Information Security Governance in Times of Pandemic

On the heels of my webinar on Technology Best Practices in During a Pandemic, I presented with my colleague Jeffrey Bernstein, Director of Marcum Technology’s Cybersecurity practice, on the companion topic – Information Security Governance in Times of Pandemic. As is mentioned in the earlier slides, the disruption we’re facing comes with new information security risks. Fore many of the nonprofits that I work with and speak to, the top priority in March and April was getting people working remotely, and that understandably took priority. But now that the technical hurdles have presumably become more manageable, it’s time to think about the increased risks.

The risks fall into two categories: Internal and external. Internally, your staff might now be using home computers and routers to perform company business. Do you know how secure those systems are? Do the computers have adequate threat protection software? Do the routers have unique passwords?

Externally, the scammers are out in force and their texts and emails are extra compelling in an environment where we all are on a heightened alert for our health.

Certainly, organizations that had mature security plans and procedures were better prepared for this than those just scraping by. The presentation linked below starts by addressing the urgent items, but covers the range of what you should do both during and after the current crisis ends.

Best Technology Practices During a Pandemic

I’ve been neglectful of my blog, and it seems like a good time to report on what I’ve been up to. So here are some things that I’ve been working on that might be useful, both for dealing with the current catastrophe and managing technology in general.:

First, I’m presenting a webinar today (4/21/2020) on Technology Best Practices in Pandemic Times for the Greater New Orleans Foundation. If you’re reading this before 3:00 PM EDT, you can register here. My audience, I’m told, will be 100-150 employees of New Orleans Nonprofits. My assumption is that half of these orgs are already in the cloud, so the switch to remote work wasn’t too technical a challenge for them, but that the other half have documents on a shared drive on a server and their options for connecting from home are difficult and likely insecure. Beyond that, what I’m seeing is that companies that are using collaborative tools like Slack and MicroSoft Teams to keep staff engaged are doing much better with this than the ones that just made sure that their people could connect and are communicating strictly through voice, email, and the occasional video-conference. Virtual work can be isolating and challenging, and the transition is about far more than just the tech. I wrote an article about this for Marcum’s CoronaVirus Resource Center a few weeks ago.

Much of my work at Marcum Technology involves helping companies with their CRM and document management implementations. While I support orgs on multiple platforms, the ones I see most often are Salesforce and Office 365. For the former, I find that there is some confusion as to what Salesforce is and isn’t. We know that it’s a powerful contact management and sales/fundraising system. But it seems like it’s being used to do just about everything these days. My take is that it’s better at some things than others, and that the investment is not always justified. My article “Should You Use Salesforce?” dives deep into those questions. Similarly, Office 365 offers a variety of tools for managing documents: Sharepoint, Onedrive, and Teams. I don’t think it’s as much a question of which one to use as it is how to use them in concert, making the most of each application’s strengths. My article “Managing Documents With Office 365” pitches a solution that makes use of all three applications.

But that’s not all! If you’re too late for today’s webinar, I have a few more scheduled. On May 6th at 9:00 Am EDT I’ll be doing a webinar on “Business Essentials: Disaster Recovery vs Business Continuity” for the Raffa Learning Community (Raffa being the nonprofit-focused division of Marcum; people that I work with regularly). And you can join me the next day, along with Jeffrey Bernstein, Marcum Tech’s Managing Director for the Cybersecurity Group, when we present on “Information Security Governance in Times of Pandemic” on May 7th at 1:00 EDT.


Basecamp Is Off-Base On Internal Communications

One of the more interesting things to land in my feed this week was Basecamp‘s new Guide To Internal Communications. As early proponents of agile project management, I have a lot of respect for the company, but I’m was not a happy camper when I read this. In short, the 30 principles of internal communication listed seem somewhat antagonistic toward interpersonal communication. Take principle 3:

“Internal communication based on long-form writing, rather than a verbal tradition of meetings, speaking, and chatting, leads to a welcomed reduction in meetings, video conferences, calls, or other real-time opportunities to interrupt and be interrupted.”

and principle 5:

” Meetings are the last resort, not the first option.”

and principle 6:

” Writing solidifies, chat dissolves. Substantial decisions start and end with an exchange of complete thoughts, not one-line-at-a-time jousts. If it’s important, critical, or fundamental, write it up, don’t chat it down.”

All in all, the guide is highly dismissive of discussing things face to face, or, particularly, in group settings.

