Fundraising in the Cloud – Nonprofits Mobilize Their Remote Workforce

March 31, 2020

By Zain Devshi and Kevin Brady

Despite the pandemic, the nonprofit sector continues to show its resilience by working in virtual environments.  California and New York have both shut down 100% of all non-essential workforce personnel in their respective states. You might be wondering how that order – or a similar one, if implemented in your home state – might impact your organization and operations. Businesses of all types are grappling with the current events and how to adapt. Organizations that have a crisis management plan/business continuity plan are best equipped to react. But those who lack one also need to respond, and the steps taken in the next few days and weeks are critical.

There are important things to consider when managing a workforce that will need to work remotely. Employees will have to manage new challenges, such as children attending “virtual learning” school. Normal business hours may take on new meaning during these times. Flexibility and adaptability will be critical. Organizations will require new guidelines for managers and employees to adapt to the new environment we find ourselves in.

Nonprofits also have additional challenges. Fundraising and accounting processes will still occur, but with employees dispersed remotely and with less face-to-face interaction, the following are the key things nonprofits should consider while navigating this new way to do business:

  • Crisis Response Teams
  • Communications
  • Accessing Company Resources
  • Stress Test
  • Data Privacy
  • Electronic Capabilities
  • Cash Receipts/Cash Disbursements
  • Bookkeeping in a Virtual Environment

Crisis Response Teams

Does your organization currently have a crisis response team? If it does not, you should quickly formalize the key personnel who should be a part of this team. The team should consist of senior management, key public-facing personnel, and key internal administrative personnel. For nonprofits this could include HR, communications, compliance, legal, fundraising, and program leaders. It should also include IT, finance, operations, supply chain (if applicable), and representatives for each location/region.

Communications

Communications will be critical in the next few days and weeks as guidelines are released from federal and state governments and as public schools move to “virtual learning.” Communications internally to employees and key stakeholders will be critical. Organizations should develop clear guidelines for how sensitive information is stored and accessed, as well as protocols for how disruptions are handled with a remote workforce. Executives must clearly assess and define each team’s roles and responsibilities. Managers must set and communicate expectations oriented around tasks, rather than rules. By defining what it is they want, managers can give their employees the flexibility to deal with unforeseen circumstances that arise around working remotely. Check-ins should be frequent, but must not feel burdensome. One way to achieve that is to have multiple communication channels. Teams should utilize various internal communication tools, such as email, Slack, video conferencing (e.g., Zoom, Google Hangouts), texts, and calls, while still keeping in mind the security of each type of tool when it comes to discussing sensitive information. Video conferencing can alleviate some of the isolation employees may feel during this time. Routine inter-team conference calls should be established to ensure nothing is being missed, and employees should be able to communicate with any other employee as freely as they would as if they were in the office.  Alleviate the concern about people talking over one another by utilizing the “raise your hand” function within the video conferencing software.  

External communications to partners, donors, and program recipients are also critical at this time. Nonprofit organizations must communicate to donors that now is the time for donations more than ever. Transparency is vital in this effort. Donors need to be made aware of the disruptions to the organization, and how critical their donations, grants, and endowments are for the organization’s ability to continue pursuing its mission. One suggestion is that websites contain a COVID-19 link prominently on their homepage, describing the effects to the organization, from cancellations of events, revenues lost, and expenses incurred from setting up a remote workforce. Event postponements and cancellations/resumptions can also be displayed here, so members and donors can have one link to find all the information they need to know.

Accessing Company Resources

Nonprofit organizations should have policies and procedures in place for remote access during this time. Key employees should be identified that will need to be able to access company resources remotely, and the definition of key employees may expand based on the length of disruption. Employees working remotely still need to follow best practices pertaining to data security.

Remote access to company resources should be established on secure workstations and via a secure connection. If not already in place, virtual private network (“VPN”) access should be utilized to provide a secure connection for employees. If employees don’t normally use laptops for their daily job functions and use desktops instead, remote employees may need to be issued laptops to ensure proper security is in place over the workstations. Alternatively, organizations can encourage employees to take desktops home to ensure proper security.

Remote access to systems may be easier if an organization currently utilizes software-as-a-solution, or cloud-based applications, versus applications installed locally. If organizations are not currently set up for this, now might be a good time to consider moving the organization’s servers to the cloud (Amazon Web Services, Microsoft Azure, etc.). Managed security service providers can offer IT solutions, whether it be hardware needs, software needs, or infrastructure changes.

