View Video

Subscribe to our Youtube Channel here After recent updates you may want to use the Chrome browser to better display YouTube Videos on our website, or view directly on YouTube.

Listen to Podcast

Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on AppleGoogleStitcher, Pandora, and more. Or ask your smart speaker.

Do you have an IT roadmap at your nonprofit?
As a nonprofit leader, how can you design an IT roadmap to create value for your organization?

On October 3, 2024 the Center for Public and Nonprofit Leadership partnered with Community IT Innovators to provide a workshop: Design an IT Roadmap to Create Value for Your Nonprofit.

To fully utilize the power of IT to support your nonprofit, you need to have a plan. View the workshop video to learn the steps to create your own IT roadmap and incorporate IT strategy into your leadership and budget practice.

To learn more about the Georgetown Center for Public & Nonprofit Leadership at the McCourt School of Public Policy check out their program here. The Center for Public & Nonprofit Leadership provides advanced education in leadership, public and nonprofit management, advocacy and philanthropy, with domestic and international applications. Their multi-sectoral approach, public policy orientation, and research focus on effective practices, ensure the breadth and relevance of the educational experiences we offer.

They focus on four program areas, found on their website:

Executive Certificate and Customized Programs available online and in person.
Graduate Education
Research that Informs Practice
Local to Global Community Engagement

Thank you, Georgetown Center for Public & Nonprofit Leadership for inviting us to present to your alumni and to Hoyas For Others.

This webinar is appropriate for nonprofit executives, managers, accounting, development, and nonprofit IT personnel – and as with all our webinars, it is appropriate for a varied audience.

Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.

Presenter:

Photograph of Johan Hammerstrom, CEO at CommunityIT. Johan is shown smiling, wearing a dark-colored shirt with a blurred background.


Johan Hammerstrom’s focus and expertise are in nonprofit IT leadership, governance practices, and nonprofit IT strategy. In addition to deep experience supporting hundreds of nonprofit clients for over 20 years, Johan has a technical background as a computer engineer and a strong servant-leadership style as the head of an employee-owned small service business. After advising and strategizing with nonprofit clients over the years, he has gained a wealth of insight into the budget and decision-making culture at nonprofits – a culture that enables creative IT management but can place constraints on strategies and implementation.

As CEO, Johan provides high-level direction and leadership in client partnerships. He also guides Community IT’s relationship to its Board and ESOP employee-owners. Johan is also instrumental in building a Community IT value of giving back to the sector by sharing resources and knowledge through free website materials, monthly webinars, and external speaking engagements.

Johan was thrilled to present this webinar on how to Design an IT Roadmap to Create Value at Nonprofits for the Center for Public and Nonprofit Leaders at Georgetown University.



Carolyn Woodard


Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College.











Transcript

Introductions

Louisa Boyarsky: All right, we’re going to get started. Thank you for joining us today for the workshop, Designing an IT Roadmap to Create Value for Your Nonprofit. My name is Louisa Boyarsky, and I’m the Associate Director of the Center for Public and Nonprofit Leadership at the McCourt School of Public Policy at Georgetown University.

The Center is pleased to be partnering with Community IT Innovators to provide the workshop today, and we are also honored to be co-hosting the workshop with Hoyas for Others. We believe that IT is a critical but often overlooked resource that can increase our organization’s capacity.

And I’m excited to learn more about developing an intentional IT strategy during the session today. I do see a number of alumni from our Nonprofit Management Executive Certificate Program in the Zoom room.

I just want to say it’s great to see you today. And so, without further ado, I will turn it over to our partners at Community IT Innovators. Thank you so much for being with us today.

Johan Hammerstrom: Thank you, Luisa. It’s really exciting to be here. And welcome, everyone, to this event. We’re really glad that you could join us today. And we’re really looking forward to talking with you all about how to design IT roadmaps in a way that helped create value for the organization.

We’ll start with some introductions on our end. My name is Johan Hammerstrom. I’m the CEO at Community IT.

We’ll tell you a little bit more about who we are, who Community IT is in a second. I’ve been working with nonprofit organizations for about 25 years, helping them with their IT, everything from hands-on support to strategic planning and roadmap development.