Now, I’m no fan of endless meetings, and I’ve worked at enough “management by consensus” nonprofits to know what’s what. But I have major issues with the advice above:

  1. Written communication is written communication, and it only communicates words, not tone, not excitement, not how invested the person is in what they are discussing. You can’t easily bring people on board to your initiatives, or get excited about theirs, without the body language and vocal inflection that sells ideas as they’re discussed. We’re human, and we respond to emotion. Business writing is generally geared towards stripping emotion out of things.
  2. The best business ideas are not ones that are written up by individuals, they’re the ones that are brainstormed up and refined by teams. This manifesto completely ignores the value of collaborative planning and strategizing.
  3. Have you ever attended a scrum? The simple, face-to-face, focused meeting where everyone coordinates on what they will do that day? It’s much more efficient than doing the same by email, believe me.

This one killed me:

” If your words can be perceived in different ways, they’ll be understood in the way which does the most harm.”

Well, yeah! But if the words are spoken, then they are less prone to misinterpretation than if they’re written. Who hasn’t been advised to be careful with email, because tone can be mistaken? And, if I’m in a room explaining something to you, and I see on your face that you’re confused or offended, I can immediately pivot to address that.

But the mis-hits keep on coming:

“Poor communication creates more work.”

“Companies don’t have communication problems, they have miscommunication problems. The smaller the company, group, or team, the fewer opportunities for miscommunication.”

So suck it, big companies! Here’s my number one principle, which all of this “communication is dangerous, don’t do it unless you have to, and then only in small groups” advice:

“We make more drastic mistakes by under-communicating than we do by over-communicating”

I learned that from the best mentor I ever had, the Executive Director of a law firm that I worked at in the 90’s. In organizations, keeping information close to the vest is toxic. Lack of information fuels distrust. In my current work, as a consultant, I see more organizations that dislike and distrust their IT departments than those who get along with them. In each case, IT is terrible at communicating. They upgrade systems and software without warning anyone. They don’t respond to help desk requests until they’re ready to address the issue, leaving the user wondering if they even read it.

In the late 90’s I ran into a sticky situation. I was working as an IT Director in San Francisco at the height of the dot.com boom. Tech wages were rising quickly. And HR made a mistake and, on a routed email announcing the hire of my new Database Analyst, attached his offer letter. Every one of my ten employees saw it. My Database Administrator, who was making $10k less than that offer, was irate, and he stormed in my office with a salary guide that he found online that said he should be making $10k more. I asked him to do something for me and come back: “Find the next nine, similar articles and tell me what they average to.” He came back with a ten match average of about what he was making. Then I discussed the goals we could set to get him the extra $10k. I had similar compensation talks with each of my staff, and my relationships with each of them improved.

So my business style is to talk too much, and maybe reveal too much sometimes, but in the interest of all of my staff and peers being on the same page and feeling like a fully-briefed part of the team.

We now live in a world where our closest co-workers aren’t always in the same building, city, or country. That means that face to face communication is more important, not less, because the danger of alienation is higher, and you can’t build trust with people that you don’t see often. In the 2000’s, I had a job where my System Administrator was in Seattle, my Trainer was in Chicago, and I was in SF. After a couple of years of poor communication and teamwork, we went all in on videoconferencing, and it solved the problems.

The Basecamp manifesto goes on, and it has some good points mixed in with the bad, but the overall “communication is messy so do it very cautiously if you must” theme strikes me as the opposite of a good business practice. Businesses certainly need to be disciplined, manage meetings in ways that are efficient, and support the right mix of long form communication, social or instant messaging, and face to face. But many of the companies I work with suffer from issues caused by pervasive organizational distrust. Upper management doesn’t explain things well. There are no internal newsletters reporting on what’s happening. Strategic plans, if developed, aren’t shared in a manner that incorporates staff feedback, and staff aren’t asked for input at the start. When something bad happens – key staff depart or the White House drops funding – they don’t call all-staff meetings to discuss how they’re responding.

The organizational impact is simple. Staff aren’t engaged; turnover is high; the best people – the ones who want to make a difference – are discouraged, while the unambitious ones stay. Because you can’t manage people without interacting with them; you can’t gain their trust without sharing with them, and you can’t develop the best mission-focused strategy without collaborating on that strategy.

