Category

Nonprofit

Cybersecurity Priorities for CFOs

By | cyber security, Nonprofit | No Comments
two people in front of laptop, lock overlay to represent cybersecurity measures for CFOs

The recent flurry of FBI warnings against new malware, ransomware, and other cybersecurity threats should have every CFO on edge. Nonprofit databases may contain sensitive data such as personally identifiable information, health records, and more that attract attacks. And, if you think you are immune because your organization is small (and therefore, in your mind a lesser target), think again: cyber attacks against nonprofits grew by 30% in 2024.

Given this information, what cybersecurity priorities should you focus on? The following list offers general guidance. In addition to this information, it may be prudent to speak with your IT director, managed services provider, or technology consultant so that you have a sound plan to protect your valuable data.

Four Cybersecurity Priorities for Nonprofits

The most pressing cybersecurity issues facing CFOs today include ransomware threats, human error, third-party access, and ensuring systems are updated.

Ransomware Threats

Ransomware typically enters a system through users clicking infected links. So-called phishing attacks spoof, or fake, a well-known website, such as Amazon, a bank, or another trusted and frequently used site. The user may be taken to an infected page or prompted to enter login credentials by clicking the link. This can then infect their computer and possibly the entire network. The ransomware encrypts data, effectively locking it until a ransom demand is paid.

Human Error

Most ransomware enters systems through human error. Clicking the wrong link, entering credentials without considering the validity of the request, or downloading infected material all puts your company at risk.

New attacks are even more sophisticated. Some include text messages and phone calls from someone purporting to be from IT asking the user to reset their password. The “IT person” asks the employee for their password to “verify it.” This enables the caller to log into the system themselves, reset the password, and begin whatever crime they want to commit. Some companies report their executives as the target, with the criminals contacting executive assistants and pretending to be helping the CEO with their password reset.

In all cases of human error, the criminals rely on human psychology to trick their victims into making mistakes. They present a sense of urgency, often hinting that something dire will happen if the victim doesn’t respond quickly. Or, they pretend to be a trusted colleague, such as an IT person, to fool the end-user.

Third-Party Risks

With the rise of cloud computing, it’s easier than ever to allow others to access your system. Auditors, for example, are often given access to accounting and financial systems so they can complete some of their work offsite. You may have vendors who access shared cloud drives, instant messaging apps, or other systems. Each person outside of your company who can access your system represents another potential risk.

Operating Systems and Software

Outdated software and operating systems pose a security risk. Criminals exploit known vulnerabilities. Systems that aren’t updated or patched are akin to leaving the front door of your house wide open to let a burglar inside.

Your team must ensure that all operating systems and software are updated whenever the system vendor makes patches or updates. This includes operating systems (like Windows), software (nonprofit accounting software, donor relationship management, and others), and even websites.

Systems that are no longer supported by the vendor should be replaced. For example, Microsoft has announced it is ending support for Windows 10 on October 14, 2025. While computers running Windows 10 will continue to work, Microsoft will no longer issue security patches, leaving machines running version 10 potentially vulnerable to attack. Updating the operating system to Windows 11 ensures that as new vulnerabilities are discovered, you will receive the appropriate updates and patches to address them.

Addressing Cybersecurity Challenges

This list is just the start of a much bigger list of potential cybersecurity risks and challenges that CFOs face. To address them, consider creating a cyber risk and proactive protection plan that addresses common pain points such as:

  1. Keeping abreast of the latest ransomware attacks and communicating information to employees.
  2. Frequent training and awareness programs to help employees identify possible phishing attacks.
  3. Addressing third-party access by reviewing who has access to what and removing permission once the need is gone.
  4. Working with IT to identify and update vulnerable points within your systems and platforms, including a schedule to update aging software and equipment.

As a CFO, you are entrusted with a great deal of responsibility. You are one of the organization’s leaders who knows and understands the risks. But you are also in an excellent position to address these and other emerging threats.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.

Human and AI Collaboration: Working Better Together

By | Accounting, Accounting Software, Nonprofit | No Comments
people shaking hands with AI screen overlay - Human and AI Collaboration Working Better Together

As time has passed, more organizations are testing the potential of AI to augment job functions. AI tools may be readily available. For example, AI and machine learning may be built into newer versions of nonprofit accounting software, speeding approvals, automating reminders, and helping complete many tedious jobs faster.

