Risk Management Essentials
Articles from the Spring 2013 Print Edition
Risk in the Cloud
by Erin Gloeckner
Remember the craze over beanie babies in the 1990s? I was just a kid during the 90s, so I innocently endorsed that craze. My parents suffered through my childhood, spending heaps of money when I demanded to have the next bear, skunk, or whale in my collection. Dozens of cute, colorful animals named ‘Binksy’ or ‘Bubbles’ littered my bedroom bookshelf. Beanie babies were a money pit and I didn’t even know how to play with them. You might feel the same way about technology fads; you spend half a paycheck on the latest gadget, and feel duped when it winds up collecting dust on a shelf.
The latest buzzword in the world of technology is ‘cloud computing’. Cloud computing has existed for more years than many nonprofit leaders realize. But leaders are only recently starting to think about risk when they contemplate the rewards of embracing the cloud. more…
Insurance for Cyber Risks
by Melanie Lockwood Herman
Today’s nonprofit leaders are aware that dependence on data, software, systems and tech vendors brings untold benefits as well as potential downside risks. From the impact of data loss to claims alleging the failure to safeguard personal information, a nonprofit’s reputation and resources are ‘on the line’ in the online age. Effective risk assessment and risk management can help an organization’s leaders feel confident that appropriate steps have been taken to minimize the likelihood of a downside risk. Strong risk protocols and preparation can instill confidence that the nonprofit will do the right thing should a data loss, breach of privacy claim, or vendor error occur.
Once risk assessment and risk management are in place, it’s time to consider risk financing: how will we pay for the cost of losses and harm we’re unable to avoid? more…
Personal Devices at Work
by Erin Gloeckner
Employee-owned versus organization-owned… the battle wages on. As employees, many of us prefer to use personal phones and laptops for work because they are convenient, commonsense, and a lot cooler than what the IT department provides. Nonprofits know there is no way to prevent all employees from accessing personal phones at work, so many are creating BYOD (Bring Your Own Device) policies.
On its face, BYOD sounds like a wonderful cost-savings strategy. Employee productivity rises when employees use devices they know and love, and nonprofit employers save time and money as employees cover the cost of purchasing the latest productivity gizmo. The truth is, when you permit or endorse BYOD, you’re inviting new and nuanced risks into your nonprofit workplace. These risks run the gamut from privacy violations to data loss and more. more…
Tech Risk Q & A
by Melanie Lockwood Herman & Erin Gloeckner
Q: What questions should we ask the references of a prospective new tech vendor?
A: Checking references for any new vendor is a good idea and sound risk management practice. When checking references for a new technology vendor, try to ask questions that will enable you to get a sense of the quality and responsiveness you’re likely to experience as a customer. If possible, ask for two current client references and at least one former client reference. Here are some questions to help you get started:
- Did the vendor honor the contract and warranties?
- Have you had any disputes (e.g., about contract terms and conditions, quality of service, etc.) with the vendor? If so, how were they handled?
- How would you rate the vendor’s technical capabilities?
- How many people at the vendor do you work/interact with? Is customer service consistent or spotty?
- Has your nonprofit experienced any tech challenges or downside risks (e.g., data breaches) that required the tech vendor’s responsive action? If yes, did the vendor respond in a timely fashion and was it able to resolve the problem you experienced?
- Would you recommend the vendor to other organizations? Why?
- What do you wish you had known before you started working with the vendor?