New Gig, Same Job

Logo

Career update! I’ve moved my CIO services and tech consulting practice to a new home. As of February 4th, 2019 I’m the CIO for Hire at Raffa, Marcum’s Social Sector and Nonprofit Group. This doesn’t change what I do for a living, it just gives me a team to work with and a steadier paycheck. As always, my focus is on helping nonprofits use technology to further their missions, not frustrate them, and I believe that one way to do that is to keep technology expertise at the table, even if you can’t afford to hire it in full-time. You can find me at Raffa, or here, as usual.


Experienced Technologist For Hire (Specialty – Nonprofits)

Open for BusinessSince I left my job at Legal Services Corporation last year, I’ve been doing consulting and Interim CIO work in order to get the bills paid while looking for new work, and I’ve decided to make that the full-time gig. I am officially available to help out organizations with technology management and strategy. As always, my preference is to work with organizations that help people and/or the planet. Here are some of the ways that I can do that:

  • Act as a CIO: serve as your Chief Technologist  on a part-time and/or interim basis. This can be helpful for an org that is either just setting out to implement technology strategy and/or infrastructure, or needs to reassess what they have in place, but doesn’t want to commit to hiring a full-time employee in the role. By working as an embedded contractor, I can get to know a company’s people, processes, and culture in order to provide relevant and effective tech recommendations. I can also work with existing staff to refocus IT attitudes and organizational engagement.
  • Assess your Technology Systems: hardware, software, people, and processes. Identify the technology solutions that will meet your mission’s goals and develop a roadmap to work from.
  • Perform Business Process Analyses around technology and data use. Determine the key processes that major systems need to support and automate prior to a major system selection or upgrade. CRM (Constituent/Donor Relationship Management), ERP (Enterprise Resource Planning, e.g. Finance, HR, backend automation), DMS (knowledge and information management systems), and AMS (Association  Management Software), to name a few.
  • Oversee Software Selection Processes: from determining needs, identifying applications and vendors, assessing the systems (RFPs, Demos), and negotiating the contract.
  • Mentor Technology Staff and help strategically develop information management and technology support processes in an organization.
  • Advise on Information Security, and/or manage a vendor performing an assessment.
  • Review, Revise, and Develop IT and Security Policies.
  • Manage Technology Projects. 

In addition to my broad experience and expertise in nonprofit tech, I have a wide network of experts and consultants to support my work. My resume is here, and my LinkedIn profile is here. And I’m easy to contact as psc here at techcafeteria.com or peterscampbell at Google’s email service.

Knowledge Management Toolkit is Available

Last winter, I took on a project for the Michigan Advocacy Program (MAP) and Idealware  developing a toolkit for implementing knowledge management at your organization. This project was funded by a Technology grant by Legal Services Corporation, my erstwhile employer.

While geared somewhat for legal aid programs, the toolkit is fully usable for all sorts of nonprofits and businesses. It focuses primarily on document management, but includes advice on email, social media, and even non-technical information management practices.

The goal of the toolkit is to help orgs capture and easily manage not only the work product that they create, but also the thought processes behind that work. Too often, I’ve been at nonprofits that, after key turnover, knew what they had, like offices in certain cities and various programs and initiatives, but didn’t necessarily retain the reasoning behind the opening of those offices, or the strategy in pursuing some grant. Knowledge Management is about having all of the information that goes into your mission-based work at your fingertips. And this toolkit, hopefully, is a useful roadmap for implementing information management and knowledge capturing systems that will keep you focused on your key objectives. I hope that it will be helpful.

You can download the toolkit (for free!) here.

MAP has released an additional toolkit on securing your organization, and is funded to release two more. Idealware is overseeing the development with the help of subject matter experts like me. More evidence that the nonprofit sector is the BEST sector!

Peter Does Not Approve

Peter Does Not ApproveLast week, at the Nonprofit Technology Conference, I co-led a session on “Leading in Uncertain Times” with my friend Dahna Goldstein. At one point, while discussing layoffs, an attendee asked a question that I heard as “Aren’t layoffs a good opportunity to lose the organizational dead weight?” and before I had time to edit my reaction, I just blurted out “I don’t approve!”, getting quite a laugh from the room – a good feat when one is discussing layoffs. On Monday, my nptech doppelganger, Steve Heye, blogged about the conference and included the meme to your left, leaving me to conclude that there is no better excuse for a long overdue rant blog!

