Get Off My Cloud – Security Measures For NPOs

Cloud technology is becoming more and more used by NPOs, and rightfuly so. It allows an organization to function with a far smaller IT team, reducing the need to pay for both hardware and software and provides staff flexibility to work remotely in different areas of the world. If your organization is thinking of making the move, check out this article to see if you are ready. Unfortunately, the cloud suffers from the stigma that it will never be as secured than an in-house solution. However, there are certain principles of cloud security that, if taken into account and properly deployed, will render the majority of security breaches, if not impossible, then highly unlikely.

 

Limiting Human Error

Over half of all security breaches stem from human error, and are therefore the most easily avoided.  Simple things such as failing to deploy multi-stage authentication, the use of weak and easily breakable passwords, and a careless attitude towards opening email attachments can be devastating to the security of cloud-stored data.  To limit human errors, the organization should consider:

1 Training

Every NPO should ensure that every member of staff is aware of, and trained in security protocol (e.g. password setting and changing, emails opening and forwarding, protecting their workstation, etc.). After all, it’s a lot harder for someone to steal your car if you don’t leave the keys in the ignition.

 2. Need to know policy

Not everyone needs access to everything. Limit access to information to those who need it, as access should be provided based on job descriptions. Access-log should be enabled to track who accessed a particular data set. This access log can be audited periodically to flag any unauthorized access.

 

Low Cost, High Impact Measures

Aside from human error, the majority of security breaches can be avoided by implementing a series of low cost but high impact measures. NPOs should work with their provider to ensure that:

  • corrective patches are always deployed immediately,
  • anti-malware protection is installed and operational.
  • admin passwords and egress filtering are in place
  • a data lifecycle management plan is documented to purge old and obsolete data periodically and adequately

These measures are going to close off most of the common routes that hackers and phishers use to compromise the security of a system.

 

The focus on NPOs to be open, transparent and compliant with regulations, alongside the fact that competition for funding is fierce, means that the security of data is essential.  The cloud can be a wonderful tool for NPOs, helping them to be cost effective and flexible – but complacency about security could undermine, not only the benefits that the cloud brings, but the mission of the NPO itself.

How to find and keep a good mentor?

Having a mentor can help you learn about yourself, improve your skills and boost your career development. Not all employers have a formal mentorship program, and those that do, are not necessarily leveraged to their full potential. You may struggle finding the right mentor, especially if you think your manager is not interested or able to provide the guidance you are looking for. Here are a few tips on how to identify a good mentor and build the right relationships to find and work with great coaches throughout your career.

 

Finding a Mentor

The goods news is that anyone can be a good mentor. It can be your manager, a peer, someone you used to work with or even a friend or family member. Whoever you find, you will want to work with somone with some key attributes. Impact-Coaches Inc.[1], identifies 5 qualities any mentor should demonstrate:

  1. Trustworthy: Both you and your mentor must trust each other. This is key to have open and meaningful conversations. The mentor must trust that you will listen to what they have to say, and you must trust that the feedback they are providing you is in your best interest.

  2. Good listener: Sounds easy, but some people hear without really listening. A good listener will understand what you say and what you don’t say. They will try to read between the lines and confirm the essence of what you are saying to better guide you.

  3. Curious: A mentor should adopt a curious mindset. Instead of giving answers or focusing on their experience and opinions, a mentor should be asking open-ended questions to further understand your position and get you to reflect and think for yourself. Mentoring is much more a process of self-awareness than a teacher-student type of conversation.

  4. Non-judgemental: Mentors are supportive and won’t be applying their own biases to your career. What worked for them may not work for you, as you are two different people with different realities and aspirations.

  5. Focused on your goals: A good mentor won’t look too much in the past and instead will focus on the present, the future and where you want to be. They will help you identify actions and keep you accountable for your career plan.

 

It can take time to find the right mentor and coach. If you experience difficulty finding someone with all of these qualities, try identifying more than one mentor in your entourage and combine their feedback to guide your decisions and actions.

 

I found a great mentor, now what?

You must develop and maintain that mentor-mentee relationship. It is required that you play a big role in the success of this relationship. Here are a few tips to keep in mind when engaging with your mentor.

  • Be open to feedback: Your mentor’s feedback is a gift. Even if you don’t always like what is being presented or agree with it, consider the feedback that is given. After all, if you have a trusting relationship, the mentor has your best interest in mind. Take the time to process the feedback and ask open-ended questions to discuss challenges, areas for improvement and next steps. If you catch yourself justifying your actions after your mentor made a remark or being defensive, you may not be as open to feedback as you think.

  • Have a plan: Come prepared to all meetings with your mentor. Take time to reflect on your strengths and where you see room for improvement. Think of some of the challenges you are facing or options you would like to explore. You should be in control of your career plan, therefore you should identify your goals and lead the conversation with your mentor to identify a way forward. Remember, your mentor’s job is to provide feedback and guide you through your professional development, not to give you straight answers on what you should do.

  • Show commitment and accountability: Express interest through active listening and ask questions to engage and deepen the conversation. Identify and follow through on actions identified.  Your mentor will be more engaged in your professional development if you remain committed to your own cause. Remember, you are accountable for your own success, not your mentor.

Having one or more mentors through your career can accelerate the rate at which you improve your skills and meet your professional goals. These few tips will help you not only identify a good mentor, but also build and maintain a long-lasting relationship with rewards for both (or all) of you.