Stress Test

Once secure environments are set up for key employees to access company resources, organizations are encouraged to “stress test” their new system. Arrange for everyone to log in from their home offices at a pre-arranged time and access the donor (or other) software. This identifies any issues that must be addressed in order for work flows to continue uninterrupted.  Consider blocking websites that might slow down the network such as streaming services such as Twitch or YouTube.

Data Privacy

Nonprofit organizations should have information security policies in place that also address data privacy. Data should be classified as private, business critical, or public. If employees are accessing private data or business critical data remotely, employees should follow some common best practices. Employees should not work in public spaces (coffee shops, airports, and other public space) without taking precautions to protect sensitive data. Employees should use privacy screens on laptops so that other people cannot easily view information on their screens. In addition, we recommend avoiding the use of public WiFi and instead use VPN for remote access whenever possible to ensure proper security is enforced. Employees should also not be accessing sensitive data from their home computers, or saving files and accessing them via other devices.

Electronic Capabilities

In the event that an organization does not have proper remote access set up or needs to implement alternative methods of conducting their daily course of business, the organization should have a plan for managing electronic data that is outside of their normal accounting systems or fundraising systems. If paper tracking or software like Excel is used in lieu of access to company systems, management should ensure that there is a process for periodically inputting the data into the organization’s systems in order to maintain a proper audit trail, as well as proper segregation of duties. If anyone is unsure of how to achieve this at their organization, management should certainly talk to professional advisors to discuss individual needs or unique circumstances and receive guidance and best practice recommendations.

Cash Receipts/Cash Disbursements

Nonprofit organizations may receive personal checks in the mail. Protocols should be set up to ensure continuity in the mail receiving process. If the organization is required to work remotely, notify the USPS of a change of address, and have all mail sent to an alternative location. The content of all mail should be scanned immediately, and checks may be deposited digitally. Careful thought must be given to how controls around segregation of duties can still be effectively achieved. These controls are intended to limit access to cash to specified employees and verify that all receipts, refunds or transfers are documented correctly and in a timely manner. We recommend that organizations consider using their bank’s lockbox services. If organizations arrange to have checks mailed to the bank directly, the bank can provide a spreadsheet of all receipts.

To ensure continuity in the disbursements process, temporary access may need to be set up for employees to physically sign checks. Cash disbursement controls should be implemented to manage temporary access and provide assurance that payments are made only for authorized transactions and cash is used efficiently. Organizations may need to rely more on detective controls than preventive controls during these times.

Bookkeeping in a Virtual Environment

For many nonprofits, cash is a vital factor in continuing operations during these times of disruption. Being able to electronically process cash receipts and disbursements, is a viable alternative to manual processing.  A software package such as Concur can assist in the electronic submission of expense reimbursement requests, the supporting documentation, as well as the electronic approval.  To control and manage its cash, a nonprofit should consider:

  • Changing/virtualizing the cash process to ensure a nonprofit can account for all cash transactions accurately so that correct information is available regarding cash flows and balances;
  • Keep cash reserves and maintain enough liquidity to cover a minimum of three months of operating expenses at all times;
  • Ensure that disbursements can be made with ease during a crisis when physical “paper” is unavailable;
  • Ensure receipts are properly accounted for, deposited timely and applied accurately; and
  • Prevent loss of cash due to theft or fraud.

We are all experiencing unprecedented levels of crisis management. We’ve lived through Hurricane Sandy and disruption to operations for 7-14 days due to power loss and infrastructure issues. Throughout the country, natural disasters such as earthquakes, tornados, and hurricanes have caused disruptions in recent years. Organizations have incorporated lessons learned from those events, but now we encounter something that impacts not just in specific regions of our country, but the global community. Disruption in our operations and in our employees’ lives will present challenges and offer new ways of approaching a crisis. Forming an effective strategy and implementing the right use of technology to help weather this storm is critical, while never losing sight of data security and data integrity.

About Kevin Brady

Kevin Brady is a Senior Manager in Process Risk and Technology Solutions with advisory, audit, and compliance experience including public accounting and private industry, and IT audit and risk services to clients in various sectors.