So here are some other things that I don’t approve of:

American Association of University Women members with President John F. Kennedy as he signs the Equal Pay Act into law

  • Unequal pay. Yesterday was Equal Pay Day, a day so named because if one were to take the 93 days of 2017 that to that date and add them to the 365 days of the full year, that would be the number of days that a woman has to work to earn as much as a man doing the same job, per the current wage gap. And, as Lily Ledbetter pointed out at the “Salesforce World Tour” event that I was at, lower pay means many things, including lower retirement earnings. Salesforce shows a lot of leadership here – they have now twice made salary adjustments to address this gap. One three years ago when they first acknowledged that they, like most companies, and particularly tech companies, engaged in this discrimination; then this week, after buying out 14 companies and inheriting their equal pay problems. Here’s hoping that other tech companies start following their lead!
  • The Internet of Things. If you gave 50 monkeys 10 years to write software designed to internet-enable appliances, automobiles, and consumer electronics, they would probably come up with a more ethical and secure product than we’re seeing from the current bunch of manufacturers. We’ve had the dolls that talk to the children and then broadcast all of their responses back to the manufacturer; the TVs that do the same thing. We’ve had the hundreds of thousands of cameras hard-coded with the same password, which were subsequently hacked so that the devices could be used to take down half of the internet. We’ve had the vibrators that sent their users moans and squeals back to the

    40492213_9650d24cf4_m

    Picture by Pete Toscano

    manufacturer. And this week we got a device that checks to see if your garage door is closed from a manufacturer who will brick the gadget if you give them a bad review on Amazon. It’s not just the complete disregard for security that allows bad actors to say, hack your car and steer it off a cliff – it’s the bad ethics of the former retailers/now service providers who can void your investment by simply unplugging their server – or deleting your account. This whole futuristic trend needs to be regulated and run by people who know what they’re doing, and aren’t completely inept and immoral.

  • The Walking Dead. My son and I watch this show religiously, and we’re beginning to wonder why. As one of my heroes, Joe Bob Briggs, used to say “There’s too much plot getting iThe Walking Deadn the way of the story!” I’ve read the comics (or, more accurately, the compendiums), that take me a bit past the Negan storyline, and they do things much, much better than the show by keeping the story moving without stretching out the violence to completely cringe-worthy extremes. Bad things happen, but they propel the story, as opposed to drowning it.
  • The White House Budget Proposal. I try and keep the politics subdued on this blog, but that’s hard to do when the proposed budget zeroes out funding for the Legal Services Corporation, where I work. It’s hard to see how our patriotic mission – pulled right from the constitution – isn’t worthy of the relatively small amount of federal funding that we receive. We insure, as best we can at our funding levels, that Americans have equal protection under the law. Because, in most jurisdictions, Legal services Corporation Logothe court only appoints an an attorney in criminal matters, not civil matters like foreclosures, family law, domestic abuse, and consumer fraud. Defunding LSC would unfairly deprive a vulnerable populace of the access to justice that our country was founded on. They’ll be at the mercy of unethical landlords, banks, and abusers who can afford attorneys. The courts are overwhelmed with defendants who are poorly prepared to defend themselves, but have no other choices if they can’t get legal aid. We’re optimistic that Congress, who sets the budget, will reject this recommendation and continue to fund us, but it’s shocking that the White House can’t see the core American principle that we seek to protect.

There are plenty more things that I disapprove of, like the overhead ratio, beer made with cherries, and don’t get me started on any recent Batman or Superman movie! What’s irking you these days?

My 17NTC Report

NTEN Conference

Photo: NTEN

I’m back from NTEN’s annual conference, the biggest one ever with 2300 attendees here in DC. NTEN’s signature NPTech event continues to pull off the hat trick of continual growth, consistent high quality content, and a level of intimacy that is surprising for an event this large. It’s a big, packed tech conference, but it’s also a few days with our welcoming, engaging community. Here’s my recap. 