Where once we feared that AI might take over the work of humans, we now see that people, working in tandem with AI-based platforms, can achieve much more together than singly. Here’s why human and AI collaboration can mean more efficient work for nonprofits.

AI Enhances Productivity and Efficiency

One of the best ways that people can partner with AI is to use this new technology to enhance productivity and efficiency. AI cannot (and should not) be expected to take over tasks entirely. But it can provide exceptional efficiency gains. Here are five ways in which your team can use AI to enhance their productivity.

Automation

AI can handle repetitive tasks, freeing up time for you to focus on more complex activities. For example, email filtering, scheduling, and data entry can be automated to reduce the workload. Within nonprofit accounting software, AI can automate the routing of approvals, running reports, and sending reminders, saving your team minutes that add up to hours of productivity gains per week.

Data Analysis

Another benefit of using AI is to leverage its power to analyze large amounts of data. It can find patterns and make suggestions based on these patterns. Your team then needs to review the suggestions and act on them according to their judgement. AI produces the reports, but people need to sift through its findings, confirm them, and then choose which ones to act on.

Predictive Capabilities

AI can predict outcomes based on historical data, helping you anticipate trends and make proactive decisions. This comes in handy with marketing and donor outreach, for example. AI can examine response patterns based on previous outreach campaigns and make suggestions to maximize your efforts for the best response.

Research Assistant

When you need to find facts and data, AI can scour the web more quickly than a person can search and examine the results. The AI-produced results can be refined and enhanced to find the research you need to support a presentation, pitch, or other activity. Be sure to check the citation link and confirm the accuracy of the data or statistics produced by AI searches. It sometimes makes mistakes analyzing the source material and matching it to the search query. A quick scan of the source document can help you confirm if the stats are accurate or not.

The AI – Human Partnership

AI isn’t a stand-alone tool, but rather a potential efficiency booster for the workplace. Humans, according to a Harvard Business Review article, must determine the value of the insights generated by AI and weigh their merits. As you can see from the list of suggested ways in which teams can use AI to improve productivity, it can enhance speed and efficiency, but people should always review its results and findings and confirm them.

Moving Forward: Understanding, Training, Governance

It is vitally important, however, that before you encourage staff to use AI-based platforms, you understand how they use, store, and serve data.

Public AI, for example, ingests everything from the web, and if you feed it new material, which becomes part of its massive data repository. This is why you should never enter anything proprietary into “free” tools like ChatGPT or Copilot.

Developing a set of guidelines for your team on how they may (or may not) use AI platforms, especially free or public-access AI, is essential, as well as training sessions to help them understand responsible AI use.

While the headlines may hype AI as a replacement for people, it’s really the partnership between AI and people that gets the best result. AI is a tool like any other. It’s how the tool is used that counts.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.

Understanding Nonprofit Leadership Structures

By | Nonprofit | No Comments
Understanding Nonprofit Leadership Structures

When people join a nonprofit, they are often surprised at the difference in the organizational structure from that of a for-profit company. They may hear about decisions being presented to a committee or a board. Who is this mysterious board? Who makes up the committee, and why does a committee have the authority to approve a project?

Unlike many institutions—for-profit companies, schools, and the military—nonprofits rarely follow a top-down leadership style. Instead, depending on whether we’re talking about an accountability hierarchy or a voluntary association, the chain of command differs significantly among nonprofits.

Nonprofit vs. For Profit Reporting Structures

Nonprofits can vary considerably in their ultimate reporting structure. They typically have directors, managers, and other leaders who guide the daily activities of their departments. Like a for-profit company, people report to those managers, and their managers handle daily activities like signing off on marketing campaigns, creating work schedules, and more.

While a for-profit corporation may have a board of directors or shareholders, most have a typical hierarchical structure. Workers report to managers, managers to directors, directors to vice presidents or c-suite leaders, and all roads leading up to the CEO, who answers to the board or shareholders.

Types of Organizations and Their Leadership Hierarchies

There are many types of nonprofits, and every kind of organization is accountable to different members or groups.

Member-Governed Organizations

Many unions and small organizations follow the leadership hierarchy of member-governed organizations, which may also be called “member-driven” organizations because the members guide them. The membership has the final authority over the organization. Members may elect the board of directors, who govern between meetings of the members, but the board may not overrule member decisions.

