What steps can your nonprofit take to follow the new SAS145 auditing guidelines and assess IT risks causing financial risks?
New auditing requirements on cybersecurity and SAS145 require nonprofit auditors to consider IT risks in addition to financial risks and mitigation. Learn from Darren Hulem, cybersecurity guru and senior manager in risk advisory at GRF CPAs and Advisors on the new requirements and how they may impact cybersecurity at your nonprofit.
Listen to Podcast
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
Cybersecurity Best Practices
Darren also explores and describes other cybersecurity threats that are targeting nonprofits, and best practices to defend against them. Darren is a certified ethical hacker and certified information systems auditor.
SAS145 is a statement on accounting standards that provides guidelines on a more holistic view of your risks and defenses that includes IT risks. This is a welcome move since for a decade at least IT risks have been growing in impact on financial crimes targeting nonprofits such as phishing email initiated wire fraud, account compromise, spoofing, and other financial compromises and crimes.
Darren provides an overview of the types of risks he sees at nonprofits and some simple steps organizations can take to vastly decrease those risks.
Some Key Takeaways:
- Don’t let your emotions prevent you from taking steps to protect your team and your organization from hacks and scams.
- It’s natural to worry about cybersecurity. Every nonprofit is under threat from thieves who just want to steal your funds.
- Letting your worries, fears, or lack of knowledge stop you from putting any security in place makes it easier for the hackers to target your nonprofit.
- Start with the basics and go from there.
- You don’t need to be a cybersecurity expert to take the first steps. And you don’t need to spend a lot of money.
- Holding staff training regularly can significantly decrease your risks of clicking on the wrong link or falling for the latest scams. There are lots of training providers out there.
- Find an auditor and IT provider who will answer your questions and guide you in implementing cybersecurity basics.
Presenters
Darren Hulem is a certified ethical hacker and certified information systems auditor with GRF CPAs and Advisors, where he has over six years of experience. Previously he worked as a systems engineer and analyst and started his career working with nonprofits.
Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College.
She was happy to have this podcast conversation on cybersecurity and SAS145 with Darren Hulem, to delve a little more into the cybersecurity support for nonprofit auditors and hear Darren’s advice on avoiding risks and common scams.
Ready to get strategic about your IT?
Community IT has been serving nonprofits exclusively for twenty years. We offer Managed IT support services for nonprofits that want to outsource all or part of their IT support and hosted services. For a fixed monthly fee, we provide unlimited remote and on-site help desk support, proactive network management, and ongoing IT planning from a dedicated team of experts in nonprofit-focused IT. And our clients benefit from our IT Business Managers team who will work with you to plan your IT investments and technology roadmap if you don’t have an in-house IT Director.
We constantly research and evaluate new technology to ensure that you get cutting-edge solutions that are tailored to your organization, using standard industry tech tools that don’t lock you into a single vendor or consultant. And we don’t treat any aspect of nonprofit IT as if it is too complicated for you to understand. When you are worried about productivity, change management, and implementation of new technology, you shouldn’t also have to worry about understanding your provider. You want a partner who understands nonprofits.
We think your IT vendor should be able to explain everything without jargon or lingo. If you can’t understand your IT management strategy to your own satisfaction, keep asking your questions until you find an outsourced IT provider who will partner with you for well-managed IT.
More on our cybersecurity services and cybersecurity resources here. If you are worried about cybersecurity and SAS145 guidelines, talk to cybersecurity experts who know nonprofits.
If you’re ready to gain peace of mind about your IT support, let’s talk.
Transcript coming soon
Photo by Vitaly Gariev on Unsplash