Innovation – Nonprofit Auditor

Nonprofits should consider internet isolation cloud solutions in their IT security designs

Sharing below a nice article on internet isolation cloud solutions as a paradigm for implementing security.

A boundary-less IT security defense architecture (design) is definitely one that nonprofits should consider. And the reason for this is business necessity.

Nonprofit business architectures (designs) continue to require operational and even strategic collaboration and partnerships with a variety of global and local partners. These partners are all over the world and in some cases include national governments. The data nonprofits handle includes that of vulnerable and insecure populations. To operate effectively with such populations, nonprofits must maintain relationships of trust with these clients. The trust must in turn be supported by robust data stewardship and security practices, including regulatory compliance regimes. This is because for nonprofit enterprises to be effective today and looking ahead into the future, their sensitive data will need to be shared more often. They will be more exposed to partners having different IT capabilities and a amyriad IT security postures, including no security capacity.

Nonprofit IT security designs must follow the direction of their business designs or fail to be effective in business environments and relationships they must support.

Let me know what you think of the article.

securityboulevard.com/2019/09/internet-isolation-cloud-introducing-a-new-paradigm/

Managing project start-up delays caused by donors

Some nonprofits may indeed be miracle workers, if we consider some of the results and outcomes they achieve in the world’s most difficult implementation environments. They are not magicians though, they need resources to do work. As a nonprofit auditor, one cause for underachievement of project results that I hear implementers cite is donor caused delays at startup. How frequent is the issue? I suspect it happens often enough and has been a problem for long. It is particularly important with the larger public donors. These donors fund the big multi-million dollar projects that nonprofits and their clients (beneficiaries) count on for impact at scale and for sustainable change. It is true that there are always two sides of a story but because of enormous power of the big donors I think we should expect more. As the Peter Parker principle goes: “with great power comes great responsibility”. Big donors must do a better job with timely authorization and funding of project startups!

How much do delays in launching projects cost? I suspect a lot. Impacts that come to mind include delayed and poorly timed responses to client needs (some life saving), financial and operational disruptions for resource constrained nonprofits and higher un-reimbursable cost burdens on implementers?

What can nonprofits do about this? Most nonprofit implementers seem resigned to treating this problem as “an operating constraint”, a hurdle they must deal with to do their jobs. They may well be right in their approach. However I am not convinced their approach is fully informed, in terms of the costs they wind up bearing and on their ability to exact better performance from donors. Often the donors still expect the same deliverables under the funding terms. Nonprofits should not consider themselves helpless in the matter. They can and should fight back!

Let’s see, do nonprofits analyze the effects of delayed funding within their businesses to understand which opportunities and donors to go for; what financial dispositions to take and the feedback and awareness raising to provide to donors? Do they know the types of projects where delays are more likely to be problematic, in what locations, with which client populations? Do they know what implementation models are more susceptible to the impacts of such delays, direct implementation or through other actors? Do they know what fund (award) administration strategies work best to mitigate underachievement of results in such instances and do they measure whether their staff know and adopt them? Do they know when to engage their donors on cost or no costs extensions and on other appropriate tactical responses? Do they have a general sense of how the results of projects that are authorized on time compare to those that are delayed. Do they know what impact project extensions have on expected the “value for money”? How about impacts on nonprofit volunteers and on clients?

What can donors do about the delays? Do the donors even understand the impact on their nonprofits partners and more important the missed opportunities to serve clients? Are there any accountability measures donors impose on themselves with regard to such delays and the problems they cause? Are donor agency cultures reflexive of their mandate to get help out to clients expediently and to be in service?

I think more awareness and transparency is the answer to all these questions. Let’s start there. Where I sit as an auditor, I never get a good sense that these questions have are answered. Yet good donor account management, which is a key component of fund management, calls for just this. Nonprofits leaders should require their staff to get a solid grip on the costs and impacts of delays, so they can make better decisions about funding opportunities and take steps to mitigate negative impacts. The leaders should engage donors on greater transparency. They should share the information with donors and amongst themselves. They should study and share lessons on coping with delayed funding. They should consider rating the donors with regards to expedient authorization of funding and not shy from addressing these donor performance issues. Many big public donors have multiple departments and offices, highlighting performance differences in like circumstances may also help. Nonprofits can also use carrots, they should recognize their most consistent donors with awards or simple thank you feedbacks.

Above all, how nonprofits choose to manage their donor’s performance with respect to timely authorization of funding should be deliberate and informed. What are you thoughts? If you are an auditor, have you also come across the donor delayed funding “operating constraints”.