 

[1] Impact-Coaches Inc. is a Toronto boutique executive coaching firm. You can visit their blog to learn more tips about coaching and mentoring at http://www.impact-coaches.com/new_home

Differences between a charity and a non-profit organization

It is often thought that a non-profit organization includes charities, associations, clubs and any other organizations with a “non-profit” mandate. But charities actually have their own distinct status and definition in the eyes of the Canadian Revenue Agency (CRA).

The distinctions are not only important from a tax filing perspective, but charities have benefits and reporting requirements that are very distinct from a non-profit organization. If you are responsible for a charity, it is important to understand the requirements to maintain charitable status, and if you are responsible for a non-profit organization, knowing if your organization will qualify as a charity could impact your organization’s reach and strategy.

Without getting too technical, here are the main differences and benefits specific to a charity and a non-profit organization.

Purpose

To be eligible for the registered charity status, an organization must use their resources for a purpose falling in at least one of the following categories:

  • Relief of poverty
  • Advancement of education
  • Advancement of religion
  • Other purposes that benefit the community

Non-profit organizations are associations, clubs or societies that operate exclusively for:

  • Social welfare,
  • Civic improvement,
  • Pleasure,
  • Recreation, or
  • Any other purpose except profit

Unless the organization is a club, society or association that promotes amateur athletics in Canada, non-profit organizations cannot use income for the personal benefit of any member or shareholder, like a business can. In other words, unless your organization is training our current and future Canadian athletes, it cannot use its funds for personal benefit.

In the eyes of CRA, an organization cannot be a registered charity and a non-profit organization. These two types of organizations may be related but cannot be one entity.

Registration

An organization must register federally with the CRA to obtain the charity status, while a non-profit organization does not have to register federally.

Many non-profit organizations decide to incorporate because it is either mandatory in their province, required to receive grants, and/or to legally protect the people running the organization. Important Note: A corporation has an unlimited life expectancy, which means it can outlive its founders and continue to pursue its mission indefinitely.

Donation receipts

Only a registered charity can issue tax receipts for donations or membership fees. Donation receipts are a benefit to both the charity and the donors. Donors can afford to give more because they are eligible for a tax credit, while charities can receive larger contributions. This is probably the main reason an eligible organization would want to register as a charity. There are strict rules around issuing receipts, and failing to meet these rules could result in an organization losing its charitable status.

Tax filing and returns

Both charities and non-profit organizations are exempt from paying taxes. The Charity has a specific annual return to submit (Form T3010), while the non-profit may have no returns to file unless it is incorporated. In case of incorporation, a non-profit organization files a corporation tax return (T2) identifying the organization as tax exempt.

GST/HST

Charities must use a special net tax calculation method. They essentially only remit a portion of the GST/HST they collected on the sale of their activities, and cannot claim input tax credits (ITCs) (with some exceptions). That being said, charities are allowed to exempt many of their services and products from GST/HST. This explains why we rarely pay tax on products or services provided by a charity.

Non-profit organizations generally must charge GST/HST on the sale of their activities (again, there are some exceptions). They use a different net tax calculation method, enabling them to only remit a small percentage of taxes collected. The rate varies depending on the type of non-profit organization, whether the sales were made in a participating HST province or non-participating province and where the organization is located.

Operations

Charities can only devote its resources to charitable purposes and activities. They can generally use up to 10% of their resources for political and social activities, and are limited in the type of acceptable political activities. Charities are also limited in the amount of resources spent on fundraising activities, and must ensure the majority of financial and non-financial resources are dedicated to charitable activities. Failing to meet these requirements can put an organization’s charitable status at risk.

Non-profit organizations have more flexibility with the activities they conduct, and can essentially operate as a business, as long as they still meet the purpose requirement of a non-profit.

We often use the words “charity” and “non-profit” interchangeably but, as you can now see, these are two completely different organizations with completely different operating and reporting requirements. Obtaining charity status takes between 6 to 18 months, and it can be challenging to maintain the status without the proper expertise. Accordingly, some organizations decide to create two separate and distinct entities, one charity and one non-profit. The charity focuses on charitable activities, while the non-profit is free to conduct advocacy, fundraising and other activities to support the charity and the overall mission.

 

 

 

Sources:

T2 Corporation – Income Tax Guide 2016: http://www.cra-arc.gc.ca/E/pub/tg/t4012/t4012-16e.pdf

What is the difference between a registered charity and a non-profit organization? http://www.cra-arc.gc.ca/chrts-gvng/dnrs/rgltn/dffrnc-rc-np-eng.html

GST/HST Information for Non-Profit Organizations: http://www.cra-arc.gc.ca/E/pub/gp/rc4081/rc4081-e.html#xmptfnpr

Guide to Charity GST/HST return: http://www.cra-arc.gc.ca/E/pub/gi/gi-066/gi-066-e.html

Engaging in allowable activities for charities: http://www.cra-arc.gc.ca/chrts-gvng/chrts/chcklsts/ctvts-eng.html

How to Gain from Risk Through Action

Risk is inherent and it is everywhere. It affects the running of day-to-day activities just as much as it is involved in the monitoring the day-to-day activities. It governs how a COO makes decisions about operating policy or whether a janitor tries his luck with a vending machine sandwich. If you talk to a member of any board these days, you will find that risk has a very negative connotation. The traditional risk management approach has also been exclusively negative. But what if the traditional approach is fundamentally wrong? Furthermore, what if this negative approach clouds Management’s strategy to adopt an avoidance tactic?