I attended three quality sessions on Thursday:

  • I learned much about the challenges in offering shared IT services to nonprofits, with an in-depth look at the work of the Massachusetts Legal Assistance Corporation, who offer discounted, centralized IT to legal aid programs. Their biggest lessons learned have been about the need to communicate broadly and bi-directionally. Shared services benefit the budget at the cost of personalization, and clients need to both understand and have a say in the compromises made. You can learn a lot more by reading the Collaborative Notes on this session.
  • Next, I learned how to move from a top-down, siloed organizational culture to a truly networked one (with great wisdom from Deborah Askanase and Allison Fine, among others). A great example was made by Andrea Berry, whose small foundation, Maine Initiatives, recently moved to crowdsourcing grant proposals, a move that is threatening to traditional funders, who want more locks on their purse-strings, but empowering to the community. Here are the notes.
  • Finally I attended a powerful session on managing your nonprofit technology career, with great presenters (and friends (Johanna Bates, Cindy Leonard, and Tracy Kronzak (who just landed a gig at Salesforce.org). They made great points about how imposter syndrome can hold people back – particularly the “accidental techies” that come to their technology career through nonprofits. Their advice: plow through it. You’ll question your competence, we all do, but the trick is to be confident anyway. I stayed after the session helping out with some of the tough questions from people who are trying very hard to move into tech positions without the degrees and focused expertise sought. At nonprofits, we tend to be generalists, because we’re expected to do everything. Notes are here.

Friday was the day for my two sessions. In the morning, I presented with Edima Elinewinga of the U.N. Foundation on Calculating Return on Investment (ROI), where we made a solid case for not spending money without thoroughly understanding the financial and non-financial returns that we can expect. The overall pitch is that an organizational culture that attempts to predict the benefits of their investments, and checks their work along the way, will get better at it. The toughest questions were about measuring hard to quantify benefits like improved morale, or advocacy/outreach, but we had some gurus in the room who knew how to do some of these, and an overall pitch that , while not everything can be translated to dollars, tracking the soft benefits is important. The soft ones might not justify the purchase, but they should be recognized as benefits all the same. Notes are here. And here are the slides:

My second session, with Dahna Goldstein, was a timely one: Leading in Uncertain Times. With the current political climate having potentially deep impacts on nonprofits (including my own), we weren’t certain how this one would go, but we set out to offer helpful advice and best practices for rolling with and surviving hard times. It ended up being, in many ways, a fun session, despite me having three slides on “how to do layoffs” alone. We also had a roomful of executives, which helped, and an enthusiastic conversation. Here are the notes, and here are the slides:

On Saturday, I had a blast attending Joshua Peskay and Mary O’Shaughnessy‘s session on IT Budgeting. After covering all of the nuts and bolts of putting together an IT budget that, in particular, identifies and eliminates wasteful spending, they broke the room up into groups  each putting together a quick tech budget. I was drafted (along with fellow senior techies David Krumlauf and Graham Reid) to act as the board charged with approving or denying their budgets, Project Runway-style. I now think that I’ve missed my calling and I’m looking for someone to produce this new reality TV show. Here are the notes.

Additional highlights:

  • #ntcbeer! was a bit smaller than usual this year, due largely to my not getting my act together until Jenn Johnson swept in to save it. Didn’t matter – it was still the fun, pre-conference warm-up that it always ends up being. Next year we”ll go big for the tenth annual #ntcbeer in new Orleans.
  • Dinner Thursday was a pleasant one with friends old and new from Idealware, TechImpactBayer Center for Nonprofits, and more, including my traditional NTC Roomie, Norman.
  • Friday morning started with an Idealware reunion breakfast at the posh AirBNB that the Idealware staff were staying at. Great to see friends there, as well.
  • Everywhere I turned, I ran into Steve Heye. Mind you, with 2300 people at the event, there were lots of friends that I never saw at all, but I couldn’t turn a corner without seeing this guy. What’s up with that? Anyway, here’s Steve, Dahna and I giving a  fax machine the whole Office Space treatment:
    Odffice Space Fax Machine Bashing

I’ll admit at the end here that I went into his NTC, my eleventh, wondering if it was getting old. It isn’t. As usual, the content was rich, and the company was excellent. Nobody throws a party like NTEN!

Where I’ll be at the 2017 NTC

17NTc BannerI’ve been doing these “where I’ll be at the NTC” posts for many years, but this year I’m lagging behind the pack. Steve Heye and Cindy Leonard have beat me to it! But I’m excited to be back at NTC after a rare skip year. This will be my 11th ride on the NTC train and it is always a great one.

First up on Wednesday will be #ntcbeer! This year we’re back at the Black Squirrel, the place we filled to capacity three years ago, but larger options weren’t really available. Booking the Squirrel was a bit last minute, and it supersedes a plan ntcbeerto just have groups self-organize, which wasn’t going to work too well. For those of you counting, this is the 9th annual #ntcbeer, so 2018 will mark a decade of social good-minded geeks raising pint glasses and chatting away in anticipation of the packed event dead ahead.

