,” Nonprofit World, September/October, pp.18-19.

Do you compensate the right behaviors?
“You are at the helm as board members. Whatever you compensate, management will do.”
Be certain the organization is compensating for outcomes and,more importantly, today impacts. Too often compensation is given for completing processes that are not tied to client impacts

Do you get disconfirming information?
Management is only one source of information. With the agreement of management, visit privately with people below the management level. Set a Google Alert for the name of the organization to see what others on the Internet are saying about your nonprofit’s relationships.

Do you get exposures to key (operational areas) and assurance functions?
“Bring key people into the boardroom, without Power Points. See how they think on their feet. It is good for succession planning and is an excellent source of information.”

Do you get good advice and stay current?
“Bring tailored education into the board room and stay on top of emerging developments. “ This is especially important for the nonprofit directors or trustees who serves on a board that is out of their area of expertise. For example, bankers might serve on a hospital boards.

Do you meet with (stakeholders) – apart from management?
Board members need to join with management in meeting key funders occasionally to determine if their expectations are fully met and what the board might do to foster a continuing relationship. This lets funders know that the board is involved over-viewing the organization’s outcomes and impacts.

*Richard Leblanc, “The Board’s Right to Know and Red Flags To Avoid When You Don’t.” http://www.boardexpert.com/blog, September 14, 2012
Note: Bold & quoted items are from the above blog.

 

Once Again! What Are the Best Risk Levels for Your Nonprofit’s Investments in a COVID 19 environment and after it?

 

Once Again! What Are the Best Risk Levels for Your Nonprofit’s Investments in a COVID 19 environment and after it?

By Eugene Fram

Some nonprofits have significant investment accounts. The following are some guidelines to help develop investment policies during and after COVID 19. These funds may have been accrued through annual surpluses/donations or have been legally mandated to cover future expenditures through a reserve account.

  1. How does your committee define risk, and how much are you willing to take? *  Most nonprofit by-laws require a nonprofit to conservatively manage and invest its funds. This give the investment committee a wide range of policies to employ.

(more…)

The Nonprofit CEO–How Much Board-CEO Trust Is Involved?

The Nonprofit CEO–How Much Board-CEO Trust Is Involved?

By; Eugene Fram         Free Digital Image

The title, CEO for the operating head of a nonprofit, clearly signals to the public who has the final authority in all operating matters and can speak for the organization.*  .

The CEO designation calls for an unwritten trusting contact with the board based on mutual respect, drawing from the symbolism that he or she is the manager of the operating link between board and staff. It is a partnership culture. However, a solid partnership does not allow the board to vacate its fiduciary and overview obligations. The board has moral and legal obligations to “trust but verify” and to conduct a rigorous annual evaluation of outcomes and impacts CEO has generated for the organization.

While the trust the board has in its chief operating officer can’t be described in exact quantitative terms, viewing it through the lens of a set of CEO and/or Board behaviors can provide an idea that a significant level of trust is involved in the relationship.

Following are some of the behaviors that signify a trusting partnership is in place:

(more…)