 

Defining Risk

Traditionally, risk has been defined as;

  • The effect of uncertainty on objectives. (ISO 310000)
  • The possibility that an event will occur and adversely affect the achievement of objectives. (COSO ERM 2004)

Or in short; risk=bad.

However, as a new student within the field of risk, I have been blessed with some phenomenal professors. In fact, on the first class of my most difficult course, a wise man began with a very traditional and very boring definition of risk and immediately followed up with a very bold proclamation; the traditional approach was fundamentally wrong.

In truth, a first class where the professor contradicts the traditional approach had a very Dead Poets Society feel to it but I digress, it was intriguing. At the end of the day though, he was right; defining loss solely in terms of loss is neither fair nor complete. Risk is both the possibility of realizing a loss outcome AND the opportunity of realizing a gain. Risk and gain are inseparable.

Based on the traditional approach towards risk the most common tactic has been the idea of risk avoidance; that is to not undertake an action that is risky. It is a simple idea and in truth, it can cut losses completely. However, if you are avoiding the risk you have no chance of gaining. Avoiding a risk also exposes you to its impacts if the risk ever materializes. So, what is the cost of doing nothing? It is here that two cautionary tales come to mind.

 

The Red Cross; A Tale of Inaction

The first is the sad case of the Red Cross in Canada. Back in 1997, the Krever Report was unveiled which showed that by not creating new policy relating to screening and testing, operations had been incredibly negligent. The commission found that in the early days of the AIDS epidemic, the Red Cross had failed to improve their lax screening policies for fear of simply not having enough blood. The report further found that due to delays in purchasing new products that were safer for hemophiliacs, that the Red Cross used their contaminated supplies of blood instead of disposing of it normally as they rightly should have.

Perhaps the most glaring concern from the report was a finding that the board made the decision to not implement a test for hepatitis C that was available at the time which could have stopped roughly 90% of hepatitis C cases in donations. The decision, of course, was based on financial considerations; they decided the cost of the test would not have exceeded the harm caused by exposing the population to potentially diseased blood to those that really needed it. Following this, when it did finally become widely known that the Red Cross’s decisions were directly responsible for the outbreak, the report (and subsequent lawsuits of course) noted that there was an incredible lack of interests on the part of the Red Cross in tracking down those that had become infected to prevent them from passing on the virus.

The end result of all this negligence brought 32 criminal charges and damages in the billions of dollars, but that was not the end of it. The Red Cross, though it had operated as Canada’s blood donor operations in Canada for more than 50 years lost that privilege as well as a comfortable relationship with the federal government. This is also to say nothing of the tremendous reputational losses that the Red Cross still bears.

In short, the cost of inaction was catastrophic and resulted in a new entity, Canadian Blood Services, to completely take over the market of blood donations.

 

Maple Leaf Foods; A Tale of Action

A more proactive company that we could look at would be the Maple Leaf listeriosis outbreak of 2008. In short, their Toronto plant issued some contaminated cold cuts which resulted in 57 confirmed cases of listeriosis and cost the lives of 22 people. Obviously, what followed was a recall of their products through their distributors and national coverage letting the public know of the possibility of contamination. Within days, Maple Leaf also halted the distribution of all products from the Toronto plant that might also be contaminated and a thorough decontamination of their plant. Their employees also received mandatory training on Listeriosis and new cleanliness policies to prevent further disasters.

At this point, something utterly remarkable happened; Maple Leaf Foods ignored their counsel and apologized. Mr. McCain, the president of Maple Leaf at the time, made a public apology on both Youtube and TV and perhaps most astonishingly, he made it himself. In the apology, he (in essence his company) took responsibility for his actions unequivocally and did not try to shift blame. He admitted that he ignored both his legal counsel and accountants in making this apology, and instead showed that he cared more about the consumer than about his profits; in essence, he showed some integrity and corporate moral responsibility. Even further, a year later on the anniversary of the incident they took out a full page in several Canadian Newspapers in provinces where cases were found once again acknowledging their responsibility and showing commitment to never allowing such tragedy to occur again.

The end result was that despite the lawsuits, Maple Leaf Foods is still in business and that doing something insane like showing some corporate social responsibility actually saved their company after a crisis. In fact, it was even noted that by doing so, coverage of the company and the lawsuits was shown in a more positive frame towards the company by the media. In the corporate world, the crisis management of Maple Leafs is considered the gold standard. Who would have guess the difference a simple apology made when it came from a President of a major corporation. But what is clear is that Maple Leaf Foods saw the risk for what it was; the opportunity to gain (in this case, the opportunity to gain back its reputation and the ability to stay in business).

 

Final Thoughts

In summation, the difference in the experiences between these two companies is staggering. The Red Cross took the risk of doing nothing and lost everything. Doing nothing is a risk, especially if you only focus on the possibility of losing something. Maple Leaf Foods took the risk in ignoring their counsel and are lauded for what they did. Mr. McCain saw the opportunity to take accountability and stopped the bleeding of his company and today they are flourishing. Coincidently, thanks to the magic of the internet, that apology is still searchable and I highly recommend watching it as an example of what to do to keep your board intact.

Remember folks, you have to risk it to get the biscuit! Fortune favors the bold!

A 5 Minute Tutorial on How to Read Financial Statements

For most people I know, reading financial statements sounds daunting and complex. Then I found this quote: “If you can read a nutrition label or a baseball box score, you can learn to read basic financial statements”. I completely agree with it! You don’t need to be an accountant to read financial statements, the same way you don’t need to know how to make a car to drive one. This article focuses on key elements you should know when you look at an organization’s financial statements and what they mean. You may even have fun reading!