On Thursday, I plan to start my day early at breakfast – one key to a great NTC is taking every available opportunity for a quiet chat with an old or new friend. Then I’m attending “Shared IT Services in 2017—Nightmare or Dream Come True?“, so that smart people like Karen Graham and David Krumlauf can school me. This is assuming that David isn’t too hung over after #ntcbeer – I’m glad that my sessions are on Friday!

After that, I’m torn. I might go to “Yes, We Need a Technology Plan, but Where Do We Start?“, which has some smart presenters and is a topic close to my geeky heart. But maybe too close, so I’m also considering “Scale Change, Activate Support, and Invite Stakeholders Inside through Network Leadership“. That one’s headed up by Debra Askanase, and is bound to be good.

For the third session on Thursday, it’s an impossible choice. Should I go to Johanna Bates and Cindy Leonard‘s “From Accidental to Intentional: Taking Your NPtech Career to the Next Level“? or Steve Heye and Peggy Duvette‘s “The Role of Technology in Managing the Operations of a Nonprofit“? Help me out here. And, given that Cindy Leonard and Steve Heye are the two people to the right in the picture below, factor their appearance into your argument, please!

Friends at 15NTC

On Friday morning, assuming I’ve recovered from the progressive parties, I’ll be presenting with my friend Edima Elinewinga, VP of IT at the UN Foundation, on “The Fully-Informed Approach to Calculating Return on Investment” in room Maryland C. This session is an expanded talk based on my recent Techsoup article on Calculating ROI and Edima’s experiences. If you want to discuss strategies for assessing the value of strategic technology investments, as well as promoting an organizational culture that knows how to make smart decisions, this session is for you.

Following that, at 1:30 I’ll be presenting with Dahna Goldstein on “Leading in Uncertain Times” in the Coolidge room. Topical, given press reports that my place of employment might be defunded (we are confident that we have solid, bipartisan support on the hill that will keep this from actually occurring). But we all know that nonprofits are often at risk, from economic downturns, variances in funding sources, and political or social circumstances that impact our mission-focused strategies. We’ll discuss how an organization can be agile in times of uncertainty, with a focus on tech.

Do you work in Legal Aid? And are you going to NTC? Then definitely ping me – if there are enough of us, we should have dinner on Friday night.

On Saturday morning, “Nonprofit Execs Talk about Strategic Assessment” looks good to me, followed by Joshua Peskay‘s “The Dollars and Sense of Nonprofit Technology Budgeting“.

The big event is less than two weeks away as I type this. I hope to see you there!

How to Measure the Value of an IT Investment

This article was originally published by Techsoup on July 8th, 2016

 Person's hand holding several dice that are about to be rolledSome say life’s a gamble. But gambling can be very random, as in the rolling of a die, or very scientific, as in the calculation of odds and percentages. Investing in technology should not be a gamble, in as much as you can predict what it will do for you. In the standard business lingo, we call this prediction “return on investment” or “ROI.” And whether you calculate that with all the vigor of two college students on a weekend trip to Reno, or a scientist who deeply understands the odds, is important. In this article, we’ll discuss the many factors that go into a fully informed determination of the ROI for a technology project.

What Is ROI?

The simplest definition of ROI is that, for any project or purchase, it’s the amount saved or realized minus the cost to invest. If we spend $75 for a new fundraising widget for our website, and we make $125 in donations from it, then our return on investment is $50.

Maybe.

Or maybe not, because we invested in web developer time to deploy the widget to our website and staff time to process the donations. Plus, we spent a portion of each donation on credit card processing fees, right?

Not Strictly a Financial Formula

So ROI is not a strictly financial formula. Actual ROI is based on many factors, including hard-to-quantify things such as organizational culture, training, and readiness for adoption. The benefits of a major tech investment are proportional to the readiness of your particular organization.

Let’s try another example. We’ll spend $2,000 to upgrade to a new version of our fundraising system. It boasts better reporting and data visualizations, which, per the salesperson, will allow us to increase our donations by 10 percent. We think we’ll make $10,000 a year in additional donations, and expect the upgrade to benefit us for two years. So the strictly financial return is $18,000 ($20,000 new revenue – $2,000 upgrade cost).