I’ve worked with hundreds of nonprofits across all different sectors, all different sizes IT’s been incredibly rewarding. I really like working with nonprofit organizations, not only because of the value of the work that they do, but it’s also just a lot of fun.

You meet great people working with nonprofits and the challenges that nonprofits face in operating and particularly around using IT are really interesting and intellectually stimulating. It’s been a great experience and I’m really looking forward to talking with you all today about how to use IT effectively at your organizations. And I’ll hand it over to my co-presenter, Carolyn.

Carolyn Woodard: Hi, everyone. Thank you so much for joining us and we really appreciate your time today. My name is Carolyn Woodard. And before I worked at Community IT, I was at a small nonprofit and I was the accidental techie. And in fact, we became a client of Community IT. So, I’ve known Community IT for quite a while.

And after that job, I went on and was an IT director at a large, very large international nonprofit. I do not have a technology background. I was an English major. So, it can be done. After coming to work at Community IT and Marketing, I just really love bringing that experience of having been in the nonprofit world and realizing how important IT management is to nonprofits being successful and being able to achieve their mission, and to have staff feel good about being able to do the things they need to do to be productive and achieve their mission. So that’s why we’re here today. And thank you again so much for joining us.

I’m going to tell you a little bit about Community IT before we start. If you’re not familiar with us, we’re 100 percent employee-owned managed services providers. That means we provide outsourced IT.

We work exclusively with nonprofit organizations, and our mission is to help nonprofits achieve their missions through the effective use of technology. We believe in well-managed IT and that that’s essential for nonprofits to achieve their missions. And we believe that all nonprofits deserve well-managed IT.

We serve nonprofits across the United States. We’ve been doing it for over 20 years. We’re technology experts. We’re consistently given this MSP 501 rating as a top MSP. Which we received again in 2024. But more than being technology experts, we’re really interested in how nonprofits work, the values that are important to nonprofits, and what nonprofits need from their IT. 

I want to remind everyone that we’re vendor agnostic. So, we might talk about some platforms like Microsoft, Google, etc. today. We do that because nonprofits are using those platforms, not because we think that they’re what you should be using or anything like that. We consider ourselves the best of breed IT provider. So that’s where we come in with this outsourced IT. It’s our job as technology experts to know the landscape, the tools that are available for nonprofits, the discounts, the licenses that are available for nonprofits, what’s out there that’s reputable and widely used. Then we make recommendations based on that to our clients for what they should use. That’s in a nutshell what Community IT does. We’re just so happy to be here today. Thank you, Louisa, for having us.

Johan, do you want me to talk about the learning objectives?

Johan Hammerstrom: Yeah, that would be great.

Learning Objectives 

Carolyn Woodard: Just to set what we’re going to talk about. 

Johan Hammerstrom: Great. Thank you, Carolyn. 

One of the things I wanted to say at the outset is that we’ve really tried to design this presentation to be general enough that it’s applicable for a wide range of nonprofit organizations.

Whether your organization has over 100 staff and is larger and more complex, whether it’s a smaller organization with only 15 to 20 staff, it’s more simple. Whether you’re tied to a location, providing services to the community, whether you’re working on advocacy around specific issues, or working in the arena of international development. Our hope is that the principles that we’re going to share with you today are applicable in all of those different areas.

We are going to try to talk about these guidelines in a way that are general enough that they can be applicable to a wide range of nonprofit organizations. 

Questions to Start Designing an IT Roadmap for Value

Questions to start with are questions that I think oftentimes for nonprofit leaders that don’t have a background in IT, it can seem a little bit either overwhelming or maybe, this is not something that I have experience with, so I don’t even know where to begin.

We wanted to share these questions as a way of demystifying IT and getting at some of the initial core issues that every nonprofit faces when it’s thinking about it, it’s how IT is being used and thinking about its IT roadmap. 

Some of these questions may be really easy for you to answer. You may have a CIO and that checks all the boxes.

Some of these questions may be a little bit more difficult if IT doesn’t have an explicit role, team, or owner in the organization. 

Who Has an IT Background?

But I would suggest starting by asking the question, who in your nonprofit organization has an IT background?