In case you are just getting started, you should know the following about financial statements:

  • Financial statements provide you with a snap shot at a specific point in time of the financial health of an organization. That is why it is so important for financial statements to have a date.

  • The balance sheet shows the value of assets, liabilities and equity accounts as of the statement’s date. Total value of assets will always equal the sum of all liabilities + equity. These accounts balance each other out…hence the clever name “balance sheet”.

  • The income statement, lists all revenues and expenses to calculate the profit (or deficit) for the year. By the way, accountants like to put negative numbers in (brackets).

  • The statement of cash flows shows the inflow and outflow of cash for the period. You usually don’t want to see a bracket around the number at the bottom of the list.

Income Statement and Cash Flow Golden Rule

Generally, an organization is doing well if the income statement and cash flow balances are positive. It means that the organization is making more revenue than it is spending, and that it has cash in its bank account to operate. For not-for-profit organizations, the income statement may have a $0 balance. This is positive news, as it means that the organization spent exactly the amount received to deliver its programs and operations. No profit was made on contributions/revenue generated which the title not-for-profit implies.

Too easy? Ok, the real fun begins with the balance sheet. Here are key points you should look for:

 

Liabilities > Assets = Generally Bad

Assets are resources controlled by the organization that can or will be converted to cash (e.g. a building, bank account(s), accounts receivable). Liabilities are obligations that the organization owe to others (e.g. accounts payable, loans and debts). So, if liabilities (amounts owned) are higher than assets (value of possessions), then the organization does not have enough resources to cover its obligations. That’s potentially bad news! There are some exceptions to this such as deferred revenue or contributions but we will ignore those for now.

 

Negative Equity or Net Assets = the organization is experiencing repeated deficits

Equity is essentially the balancing account between assets and liabilities. It is composed of shareholder’s equity and retained earnings (aka accumulated profit and loss from the current and past years). Typically, a negative equity balance would be attributed to a series of deficits resulting in negative retained earnings balance.

In the non-profit world, there is often no equity account, as there are no owners or shareholders. The replacement will often be called “Net Assets”, which is the accumulated net surplus or deficit for the year. Similarly to the retained earnings, a negative net asset balance indicates that the organization recognized a series of deficits for the year and incurred more expenses then it generated revenues. There can be more lines in the Net Asset balance including endowment, restricted assets, unrestricted assets etc. but the total balance is the most important number here.

 

Large Accounts Receivable = Not terrible, but not ideal

Accounts receivable is the value others (e.g. members, donors) owe to the organization. Therefore it represents the promise of money to be received. Whether the balance is large or small is not as relevant as the aging of receivable amounts. If amounts have been owed for under a month, there is still a good chance of seeing your bank account balance increasing in the near future. However, if receivables are over 90 days old, it may be a sign that the payee(s) cannot or will not provide the funds to cover the amount they owe you.

An aged accounts receivable balance also poses a cash flow risk, as the organization is incurring expenses and may need to use its line of credit if funds are not received in a timely manner.

To help determine if the aging accounts receivable balance is an issue, look at the cash balance. If it is low, the organization may be facing cash flow issues.

 

Accounts Payable > Cash = Can’t pay short term debt

Accounts payable are short term debts, such as invoices due to suppliers or other organizations. Generally these amounts are paid within 30 days if the organization wants to avoid late payment penalties. Again, check the cash balance to ensure there is sufficient cash on hand to cover the accounts payable balance.

If you see an accounts payable balance that is higher than the bank account balance, then the organization may be experiencing cash flow issues and will need to either use credit to pay bills or wait for some of the accounts receivable to come in so that there is enough cash to pay. Either way, this may result in interest or penalty fees, which is no fun (except if you’re a bank!).

 

Value of Capital Assets vs. Value of Accumulated Depreciation

As mentioned earlier, assets are resources controlled by the organization that have value and theoretically can be converted into cash. Some of these assets are capital in nature and, over time, as the capital assets are used, they lose their value and the organization “depreciates” or “amortizes” them on their books (note: amortization is just another word for depreciation – although don’t tell that to your accountant or economist – they may blow a fuse!). The depreciated amounts are recorded and added in the Accumulated Depreciation account on the asset side of the balance sheet. The net capital asset value is calculated by subtracting the accumulated depreciation balance from the capital asset balance. Don’t worry, they do the math for you!

Capital Asset Value – Accumulated Depreciation = Net Capital Asset Value

What does that mean and why is this important? Well you may want to consider upgrading or replacing your capital assets if your Net Capital Asset Value is getting too low. This is more important in some organizations (manufacturing) than it is in others (service).

 

There are a few other ratios and analysis you can do while reading financial statements such as the current and quick ratios but I will save those for another time. The elements described here provide enough information to help you quickly assess the financial health of any organization in just a few minutes. There you go! Reading financial statements has become quick and easy, just like reading the nutrition information on a cereal box!

What the Book of Mormon Musical can teach you about a dysfunctional team

A couple of friends convinced me to go see the Book of Mormon Musical with them last week. I was told the story was about Kevin and Arnold, 2 Mormons who are tasked to convert a village in Uganda to Mormonism. They assured me that it was hilarious and a “one of a kind” musical. Well, I’m no expert, but I think it’s safe to say that this musical is not your average story (tripadvisor.ca warns “crazy show, not for kids”). I couldn’t help but think about what it taught me about team work. The main characters have all the characteristics found in a dysfunctional team. Here they are (warning: spoiler alert! Do not read on if you want to see the musical):

1.The other missionaries don’t pull their weight

Upon their arrival in Uganda, Kevin and Arnold are led to their living quarters where they meet their fellow missionaries stationed in the area. None of them were able to convert anyone to Mormonism. So what did they do? Nothing. Instead of working together to find a solution, they sat in their quarters and prayed that something would change.

