May 30: Difficult People

Dealing with Difficult People

Whether at home or work, from time to time someone we find difficult crosses our path.  Attend this seminar to learn how to artfully manage this person, the situation and your own emotional response.  Specifically, strategies for condescension, complaining and caustic behavior will be covered.

 

Leading this discussion will be Cally Ritter, the principal of Positive Ripple Training and Development.  Her goal when working with an employee group is to inspire them to make shifts in their thinking and behavior for greater work/life effectiveness. She is a Licensed Independent Clinical Social Worker with her BA from Bucknell University and her Masters in Social Work from the University of Pittsburgh.  She has worked more than 25 years as a facilitator, coach, speaker, and Director of Training.  Cally has consulted with and trained for the Red Sox, Reebok, Tufts University, Wellesley College, Beth Israel Deaconess Hospitals, the Massachusetts State Government, The Girl Scouts, The Girl Scouts and countless more.

April NPFM Mtg (on May 2): Retirement security for all

Among small to medium-sized nonprofits, traditional pension plans are rare. Typically, an organization’s retirement plan enables employee contributions and some form of employer match. Beyond that, plans vary widely. Do some retirement plans tend to result in more savings for highly compensated employees, and less for everyone else? Are there things we can do to help ensure all our employees will be well-prepared for retirement, regardless of income? What are some practical ways to encourage greater equity in our retirement benefits?

Leading this discussion will be Aviva Sapers, President and CEO of Sapers & Wallack, Inc.  She is a licensed Insurance Advisor, and has expertise in executive benefits, estate liquidity planning and long term care. She will be joined by Scott Tuxbury, VP for Retirement and Wealth Management at Sapers & Wallack, an expert in qualified retirement plans.

March 28: Welcome aboard.  On-boarding for nonprofits

In the old days, orientation meant “Fill out these forms, pretend you’ve read the employee manual, and get to work.”  Nowadays, on-boarding means thinking about welcoming a new staff member as a process, not a one-day event.  We will discuss the 4 C’s of on-boarding (compliance, clarification, culture and connection) and invite all of you to share your own successful techniques.

Gordon Gottlieb is a human resources at TDC and works exclusively with small and medium sized nonprofit organizations in Southern New England.

Enterprise Risk Management

Has your board been talking about risks? The conversations about risks and ERM (enterprise risk management) have been continuing. No matter where you are on the ERM journey this session will help you learn about the process to identify, prioritize, and remediate the major strategic risks your organization is facing.

Our approach helps your organization not only respond appropriately to risks from increasing complexity, financial assistance programs, information technology – but also to explore possibilities and see opportunities it can’t afford to miss.

ERM, like continual improvement, is an ongoing process. We welcome you to join us for this one hour session for Board Members, Presidents, Executive Directors, and Financial Executives of non-profit organizations and educational institutions!

Christine DiMenna and Marcus Harwood from the firm blumshapiro, a local CPA and consulting firm, gave a presentation on Enterprise Risk Management. (ERM) As a principal in blumshapiro’ s Accounting and Auditing department and a part of the firm’s non-profit group, Christine DiMenna provides audit and risk assessment services to colleges, universities, independent schools and healthcare organizations. Marcus Harwood is a partner and industry leader of Blum’s Educational Institutions Group, has extensive experience serving educational institutions. He interacts with school business managers, audit committees and boards of trustees and is responsible for audit planning, fieldwork and supervising staff.

Has your board been talking about risks? ERM, like continual improvement, is an ongoing process. No matter where you are on the ERM journey, it is important to learn about the process to identify, prioritize, and remediate the major strategic risks your organization is facing. You need to adopt an approach that helps your organization not only respond appropriately to risks from increasing complexity, financial assistance programs, information technology – but also to explore possibilities and see opportunities it can’t afford to miss.

Enterprise Risk Management is a strategic tool that assists agency management and boards evaluate risks that might impact the organization’s long term strategic success and helps to identify, assess, and prepare for issues that my interfere with tan agency’s overall operations.  ERM is not just about what “can go bad,” it is about what prevents your agency from getting where it needs to go.  It is inextricably linked to your strategic plan and mission.  Any ERM plan needs to be a team project including management and the Board.  It is not a stand-alone process.

Blumshapiro has broken down the ERM process into four phases.  Steps one and two go hand in hand.  Phase 1 is identify members of the ERM committee and to document the ERM process and approach.  Phase 2 is to identify risk and to prioritize them.  Members of the ERM committee (risk owners) should conduct risk interviews with management, the Board, and key staff personnel.  The committee should send out a memo with the questions ahead of time and indicate that participation is expected.  Some sample questions can include the following. What are some of the major agency risks? What work issues keep you up at night?  What stands in the way of you doing your job? The interviewer should ask for information about the participant’s department and view of the agency as a whole.  You should encourage participants to open up- comments will not be attributed to names.  Next the ERM committee should meet to consolidate the identified risk into one list and then vet the list with management and the board.  The next step is to prioritize the risks on the list, through some sort of vote or survey tool.  It is important to share feedback with those who participated in the process.  The top ten risks should be ranked on the final list and then plotted on a heat map.  An executive summary should be prepared.