McDonald’s Starts Serving McTech to Survive in the Modern Age — Any lessons for Nonprofits?

What does it mean that Macdonald is serving McTech? And what can nonprofits learn from this iconic company that feeds 1% of the world’s population? There is much to learn in my view. And not the least of which of course is MacDonald’s ability to connect with people worldwide and deliver the same tasty big Mac!

Let’s see, Macdonald is going back to its roots, it’s not about the tech – that part is just presentation, it’s about customer intimacy, not to be confused with engagement, its intimacy. And what has reminded Macdonald’s management about intimacy, Amazon, it is the modern day wizard at it. Amazon knows their customers and the products/services intimately and matches the two to fit like a hand in a glove. They take the thinking and worry out of it and what you have left is called “delight”, which invariably translates to cha-ching! The feeling builds trust and good brand loyalty, when supported by good delivery – customer journey.

At the height of its dominance, Macdonald understood what those tired parents, coming back from the school game with restless kids needed. It was something, simple, predictable, quick and able to satisfy everyone’s taste buds and to keep everyone happy. It was the “happy meal” together with toys, playgrounds, the homely feeling of eating together in the car. For a while though, Macdonald started focusing on costs, we know the “dollar menu” and on operational excellence, that is cost/quality, also known as “value for money”. That was good and it allowed them to expand worldwide but it started leaving “delight” behind, Five Guys, Chic-fil A and others moved in to take some of their customers.

I hear a lot of talk about nonprofit donors wanting “value for money”. Is that really true? Sometimes I have my doubts and wonder if they just want to be delighted. One of the challenges in nonprofit work is the distance between those paying for the services, the donors and those receiving the services, the clients (check my recent blog post on this). Often donors never get to know who received the services. For this reason, value for money is mostly just an abstract idea to donors, just a hedging mechanism. This is one reason why western donors ignore some of the worst crises around the world, until a western face decries it. Oh no, that is not a judgment on the donors, its just a reflection of the distance between donors and beneficiaries and the nonprofit challenge. Many nonprofits struggle and I know work their hearts out to bridge this distance everyday. It will be nice to see more nonprofits move away from formulating strategies entirely based on achieving value for money and more based on intimacy and doing so on the two ends of their value chain, the donors and the clients (beneficiaries). Digitization and the digital revolution is an opportunity for nonprofits to reframe their value proposition with donors and clients.

Below is a link to the article that discusses Macdonald serving “McTech”. It got me going. Please read and share your views. What is your opinion of nonprofit corporate strategy designs today? How can they leverage digitization and the digital revolution to explore other strategy dimensions?

McDonald’s Starts Serving McTech to Survive in the Modern Age

McDonald’s Starts Serving McTech to Survive in the Modern Age

— Read on longreads.com/2019/10/02/mcdonalds-starts-serving-mctech-to-survive-in-the-modern-age/

How google is slowing innovation – a lesson for auditors

Read this very interesting article: “How Google is slowing innovation” by Aytekin Tank https://link.medium.com/e4EYifNJNR

One lesson is that auditors should not shy from pressing management on strategic risks.

I recently wrote an article about blockchain and its implications for the audit profession. Interestingly Google and other social media giants should be thought of as also being in the cross hair of the blockchain technology. Google’s quest to execute the Microsoft’s strategy: embrace, expand, extinguish has led them to try to stop innovation or to be an innovation bottleneck. Here is how I summarize Google’s rather potent strategy:

Embrace the internet (give things for free e.g. email accounts, search)
Expand (develop and market our data using surveillance methodologies and analytics – the worrisome part)
Extinguish (the internet’s traffic is now going through google, including by the way our brains as we “google everything”)

But again, for fellow auditors, perhaps there is also an important lesson to draw. Strategy and its execution remain the most important factors to examine. Many of us focus on financial risks and in fact others constraint us to think and work mostly on financial risks and in the “numbers realm”.

Its the strategic risks and its management (e.g. Social distrust of Google’s slick intermediation role) that we should train our attention to. More precisely, we should challenge management to have more robust risk identification and mitigation efforts. We are uniquely qualified to do so because of our mandate to be independent and objective. The risks with google and its good old “bait and switch” approach remains the enormous potential backlash (privacy concerns, power concentration, mistrust).

Bait and switch is not another phrase for innovation

Do you think auditors are focusing enough on strategic risks? Do auditors have the capacity to do so in a credible way? Do auditors have the mandate? How can auditors become better at it – what will it take? Your thoughts?