I call this type of teammate “the surfer”. This person is just there, floating around waiting for the wave to come. They contribute the minimum thinking that things are out of their control or that others will pick-up the slack. When the rest of the team is pulling through, they show their support, contributing as little as possible and get as much credit as everyone else. That is when they jump up on their board and surf the wave to success! At least until they are asked to do something on their own…

2. Kevin is self-centered and focused on personal goals

Kevin, the most handsome and self-confident of the bunch, is very self-centered and only cares about what is in it for him. He thinks he is destined to do something incredible, but in reality, he only cares about what he can gain (to eventually have his own planet). Kevin is dismissive of others’ contributions as everything must be done his way, which may not be the best way for the team, but it is for him.

Having personal goals is a good thing. That is why self-motivated people go on accomplishing wonderful things. However, personal goals should not come at the cost of the team. Self-centered team members who use others to drive their own agenda will eventually lead to the failure of the team.

3. Kevin is pessimistic and negative

At one point, Kevin realizes that converting the villagers is not going to be an easy task. He becomes gloomy, convinced that it can’t be done and wants to abandon his mission.

This type of person sucks-up the energy within a team. Their pessimistic focus on the problem is usually accompanied by cynical comments when someone suggests a solution. They are extremely resistant to change and are hard to reason with. Occasionally these people even claim to be playing the devil’s advocate, instead of providing a different perspective to help the team progress toward their goals.

4. Arnold lies and tells others what they want to hear

Arnold, an insecure and compulsive liar, is trying his best to become

Kevin’s best friend. He consistently lies in an attempt to make others like him and to help get out of embarrassing situations. Not only does he lie to his teammates, but he also makes up stories to convert the villagers to Mormonism. He is aware that his method is wrong but convinces himself that the outcome is good and that he’s helping people! But truth always has a way to surface, Arnold’s lies are exposed and he loses the trust of everyone around him.

This type of teammate can really hurt a team. The team generally does not trust this person, and spends a lot of time in damage control mode, which is stressful, unproductive and exhausting. In a world where reputation always plays an important impact on stakeholder and client relations, it is critical to work with trustworthy people.

5. Kevin blames others and finds excuses

At one point in the musical, when Arnold is successfully converting the villagers, Kevin starts blaming everything and everyone to avoid facing his own failure. He blames his parents, his friends, the Church and life in general. He then drowns his sorrow in coffee.

There are so many reasons why a team member can choose to play the blame game. Some can be legitimate, but often they either have no idea of what they are doing, or they are doing nothing at all. The blamers then proceed to find a number of good reasons to justify their poor performance.

Kevin and Arnold were tasked with an impossible objective (refer to our blog on minding the gap to tackle this issue) and the team members were showing all the characteristics of a dysfunctional team.

Did the team overcome these dysfunctions to successfully convert the entire community to Mormonism? You’ll have to watch the musical to find out for sure. But if you have to work with colleagues showing these characteristics, you’re in for a challenge. I’m not saying it’s impossible, but if you have too many of these dysfunctions you’ll have to be an outstanding leader to get the team focused on the end goal. You may even start praying for a miracle…

Moving to the cloud – when should an organization start thinking about making the shift?

Procope is a new organization. While we have over 20 years of combined experience, our venture has only been in operation for a little under 8 months. Because we are new, Michelle and I are spending an inordinate amount of time working on our business plan, setting up new laptops, purchasing new technology, creating policies, recruiting staff and, oh yeah, generating business. We are literally in an ocean of options when it comes to running our business.

Of course, when we business comes in the door, we have contracts to draft, processes to develop, projects to manage and clients to serve. Of course, all of this requires that we be organized and have information readily available to us. Because we do nearly 100% of our business remotely and/or on site with our clients, we also need a cost-effective, and versatile solution for our technology. But most of all the solutions we choose have to be secure. We cannot afford to have client information hacked, lost or stolen. Just as our organization is new and evolving, so is the Cloud (although not nearly as new as Procope is!) and many of our clients are facing the same challenges we are.

Let’s start with the good news: There’s an app for that!

The world is moving to the cloud. Cable TV is fast becoming a thing of the past, physical storage devices such as CD’s and DVD’s and even flash drives are quickly disappearing (HMV just closed shop) and it seems that everyone is beginning to stream their entertainment. Goodbye satellite TV, hello Neflix, Hulu, Acorn, Amazon Prime, Shomi, Crave, and so many more…!!

Business service providers are quickly following the trend. All of the major players are offering cloud business solutions including Microsoft, Oracle, Google, HP, Dell, IBM, Apple (what? Apple isn’t a major business player! Is it? – Surprise! They are indeed!). These market leaders are all offering IaaS (Infrastructure as a service) and SaaS (Software as a Service).

Today you can purchase applications that handle your specific needs:

  • accounting and billing,
  • enterprise resource planning (ERP),
  • human resource information systems (HRIS),
  • client relationship management (CRM),
  • contract management (CMS),
  • Project Management (PM) and more.

There is also an evolving industry for integration of these systems which allow you to pull data from all of your systems so that you can report on them. Dell BOOMI, MS BizTalk Server and Jitterbit are just a few examples.