A lot of nonprofits will convene a technology committee, this gets into the change management, as a way of creating buy-in around IT issues and as a way of understanding what the experience and perspective of the entire organization is when it comes to IT. 

I think this is one of the things that makes IT fairly unique among the different overhead teams or groups in an organization, is that it’s affecting everybody in a very direct way.

Everybody in the organization is using technology, is using computers to do their work, and so everybody has an experience of IT that could be good, it could be challenging IT’s important to understand what that experience is, and oftentimes, a lot of the staff in the organization are coming with their own IT background. Understanding who in the organization has an IT background and how that background is being applied to the work that they’re doing, is an important first question to ask.

Who “Owns” IT for the Organization?

Who owns IT for the organization? That’s also very critical.

It’s important that at some point, IT reports up to the senior leadership group, and you want to understand who’s primarily responsible for managing IT for the organization, and then who does that person report to, and who has the decision-making authority in the organization for approving IT budgets or approving IT roadmap. That’s not always defined or determined explicitly, and that’s important for organizations to identify that clearly. 

How Does Your Nonprofit Manage IT Now?

You can ask the question of how your nonprofit manages IT now? Is it more of a break-fix situation where the IT is there, no one’s looking at it too closely, no one’s really monitoring it, but when problems arise, they’re somehow being addressed or fixed? Or does your organization have a more strategic approach to its IT? 

On a later slide, we’re going to talk about the IT maturity model, and that’s a great model to use to understand where your organization is with IT and what your capabilities and capacity is.

Does Your Nonprofit Have an IT Roadmap?

Does your nonprofit have an IT roadmap? 

You might have had an assessment performed recently, and as part of that assessment, a roadmap might have been created. So that’s a good question to ask, especially if you’re new at an organization. And we’ll go through some examples of what IT roadmaps might look like. For small organizations, they can be very simple. For larger organizations, they really need to be more complex.

But it’s important for every organization to have some sort of an IT roadmap.

Poll: Priorities in Nonprofit IT

We’d like to start with a little poll to find out a little bit more about your IT priorities and where you’re coming from. This is a multiple choice. More than one of these may apply to you. 

Carolyn Woodard: And one of the big things that’s come around in the last couple of years is cybersecurity insurance. So as part of your insurance process, you might have to be able to certify that you’re doing certain things. And you may know what those things are and that you’re doing them, or it may be new to you that you have to certify that you’re doing them.

So that could also be pushing you to kind of embrace managing your IT more formally. 

And thanks again, everyone, for participating. It looks like we have the two biggest categories, buckets of responses, are to understand our IT structure and set priorities

Next is to prepare for a new initiative or to prepare for software selection, which is also a great time to prioritize the IT that you have and the IT that you want to get to.

The next, about 50%, was to improve cybersecurity or comply with the insurance requirements

Under that, to stabilize or recover from previous under-investments. So, we’re going to talk a little bit about that too.

And then under not sure, a couple of people put that in. And other.

Setting Priorities: Designing an IT Roadmap to Create Value

Johan, you’re going to move on to setting priorities and how you go about that.

Johan Hammerstrom: Yeah, it’s great that the majority of you said that one of your priorities is understanding your IT structure and setting priorities. And that fits well into where we’re going in the presentation.

Setting priorities is really the first step in the process. We’ve got some guidelines that we’d like to share about how you can go through that process of setting priorities. 

We recommend starting with an assessment.

And that’s something that can feel a little bit daunting. And we want to assure you that it doesn’t need to be overdone. You don’t necessarily need to hire someone to come in and do the assessment for you.

The assessment, especially if you’re a smaller organization, could be really straightforward, just one or two pages. Obviously, if you’re a larger organization, you want to have a more thorough assessment of IT, a longer document, maybe a presentation.

But the assessment is basically a snapshot of where things stand with IT

I think that’s one of the challenges with managing IT effectively, the mystery of it is one of the biggest contributors to those challenges. We’re firm believers that non-technical nonprofit leaders can understand everything that needs to be understood to manage IT effectively.