But that 10 percent increase isn’t based solely on having the new features available in the product; it’s based on using the new features strategically, which your staff might not know how to do. It assumes that the software will be configured correctly, which assumes you are fully cognizant of your needs and processes related to the information that the system will manage. And it assumes that you have a staffing level that might be larger than you can afford.

It Doesn’t Start with Dollars

The concept here is pretty simple: it is easier to bake a cake from a recipe if you buy the ingredients beforehand. Then you need to have all of the required mixing implements and receptacles, clear the necessary counter space, and know how to turn on the oven.

Similarly, successfully calculating the return on investments requires having a complete picture of what you will be investing in.

Ask Yourself These Four Questions

  1. Do I understand what improvement this investment will result in and/or the problems it will solve?Core to measuring the return on the investment is knowing what it is that you have to measure. That will be some quantifiable amount of anticipated revenue, productivity gain, staffing reduction, or increase in clients served. You should know what those metrics are at the start of a project.
  2. Have I thoroughly considered the staffing changes that this investment might enable or require?For any large investment, like a new fundraising database or constituent management system, or a new, complex initiative, you want to know upfront how your day-to-day operations will be impacted. A new system might automate laborious processes, allowing you to repurpose staff. Or it might well require additional staffing in order to maximize the return. Those costs or savings are a key factor in the ROI.
  3. Do I have the necessary buy-in from the board, executives, and staff that will result in a successful implementation?Key to any large project’s success is having the support from the key decision makers. If you’re in middle management, and your initiative is not well understood and appreciated by those in charge, then there’s a significant chance that the project will fail. As right as you might be that your organization would benefit, again, the return on investment requires that the organization is invested.
  4. Have I identified any required training and ensured that we have the resources to provide it and the time to take it?So much of the value in a new system is derived from people knowing how to use it. In resource-strapped nonprofits, training time is often seen as frivolous or less important than whatever the crisis du jour might be. Don’t let that happen, because what you get out of a system is all contingent on being able to use it well and strategically. Without training, people will tend to try and emulate what they did before the new system was in place, and that will more likely reduce your return than produce it.

Tools and Tactics

There are some techniques for calculating ROI. As noted above, you should start with metrics that identify your current conditions and can be tracked after implementation. These might be dollars received, hours spent doing tasks, or number of employees dedicated to a process. Consider this your baseline. From there, you can forecast a scenario based on the advantages that you anticipate having upon completion of the project.

For example, if your current fundraising system can’t track multiple donors at the same address, then you’re probably expending time and effort to track such things in creative ways. A system that properly supports “householding” will eliminate the workarounds that you’ve created to maintain that data. You can estimate the time saved.

Once completed, these before and after numbers will help you quantify the anticipated return, as well as guide the implementation. That’s because the forecast is a set (or subset) of your goals.

  • Be sure to track both short- and long-term impacts. One basic calculation is a 5- or 10-year financial analysis. It’s not uncommon to have increased implementation costs in the first year, so tracking the annual cost fluctuations over the expected life of the investment will give you a better picture of its value.
  • For example, say you decide to invest in a donor tracking system, replacing a laborious task of tracking donations in Excel. Your current annual fundraising is about $1 million. You have reasonably estimated that the new system will net you an additional $50,000 a year, after a two-year ramp-up phase with the system. It’ll achieve that via cost savings due to efficiencies realized and increased revenue based on superior fundraising tools. Here’s what a 10-year analysis might look like:
Example spreadsheet showing ten-year analysis of costs, revenue, and net revenue

Other things might impact revenue as well, such as improved marketing, so we’re only tracking anticipated revenue associated with this investment.

Finally, don’t work in isolation. Talk with peers who have done similar projects. Find out what worked for them and what didn’t, and what successes they were able to measure. Much of this forecasting is based on speculation, and your job is to fact-check that speculation and get it closer to reality as much as you can.

Checking Your Work

As noted above, you should start with metrics that identify your current conditions and can be tracked after implementation. These metrics could be dollars received, hours spent doing tasks, or number of employees dedicated to a process. Checking your work may seem unnecessary, as the dollars have already been spent, but tracking your progress is the best way to improve on calculating ROI on subsequent investments. You can learn a lot, not only about the particular project, but about your organizational effectiveness as a whole.

The Secret to Calculating ROI

This is the secret: it’s not the return on the dollars spent. It’s the improvements in your organizational capacity and efficiency that can be made if you develop a culture that can predict which investments are worthwhile.

Further Reading

Image: Twinsterphoto / Shutterstock