This is all so confusing – and scary isn’t it?

Here are some questions our clients have had that we would like to share with you:

How secure is the cloud? Wouldn’t it be better if I had my data on a local server?

The good news is that the major market leaders have clearly bought in. Because of this, security in the past 2-3 years has increased tremendously and with the leaders in the industry offering top end security your cloud security can be as strong, if not stronger, than what you may have already added to your local servers. The benefit here is no more on site infrastructure required. Servers can be dedicated and you can ensure that your data stays in Canada and not be shared with other companies. All of this comes for a premium of course.

How do I move my information to the cloud? How much data do I move?

This depends on how much data you have, how your current software agreement is structured and how often you plan to go back in time and use your past data. This can be the Achilles heel of a systems transformation. Preferably you would bring in 12-18 months of past data so that you can easily access and assess your past performance. Anything older than that can be accessed using your old (legacy) system. In general, the less data you bring in, the lower your cost to transition to your new system. The key here is planning. Expect your transition to take a minimum of 3 months and, depending on how well your current processes and systems are, you may need to plan for 9 months or more.

What do I need to purchase and how does it all fit together? How Do I transition?

A good question and one that every organization should put some serious thought into before making a selection. There are some powerful applications out there and some that claim to be powerful but are not. A good place to start is by looking at what your current system provides, assessing your requirements, ranking them in terms of importance for your organization and then planning for what you need. A common time to consider when to move to a cloud-based system is when your local servers are nearing the end of their life.

The world is moving to the cloud. In my opinion this will happen so every organization will need to address this at some point. When you step into the world of Saas and IaaS be careful! There are a lot of things to consider. If you don’t have the in-house capability to plan this correctly, bring in a knowledgeable consultant and develop a staged implementation plan. Do not try to change everything in at once! Start with one system, get it running properly and move to the next. Trying to change your ERP, CRM, PM and CMS all at once will fail. Be smart, plan properly and then commit. In the end, your business will depend on it!

Protecting against fraud in the not-for-profit sector – financial controls can help!

It’s quite the challenge to write an exciting blog article on financial controls. But what if I told you that 5-7% [1] of gross annual revenue in all Non-profits were lost to fraud. With a Canadian charity sector evaluated at $250 Billion revenue [2], that is an annual loss of $12M to 18M. What if I also told you that if the organization cannot pay its debt, the members of the Board of Directors can be held personally responsible for paying off these debts (especially the CRA, they will track you down!). Now that I have your attention, let’s see what key controls and financial policies can do to limit your risk exposure.

Key controls

1. Segregation of duties

This is a key internal control to any organization, and consists of separating 3 functions among separate people:

  1. Managing, using and handling goods and services (custody of assets)
  2. Authorizing the use or purchase of goods and services
  3. Tracking and reporting on goods and services (recordkeeping)

While having multiple people involved in these functions may sound bureaucratic, especially for a small organization, it is critical for two reasons:

  • Prevents fraud and errors by providing oversight, and
  • Almost certainly requires that those involved must collude in order to hide a transaction.

So, unless you have a group of people plotting against your organization to commit fraud, segregation of duties is an easy and simple way to make sure everyone is doing their work ethically and without error.

How do I practically apply this?

  • Any person who wants to buy something (product or service) should not be authorizing the purchase
  • The person receiving the product or service should not be authorizing payment
  • The person authorizing payment should not be making the payment
  • The person managing an asset should not be recording its value on the organization’s books

By splitting these responsibilities, the organization is reducing the possibility of people buying things the organization does not need, paying for something that was not received, making payments as they please and misappropriating or misusing assets.

2. No spending without an approved budget

This simple rule can be applied to anyone running an organization. (As a bonus, it can also apply to going on a shopping spree!) Expenditures should be budgeted and approved before they are incurred (not after!). When you are approving an expenditure, here are few questions you should ask yourself:

  1. Was the expenditure planned in the budget? (If you don’t have a budget, you should probably look into making one)
  2. Can the organization afford the expenditure? (aka. is there cash available or will you have to borrow?)
  3. Is the expenditure aligned with the organization’s priorities (does it fit with what the organization wants to accomplish, or would it just be nice/fun to have?)
  4. Is the expenditure supported by a quote or contract clearly describing the services or goods to be purchased? (Do you actually know what you’re about to purchase, or is it a vague description of something possibly useful?)

If you answered yes to all questions, then it’s probably safe to approve the expenditure. If you answered no to any or a combination of the questions, you are exposing the organization to risk and may want to ponder whether the organization really needs to buy this or if you need to gather more information.

3. All payments should be approved

This may sound obvious (especially if you work for the federal government), but having a good payment approval control in place helps prevent errors and fraud from directly impacting your cash. And it’s so easy to do. Here are the key steps for payment approval:

  1. Verify that goods and services have be delivered as per the contract terms and conditions
  2. Verify that rates and dates match the contract terms and conditions
  3. Verify that the payment matches the invoice’s amount and vendor

If one of these verifications does not pass, the payment should not be approved and corrections should be made accordingly.

4. No electronic access to bank accounts

As a rule of thumb, no one should be able to make online transactions from the bank account, except for your banker. Certain people can have read-only access to the bank account, such as the Treasurer, Executive Director or bookkeeper, but all transactions should be controlled through cheques, credit card, wire transfers and electronic fund transfers. All of these payment types require some type of approval, signature or traceable transaction involving more than one person.