Phase three is to develop risk mitigation work plans Identify which risks to work on first and then assign a person in charge of that plan.  Come up with a mitigation plan and then test it to assess to see if it covers everything involved.  The final phase is risk monitoring and tracking.  You need to establish an ongoing system to monitor the work plan due dates, to monitor risks, and to review results.  Risk mitigation plans can expose previously unidentified risks and/or opportunities in such areas as information technology, human resources, and data and analytics.

To summarize ERM, the following steps should be part of the process.

  • Demonstrate the benefit of ERM
  • Define risks
  • Establish ownership
  • Determine the appropriate approach
  • Identify and quantify risks
  • Prioritize risks
  • Develop mitigation plans
  • Implement mitigation work plans
  • Report back on risks
  • Maintain the ERM process

ERM NFP Seminar Presentation – 2019

January NPFM Meeting: How to sleep at night knowing your backup and disaster recovery strategies are at work

Russell Greenwald, Vice President, co-leads the delivery and management of professional consulting services at Insource Services. Russell has over 15 years’ experience advising organizations on strategic goals, developing multi-year plans, and seeing implementations through to completion, particularly in the areas of process and technology. Russell has worked across industries, ranging from nonprofits to venture capital, biotechnology, financial services, manufacturing and healthcare.

Russell gave a presentation about how to think about IT backup and data recovery. Backups used to be a magnetic tape in your bag on a Friday night, then USB drives, and then came cloud and we all assumed it was being backed up. These days your data is in various locations, new threats appear every day, and traditional IT may not even know what systems departments are using. Russell spoke about how to put systems in place to get your backup and disaster recovery (DR) strategy under control and implemented. He provided a framework for identifying and prioritizing the systems and dimensions needed in good backup and DR, covering: What is backup and DR?; What are the dimensions of backup and DR?;Map your existing processes; Review processes for potential improvements; Identify all the critical and non-critical systems; Prioritize day 1 applications and data; Look at backup systems that cover cloud and premise software and data; Discuss RPO, RTO, and retention; Establish procedures for ongoing use and maintenance of the system; and Look at future technology with an eye towards Backup and DR.

IT disasters can have many different causes such as a mistake by an employee, either by accident or on purpose, a hardware failure; or damage or loss of the facility.  An IT backup is a copy of the data.  Disaster recovery is the ability to get your IT environment up and running in a short period of time in order to resume the agency’s business.   First you have to have a retention policy for how long you keep data backups.  This policy is different from than record retention, which is usually for 7 years.  The backup retention period can be one year.  Just because you have a good backup policy, that doesn’t mean that you can be up and running quickly after some IT disaster.  Backup procedures and disaster recovery go hand in hand.

There are two types of backup:  onsite and offsite in the cloud.  If your server goes down, you can use your onsite backup.  If your building burns down, you will need offsite backup.  There are three types of disaster recovery.  Cold site is when it takes several days to get back up and running.  Warm site is when you are almost ready to get back to normal.  A hot site is when you can just move to another building and you are already setup.  There are 2 terms associated with disaster recovery.  RPO (recovery point objective) refers to when the last backup was conducted that you can restore to.  You are probably backup every night.  Can you restore back up from one month ago, two months, etc. How long do you keep backups? RTO is recovery time objective, or how long it will take you to get back to normal operations.

You need to write up a formal disaster recovery plan.  The considerations for backup are: what is backed up; when the system is backed up; how long are the backups retained; and is the backup on site, off-site, or some combination.   What data needs to be back up:  donor base, GL, files, email, etc.?  If your server fails, how fast can you be back up and running?  What data is most critical?  Some agencies do a full back up every Sunday night and do incremental backup during the week.  What systems are critical and need to be restored quickly:  GL, phones, emails, etc.?  If you have a premise based server, you need to run a virtual server.  You need to backup both your data and the server, dump it off-site, and then you can restore it relatively quickly.  If you have backed up to the cloud, you need to know that the cloud server is secure; how to recover your data; and how long it will take you to restore your operations.  Remember the cloud is does not automatically include a back-up – you need to specify and by a cloud backup service.   You need to know how long your information is backed up for and how fast it will take to restore your system.   There are a number of products that do cloud backups.

Once you have a backup procedure and disaster recovery plan, you need to test it. Your policy is useless unless you test it.  Your disaster recovery plan should be well documented and written.  Once you test it, you can see how well it works or doesn’t work.  Then you can make improvements.

The presentation can be found here:  https://docs.google.com/forms/d/e/1FAIpQLSfiSauZcqUuNlXHfPFjKQMk3t2QXNK2qAEVj0vlgD0YhB5FeA/viewform