IoD Rules Review

Reminder for IoD members: Have your say on the proposal to change the IoD Rules. Log in for more information.

Four priorities for NFP boards

IoD insights about not-for-profits from the 2019 Director Sentiment Survey.

By Institute of Directors
18 May 2020
read time
4 min to read
Red heart painted on window

Just over half (51%) of IoD members serve on not-for-profit boards. Their workload and level of responsibility has increased markedly over recent years in line with increased compliance obligations and challenges facing the sector including:

  • intense competition for limited resources
  • securing reliable funding
  • competing entities providing similar or overlapping services
  • traditional reluctance to partner, enter joint ventures, collaborate or merge
  • attracting, motivating and retaining board members and staff
  • adapting to technological change.

Irrespective of size the expectations for boards working in the not-for-profit sector are similar to other sectors. Our 2019 Director Sentiment Survey (undertaken in association with ASB) found that the majority of not-for-profit boards were focusing on the future and assessing how they can strengthen their organisations.

They regularly discussed innovation and strategic opportunities (85%), how they can operate more effectively (76%), long-term value creation and their role as stewards of the organisation (79%), boards composition/renewal and the skills/ experience they need now and for the future (81%).

These are areas that all boards should be discussing and it’s encouraging that they are regularly on the agenda of many not-for-profit boards in New Zealand.

However, the Survey also found areas where not-for-profit boards needed to focus to help make their organisations stronger and more resilient in the future.

For example, just 56% of not-for-profit boards had discussed crisis management plans in the previous 12 months. With the COVID-19 lockdown upon us, that 56% may be glad that they did.

This article highlights four key focus areas for NFP boards and shares some ideas on how to improve outcomes.

Just 48% of boards had discussed workplace bullying in the past 12 months, while just 26% had discussed sexual harassment.

1. Organisational culture

The board’s role in governing organisational culture has been in the spotlight in recent times with increased scrutiny of the way that boards assess and monitor culture. The majority of not-for-profit directors were consciously and actively setting the tone and modelling their values for organisational behaviour (70%), and monitoring and regularly discussing the culture of their organisation (77%).

However, just 48% of boards had discussed workplace bullying in the past 12 months, while just 26% had discussed sexual harassment.

Having the processes and systems in place to allow cultural issues and misconduct to be reported is critical to ensuring that management is aware of potential issues. This includes ensuring that the organisation has whistleblowing policies and speak-up provisions in place. However, just 25% of not-for-profit boards agreed that they had discussed whistleblowing and how the organisation makes speak-up provisions effective in the last 12 months.

Further to this, just 47% had received comprehensive reporting from management about ethical matters and conduct incidents, and the actions taken to address them. Having the right information from management is vital
to allow the board to effectively assess and monitor culture and all boards should take time to consider what information they need and whether their board is receiving comprehensive reporting from management regarding culture and conduct.

Points for boards to consider:

  • Take the time to consider what sort of culture is needed to support the successful delivery of the organisation’s mission/purpose.
  • Take active steps to ensure that there is a common understanding between the board and management about the desired culture, including through the establishment of clearly defined values and principles.
  • Review the organisation’s structures, policies and practices to ensure that they are supporting the culture that you are trying to embed.
  • Regularly monitor culture and conduct (eg through reports, site visits, market feedback) and the way that management is embedding culture within the organisation.
  • Ensure the decisions the board makes and the actions of the board send signals to staff and volunteers about what is acceptable.

2. Overseeing climate risks

Climate change is part of the governance landscape now and climate-related risks are increasingly being considered by organisations of all sizes across all sectors. Just over a quarter of not-for-profit directors (27%) said their board was engaged and proactive on climate change risks and practices in their organisations. The majority (75%) said their board considers environmental and social issues are very important to their business.

Demonstrable sustainable practices may become increasingly important when securing funding and donations in the future.

Points for boards to consider:

  • Invest in developing an appropriate level of understanding of climate-related risk at board level.
  • Take the time to assess whether climate risk is present within your organisation.
  • If climate risk is present within your organisation, consider what information the board needs to monitor and oversee this risk.
  • Question whether there are more sustainable ways to undertake your mission and purpose – it could become a competitive advantage.

3. Mitigating cyber-risk

Cyber-attacks are a real and constant risk facing organisations globally. However, less than a quarter (21%) of not-for-profit directors thought their board had a clear picture of the organisation’s overall cybersecurity strategy and how it relates to industry best practice. While just 34% said their board regularly discusses cyber-risk, and are confident that their organisation has the capacity to respond to a cyber-attack or incident.

No organisation is immune to cyberattack. It is vital that all boards regularly discuss cyber-risk and what they can do to build cyber resilience. This has become increasingly important as more organisations shift to remote working due to COVID-19.

Points for boards to consider:

  • Take time to consider how your organisation uses and relies on digital technologies to operate.
  • Ensure that the board as a whole understands the legal implications of cyber-risk as they apply to the organisation’s specific circumstances.
  • Consider what cybersecurity expertise you need and how you can access it if needed
  • Establish an enterprise-wide cyberrisk management framework.
  • Engage with management to categorise any cyber-risks that are present. Include identification of which risks to avoid, which to accept, and which to mitigate or transfer through insurance, as well as specific plans associated with each approach.

4. Data governance and privacy

Data governance and privacy should be a priority for all boards, not only because of the considerable harm beaches can have, but also to prepare for the introduction of new privacy legislation, expected in 2020. However less than half (48%) of not-for-profit directors agreed that their boards regularly discussed data governance and the use of data analytics to drive performance and strategic opportunities. Further to this, only 34% agreed their board receives comprehensive reporting from management about data breach risks and incidents, and the actions taken to address them.

It is vital that all boards ensure that there are processes, systems and frameworks in place to effectively oversee the data practices of the organisation, including the collection, storage and use of data. In addition to this, taking time to think about how the organisation can get the most value out of accessible data can lead to new avenues of value creation.

Points for boards to consider:

  • Develop board digital capability to meet the board’s current and future data governance needs.
  • Prioritise privacy, understand your data and ensure that there are processes facilitating the transparency about how data will be used.
  • Ensure the board is getting comprehensive and timely reporting (good and bad news) from management (and other sources) about cybersecurity and risks.
  • Take the time to understand the implications of the incoming privacy legislation on your organisation.

This article is featured in Boardroom April May 2020 issue

NFP hub - for passion and purpose

Related content