Key Policies

In addition to these four key controls, all organizations should have documented financial policies. Policies are used to outline and communicate standards and clarify roles and responsibilities around how the organization’s financial resources are to be managed. The details in the policies should be adapted to the size of the organization but every organization should, at a minimum, include the following three policies:

1. Cash management and petty cash

The cash management and petty cash policy should outline who has access to cash, the purposes for which it can be used, and clear minimum and maximum limits. It should also outline the process for taking cash out and depositing cash. Some expenditures are just too small to cut a cheque (e.g. coffee run for a meeting, office supplies, etc.) or cash may be collected at events and stored at the office before being deposited at the bank. This is why many organizations keep petty cash. Physical access to petty cash should be restricted and a clear audit trail should be documented to enable transaction and balance reconciliations. No receipt? No cash!

2. Travel and expense report

Travel and expense reports are among the top sources of fraud within an organization. That is why a clear travel and expense policy should be established. This policy should outline what expenditures are reimbursed by the organization, who can incur and approve expenses and what supporting documentation is required. A reasonable timeline for submitting travel and expense reports and any pre-determined rates, such as mileage and per-diems should be included.

3. Spending and signing authority

Asking the Executive or the Board to approve every expense may become cumbersome. That is why an organization may wish to consider identifying delegated individuals to approve expenditures. Delegated authority should be documented so that it is clear who has authority to approve expenditures and who has signing authority (contracts and payments). Approval and signing authority thresholds should be established and the number of signatures required for payment (ideally 2 – and whatever you do, DON’T pre-sign cheques). Finally, it should be clear what verification is required when approving an expenditure, contract or a payment.

By adding the financial internal controls the policies described above, your organization will be laying down a solid base for a strong financial control framework. This will not only help your organization avoid fraud and loss, but will also improve accountability and preserve your reputation. In the competitive not-for-profit environment where reputation can influence donors, sponsors and grants, the financial and reputational benefits for implementing financial internal controls is certainly worth the effort!

 

References

[1] *Chen, Qiu, Steven Salterio, and Pamela Murphy. “Fraud in Canadian Non-profit Organizations as seen through the eyes of Canadian Newspapers 1998-2008.” Philanthropist 05 May 2009: Print.

[2] *Blumberg, Mark . “Blumbergs’ Snapshot of the Canadian Charity Sector 2014.” Canadian Charity Law. Blumbergs, 14 Apr. 2016. Web. 12 Mar. 2017.

Taking the “micro” out of the manager

There is absolutely nothing pleasant about having or being a micro-manager. As an employee, your work is constantly being questioned, torn into pieces and re-done. You get the feeling that you’re no good, that your work is not appreciated and you will never meet your manager’s expectations.

As the micro-manager, you are working crazy hours redoing your staff’s work or criticizing what they do, you are frustrated by the number of mistakes you keep finding, you lose trust in your team and you end-up stressed and burned-out.

So how can someone take the micro out of the manager?

The origin of the micro-manager

To better understand how to stop the micro-manager, one must first understand how the micro-manager is born. Like everyone else, the future-to-be micro-manager started as a junior on the job. He/she worked their way up in the organization and became really good at their job. They were trained, they had the opportunity to make mistakes and learn from them, and they knew everything there was to know about their work. They were so good, that they were promoted to a manager position to lead other staff to do more good work.

With their new promotion they have to move to a leadership role and manage staff who sometimes make mistakes as they are learning their job. The new manager feels the urge to perform for the team and falls into the trap of repeated criticism and fixing the mistakes themselves because “It’s just faster/easier if I do it myself”.

There you have it, the micro-manager is born.

The vicious cycle

Why is it so hard to stop being a micro-manager? Well often the manager and the team are stuck in a vicious cycle. First, the manager controls the team and business processes so tightly that no one else can make decisions. This means that the team cannot work without the manager being heavily involved.

The team loses its capacity to think for itself and requires the manager to be heavily involved. The more involved the manager is, the more the team needs the manager to push things forward. And round and round we go.

How to break the cycle

There are 4 common mistakes that contribute to the vicious cycle. Luckily there are some simple ways to correct them whether as the manager or the employee.

1. Be flexible in your process

The micro-manager often insists that work should be done their way (the only acceptable way!). While the manager’s way may be right, there is usually more than one way to do things.

The Manager: understand the process your staff is proposing before dismissing it. If you see weaknesses in their approach, challenge them by asking how they would handle the issues you foresee.  If it works, leave it alone, maybe you will learn something!

The Employee: If your manager tells you your way is wrong, ask why. Dig in to understand what they see that you don’t. If you still believe your way is best, explain the benefits as you see them and demonstrate how their way provides the same results that yours does.

2. Teach, don’t do

The micro-manager often thinks it’s more time efficient to fix mistakes themselves instead of asking their staff to fix their work. This is a short-term fix and will lead to significant inefficiencies in the long term.

Think of this; one staff spends 1 day to work on a document, the manager takes an hour to review the document and finds a bunch of mistakes. The manager then takes half a day to re-do the work and sends it off. Next time a similar document needs to be prepared, the staff will still take 1 day to prepare it, since they’re not sure what they did wrong last time, the manager will review it and still take half a day to re-do the work to fix the same mistakes. And on and on it goes, resulting in a 50% inefficiency that will never resolve itself.

The Manager: If you teach instead of doing, your staff will learn how to prepare quality work and you will only review and provide feedback. In a perfect situation the staff may eventually be able to prepare the work in half a day, and it will be free of significant mistakes, providing you with more time to lead instead of doing and thus creating a potential 50% future efficiency. Time well spent!