Whoever owns IT for the organization, part of their job description is to be able to explain technology in nontechnical terms to non-technical staff. That’s one of the key requirements of an effective IT leader, whether it’s a CIO, director of technology, or even just an IT manager. If that’s not something that they’re capable of doing, they may not have the skill set necessary to effectively manage IT for the organization. 

There are times where it makes sense to bring in a third party to do the assessment, and oftentimes larger organizations who maybe don’t have that capacity yet in-house will bring in a fractional CTO or a virtual CIO or a consultant to help them with that translation process. And that can be effective depending on the size and the complexity of the organization.

But you really want to get a snapshot of where do things stand with IT? 

Those are some of the basic questions that an IT snapshot should be able to answer. And then ideally would flag potential issues with how anything is set up.

All of that should be included in the IT snapshot. 

And as I mentioned, that’s something that ideally is being provided by the IT department or in some cases, you may need to bring someone in to help create that snapshot for you.

The assessment is going to be unique to your organization. And again, it’s going to vary widely based on the size of the organization. But really, you need to understand what you have in order to start setting priorities about what you need to focus on to invest wisely in IT and to really leverage IT to create value for the organization.In terms of setting priorities, that’s very basic.

IT doesn’t get much simpler than this, but this is kind of a good mental rubric to keep in mind when you’re thinking about prioritizing your IT.

Hardware Inventory

And it all starts with hardware. If you don’t have effective hardware in place, nothing else is going to be possible. So having laptops that are owned by the organization, that are being distributed to staff, that are being supported effectively and replaced on a regular basis is critical because if the organization is relying on staff to provide their own computing devices, or if it’s allowing laptops to get out of warranty and out of date, it starts to create all kinds of other problems.

You can’t really use the other IT solutions that you’re purchasing if you don’t have good hardware in place. If you have an office, making sure that it has good and up-to-date networking equipment that works effectively for staff is critical. 

So even though a lot of IT has moved to the Cloud, hardware is still really foundational. You’ve got to start with the hardware, and you’ve got to make sure that it’s in a good place.

And this is a real challenge for a lot of nonprofits, especially with the pandemic. 

Having a good laptop inventory is just, it seems so simple, it’s not that flashy, but it’s so essential and it can be really difficult to obtain. 

So that may be one of the first questions that you ask when you’re putting together your assessment and wanting to gather that IT snapshot, just to see an inventory of what is the equipment that we’ve purchased, who currently has possession of it, how old is it.

And then looking at that in the aggregate is an important part of evaluating IT priorities. 

Existing Services

Once you’ve made sure that your hardware foundation is solid, you can start looking at your existing services.

What are we currently using? That oftentimes isn’t a simple question to answer, especially in this day and age, because a lot of individuals and teams will go out and find their own software solutions online and start using those for work purposes. That’s known as shadow IT, and that’s something that can create a lot of problems for organizations. 

One of the clients that we were working with, we had to go through a project of basically renaming all of the user accounts. And as we were going through it, we discovered – this is a 200-person organization – we discovered that about 45 to 50 staff had gone out and set up their own individual accounts with a solution called Canto, which is a digital asset management solution you can use for design and to store photographs. 

A full 25% of the organization had individual Canto accounts. And it became a huge headache because all of these organizational assets were now stored in dozens of individual non-business personal accounts with this software platform.

It became a big project to migrate everybody over to an enterprise platform where all of those digital assets were being owned and controlled by the organization. When people left the organization, accounts could be disabled and the organization no longer had access to those assets. Getting a handle on shadow IT is really important.

And the sooner you start to have good policies in place for controlling that, the sooner you start to make that part of what you’re evaluating, the less of a problem it will be down the road, because it’s something that only grows in time. But understanding your existing services and understanding what you need to invest to maintain your existing services is the next level.

New Services and New Initiatives

And then from there, you can start to look at new services or new initiatives, the way that IT can support the organization as it expands in how it accomplishes its mission. So, this is very simple, but it shows there’s nothing about IT at the end of the day that needs to be overly complex. 

I mean, the technology itself can get complicated, but in terms of how you manage it for the organization, setting priorities, using this framework to set those priorities is a really good way to start. 