Board-Governed Member Organizations

This hierarchy finds the board governing the organization. Members elect the board, and then the board leads. Some decisions, such as budget decisions, may be reserved for the members. The board must follow strict bylaws governing its decisions, and often, it can only act after a majority vote is taken at a properly called meeting. Many homeowner associations follow this leadership pattern.

Non-Member Organizations with Self Perpetuating Board

In this structure, the board governs the organization. The board chooses its successors, hence the term “self-perpetuating board.” Members contribute financially but have no say in the daily decisions of the organization. Museums are a good example of this type of hierarchy, with members contributing donations, entrance fees, and the like, but the museum’s governing board handles all the major decisions impacting the organization.

Committee Structures: Executive Committee

Lastly, some organizations follow a committee structure. Large organizations may have a board of directors and an executive committee. Often, the executive committee is comprised of the organization’s leaders and selected board members. The committee is supposed to be guided by the board, but often, the roles reverse, with the executive committee taking the lead.

Review the Bylaws

This is why it is vital to refer to a nonprofit’s bylaws to understand its leadership hierarchy. It’s not as simple as a daily org chart. There may be someone making daily decisions over accounting, finance, operations, marketing, and the like, but big decisions, like pivoting to new programs, making major infrastructure investments, and the like, may require the board’s vote in order to proceed. The bylaws are the ultimate guide to those who have the final say at a nonprofit.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.

Tips to Choose the Right Auditor for Your Organization

By | Accounting, Audit, CPA, Nonprofit | No Comments
auditor working at desk with spreadsheets, computers, and calculator

The right auditor is much more than a CPA. Auditors provide valuable guidance and ensure donors, members, and constituents trust that your organization is a good steward of their finances. These tips will help you find the right auditor for your needs who is both well-versed in nonprofits and a good cultural fit for your organization.

Find Potential CPA Firms

The first step is to find potential CPA firms who provide auditing services. You can look online for local firms or ask other nonprofits who they use and like. Your employees may also suggest companies or individuals with whom they have worked in the past.

It is vitally important to find an auditor who specializes in nonprofits. Nonprofit accounting has unique requirements and regulations, such as fund accounting and compliance with IRS Form 990. A CPA familiar with these aspects can ensure accurate financial reporting and adherence to relevant laws.

CPAs with nonprofit experience can also provide valuable insights and recommendations tailored to the organization’s unique financial situation. This can include guidance on improving internal controls, financial management, and strategic planning.

Lastly, because nonprofits are subject to various regulations and compliance requirements. A knowledgeable CPA can help navigate these complexities, reduce non-compliance risk, and identify potential issues before they become significant problems.

Develop Questions

To ensure that you have an apples-to-apples comparison of CPA firms after you’ve completed your research, develop a set of questions to ask each firm. This approach is similar to a request for proposal (RFP) process. Consider your organization’s needs. Some potential questions may include:

  • Can you provide references? May I contact them?
  • Who will I be working with?
  • Do you work on site, or do you need remote access to materials?
  • What is the typical audit process your firm uses?
  • What can I expect during the audit?
  • What do you provide me with afterwards? How long will it take?
  • How much does it cost?

Depending on your needs, you may also have other questions to add to this list.

Consider a Formal Request for Proposal

A request for proposal (RFP) is a formal document issued to multiple possible vendors. It outlines your organization’s background, the project you have available, and the scope of work. It also includes a due date for the project and response requirements, such as references or case studies demonstrating experience with previous projects.

Responses are written following the outline given to vendors in the scope of work. The resulting documents help compare the relevant credentials of all potential CPA firms. Because the RFP requires all responses to be written in the same format, following identical guidelines, the results provide an apples-to-apples comparison among respondents, allowing you to sift through what makes one stand out above the others.

Gather all the responses, whether through a formal RFP process or a sit-down meeting with questions. Then, meet with your team and consider the answers. Your final selection should weigh all factors, including the firm’s relevant experience, assessing its approach, and comparing prices.

Consider Cultural Fit

Lastly, consider the cultural fit of the CPA with your organization. The best credentialed expert will not be effective if you feel intimidated or rushed when you work with them. Look for someone with whom you feel good rapport, a CPA who communicates clearly, who listens patiently, and who isn’t afraid to answer questions.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.