The Employee: Ask for feedback when you see that your work was completely changed. If your manager does not find the time to give you feedback, book time in their schedule. Micro-managers are often detail oriented, therefore ask specific questions to get the session going. Don’t fear feedback, it can only help you improve and learn. Remember, we all make mistakes, even your manager.

3. Check-back often, don’t wait until it’s too late

The micro-manager may feel that there is no time to provide feedback, as the deadline is closing, he or she is busy correcting other work, and it’ll just be faster to re-do the work if it is wrong. The mistake here is waiting too long before checking to see how things are progressing early and continuously throughout the task.

The Manager: Take the time to check in on how your staff are doing with their task, do partial reviews and provide feedback often. By the end, you should only be tweaking the work of your team. Make your feedback constructive, provide well-reasoned opinions, include positive and negative comments and focus on improving the outcome.

The Employee: If your manager doesn’t check-in, do it for them. Let them know where you’re at and seek guidance when you need it. Involving them along the way will ensure you’re both on the same page and limits the chance of unwanted surprises late in the game.

4. Build trust

After seeing his or her team depend on them so much, the micro-manager loses trust that the team can learn from their mistakes and do the right thing. Trust is arguably the hardest to fix and very difficult to rebuild. The key is to identify the source of potential mistrust and address it early. This one lies squarely with the manager.

The Manager: Ask yourself why you do not trust certain individuals and keep asking yourself why until you don’t have any remaining questions. For example;

Q: Why do I not trust Bob in my team?

A: He never gives me a full product on time

Q: Why is that?

And continue until you can no longer answer your own questions. This will require some investigation, and most likely demand a meeting with the individual to really understand what’s going on. Continuing the questions:

Q: Bob, I see you are struggling with submitting your deliverables on time. Can you help me understand?

A: He works on multiple projects at a time and struggles to manage his time

Q: Why is that?

A: Because he does not plan his projects

Q: Why is that?

A: He thinks it’s a waste of time to plan.

BINGO, you’ve got your root cause. Now you can work with Bob to explain why planning is important, demonstrate the impact it has on the team and the organization, and discuss how you can work together to help Bob better plan his projects.

Once the micromanager has broken the cycle and built ownership and capability through mutual trust and respect, he/she will have joined the ranks of a true manager. The team will thrive and efficiency will simply become a by-product of a healthy learning environment. Don’t be surprised to see people asking to join his or her team!

Minding the Gap – Why so many organizations fail to meet their objectives

So many organizations we have worked with fail to meet their long-term objectives. They have a 3-5 year plan that they have put time and energy into and then they put it aside. Even if they refer to their plan at each board meeting and have it posted on their website or internal site they just can’t seem to make substantial progress. Time moves on quickly and pretty soon the 3-5 year plan is 5-7 years old or more and the organization decides to revisit their plan only to find that very little progress has been made. How can this be?

There are numerous reasons we can explore but for a healthy organization, one of the greatest errors lies in ‘minding the gap’. Too often, there are more demands (strategic objectives) for the organization than there are resources available to meet the day-to-day demands let alone move the organization forward (operational objectives).

The senior management team and Board are left wondering why the objectives of the organization are not moving forward and the answer lies squarely between aligning and prioritizing the operational activities and objectives with the strategic objectives. This is what we refer to as the expectations gap.

Ok great that’s a lot of objectives and gap talk. But what creates this and how do I fix it??

The primary drivers of the expectations gap are the missing “A&R” in SMART objectives and a lack of clarity between what the organization does and where it is trying to go. Although the strategic objectives are clearly Achievable and Realistic in the minds of those doing the planning, they have often not engaged the organization in an effective bottom-up assessment of the abilities and resources available to execute against these objectives and/or they believe they understand their organization well enough to dictate what will happen once the direction has been set.

Sadly, both are critical mistakes.

On the operations side, the senior management team is left to its own devices to organize their work, set their priorities and move the organization forward. Unfortunately, there is little time in the day to organize and execute against the strategic objectives so they get put aside for another day. Which of course never comes.

Sometimes there are attempts to support strategic objectives by creating some accountability in staff performance reviews. These often fail to materialize because they are perceived as ‘extra’ and out of scope of what they have been hired to do and therefore discounted as part of their annual performance assessment. The result is a team focused on getting their day-to-day job done and putting out fires.

The fix is going to require some effort – A magic bullet doesn’t exist.

The way to properly mind the gap is to drive your planning from the strategic level down through your organization and assess your operational capabilities and people before you ask your staff to get started.

  • First, identify what you do and do not have available to you and complete a gap analysis to identify what resources you will require and make that part of your plan.

  • If you find you don’t have the people, expertise, time, equipment, or other critical resources available to you, then be careful to avoid assponsibility and revisit your objectives.

  • You may find that your objectives are not be as achievable or realistic as the Board and management team first thought. Be prepared that there will be tough decisions to be made and some of your objectives may have a longer timeline than you were aiming for.

  • The operational side of the fix will require you to work with your staff to provide them with the processes and tools to prioritize their day-to-day obligations and regularly report and monitor their progress.

  • Build in training where it is required, hire consultants to bring in expertise if a short-term requirement exists.

  • Hire new people if necessary and purchase the tools for success.

  • Then have your team leaders report on progress both internally and to the board on a regular basis. This will help align your people and clarify where you need them to go. There must be a clear connection between what staff are being asked to do and where the organization is headed.

Then never give up, empower and reward your staff, and watch your organization flourish!