Again, I can’t overemphasize this enough. Whoever is owning IT for your organization, if they’re telling you something that you don’t understand, ask them to explain it again, repeat it back to them, and keep asking until they provide you with an answer that makes sense. As far as organizational management of IT goes, there’s no IT concept that a nonprofit leader can’t or shouldn’t be able to understand. 

Just keep asking the questions until they make sense to you, and until you can connect the technology to the business needs of the organization.

Carolyn Woodard: I think we have some questions coming in the chat. Thank you. Please keep putting in questions or sharing experiences, but I think it’ll be easy once we get a couple slides along to the example of how we would put a roadmap in a spreadsheet.

We don’t have anything very specific, like “ask this question, find out about this platform” because it’s so variable. Every nonprofit is a special flower, and will have different IT that they’re using, a different history, different kinds of tech savviness as well. 

Create the IT Roadmap to Create Value

Johan Hammerstrom: So then once you’ve established your organizational priorities, and they might be “refresh our laptops” or they might be “convert all of these individual accounts over to accounts that are owned by the organization,” those are just two examples, but whatever the priorities are, you can then take those priorities and start to map them out to create your roadmap. 

This is a very simple basic example of what that might look like for an organization.

Laptop encryption, this is something that’s now being required. When you go out to get your cyber liability insurance policy, now the questionnaire has become very long. Five years ago, you basically didn’t have to attest to anything, and you could get a cyber liability policy. Oftentimes, it was just a simple rider that was attached to your general liability policy. Now you have to have a separate policy.

The requirements for getting that policy are much more strict, and oftentimes that drives what you need to include in your IT roadmap. 

Laptop encryption is a good example. Most cyber liability policies now require that your laptops have hard drive encryption, so that may be a priority. 

Maybe the internet at the office isn’t sufficient, so that becomes a priority. 

Maybe you still have an old server in a closet somewhere, got to get rid of that, so that becomes a priority.

You want to manage the mobile devices that your staff are using. 

You basically list out all the different recommendations that came out of the assessment into different categories related to security or networking or policy. 

Priority + Urgency + Complexity + Impact on Staff

Then each one of those, you can classify based on the urgency. How important is it that we get this done?Obviously, you have to have cyber liability insurance so that could have high urgency. 

How complex is it to do this project? In this case, it could be medium. 

And then what’s the impact on staff? And that’s really critical. That third column is really important to keep in mind. 

High impact IT initiatives, because they affect so many people, become organizational initiatives.

Whereas low impact IT initiatives, the IT team can set these up and no one really knows.

So, the reason that it’s important to have that understanding when you’re putting your roadmap together, is that you can’t stack up a lot of high impact initiatives and run them all at the same time, because you’re going to burn people out. People are going to get frustrated. They’re going to lose faith and confidence in IT, and it’s going to create more problems than you’re solving if you do that.

How to Create the Priorities List for the IT Roadmap?

Carolyn Woodard: I have a quick question for you, Johan, as we’re looking at this. You have more experience dealing with consulting in some of our clients than I do. 

Do you recommend, is this the job of the IT director or whoever owns IT to go away and come back with this list themselves? Does it work better to do it as a committee, maybe pull a couple of the stakeholders into it and some of your leadership and go through and decide the urgency and the impact together?

What usually works?

Johan Hammerstrom: That’s a great question, Carolyn. And it raises a great point, which is it should really be a collaborative effort between the non-IT key stakeholder, oftentimes the COO, Director of Operations, whoever is responsible, whoever IT is reporting to, that has a wider understanding of what’s going on in the organization, should be a collaboration between that person and whoever is owning IT. 

Because IT is going to have certain requirements about what’s urgent. And IT is going to have a certain perception of what has impact that may be different from what the operations team thinks has impact.

And so those two parties really need to come together and work together to finalize the list of priorities and how the urgency, complexity, and impact are categorized. Because some things, like laptop encryption, for example, that’s urgent because of an insurance requirement. Retiring the servers may be urgent for technical reasons.

Different stakeholders are going to have a different understanding of the urgency of the recommendations and those have to be harmonized. You really need to find a way to collaborate on that process. 

At the end of the day, it’s the non-IT leader that has the final say and is approving the IT roadmap. 

So that’s why understanding what IT is telling you is so critical because ultimately, it’s the non-IT owner that’s making the final decision.

Carolyn Woodard: Well, we have perfect timing, Johan. I’m going to applaud you. We’re at the halfway point and we have a quick little quiz for everyone.

The creation of your IT strategy and roadmap quiz. Who is responsible?

The questions are, 

Johan Hammerstrom: If you don’t want to share publicly, it is fine. You can just answer these questions for yourself and then take those answers with you after the session, to just hopefully give you a next step. Here’s where you could go next.

Carolyn Woodard: It was a little bit of a trick question because we had said a couple of times, you do not need to be the technical person to be able to do IT planning. You might need to have a trusted technical person that you can rely on their advice and their understanding of what’s available and what needs to be done. Someone at your executive level in your nonprofit needs to be the owner of your IT planning.

Your IT Roadmap: Budget, Time, Energy

Johan Hammerstrom: Once you have the roadmap developed, then you can take that roadmap and use it to put together a budget. IT will feed into the budgeting process, and you can start to think about how the various IT work projects, initiatives that are described in the roadmap will be paid for.

As you look ahead to the coming year or even if you have a multi-year roadmap, you can start to identify how much investment those initiatives are going to require in terms of budget

You can look at how much investment they’re going to require in terms of staff time, and that’s a really critical one and that’s where having the larger view of the organization becomes really important because you don’t want to launch a new, I mean, this is almost too obvious an example, but it makes the point – you don’t want to launch a new fundraising platform a couple months before your big gala event. That would be the worst time to do it. And you don’t want to launch a new financial management platform as you’re going into your audit season.

Those are some simple examples, but if IT isn’t talking to the other teams in the organization, those mistakes could be made. Understanding staff time and how it’s spent for non-IT work is really important.

Then also staff energy, which is a vital but not an exhaustible resource, staff patience, staff goodwill. These are all going to be required for IT projects to be successful.

You want to think about how those vary over the course of the year.

Budgeting Basics for IT

Carolyn Woodard: There are many ways to budget for IT at nonprofits. You might want to answer some of these questions about how you budget for IT now? 

For example, finance takes the amount from last year and increases it slightly. Or leadership meets with all the stakeholders and together they review our roadmap or strategic plan.

Or when something breaks, we fix it. When someone needs a new tool, their department approves it. Or we have outsourced IT, and they charge us for every little thing. Or some other method. And none of these methods is better than the others.

It really depends on the tech savviness of your organization, your preferred budget method. These methods can express your attitude toward managing your IT.

For us, we urge people to get to that second option, where your leadership meets with stakeholders, reviews your past budget, develops a strategic plan, maps your needs to your budget, and then goes forward from there. And then you can attach that budget to your IT roadmap.

We do have some webinars on our site about budgeting specifically, so we don’t go into it here.

IT Maturity Model

Johan Hammerstrom: One of the things you’re thinking about, for example that question of staff energy, I mean, it’s important to be realistic about what the organization can accomplish with IT initiatives. And so, we like to use the IT maturity model as a framework for thinking about the organization’s capacity. 

What is IT Maturity

And this is not, there’s no value judgments with the IT maturity model, and maybe calling it a maturity model is a bad way of not having value judgments associated with it.

But this is a pretty common framework that exists in a variety of disciplines. So, we found it useful for organizations to apply it to their IT function, to gain a realistic perspective on where they’re at in terms of IT and what they’re capable of. 

And in the interest of time, I won’t go into any great detail. You can go back and look at this slide later.

And there’s frameworks that you can use to evaluate where your organization is. But moving up the maturity model ladder takes time. 

And I think organizations that are in an ad hoc place with their IT, the most important thing you can do is just be honest about it. “We’re always responding at the last minute. Everything is break-fix. We’re not able to plan for the future. That’s just honestly where we are.” It requires a lot of organizational commitment and organizational investment to move from ad hoc to functional.

And so, this exists outside of the IT initiatives themselves and is tied more to organizational development. But in order for organizations to effectively execute on an IT roadmap, they need to have a certain level of IT maturity. It’s important to understand where your organization is.

And I would also say, you know, not every organization needs to get to five. So, at the five level, IT is really deeply integrated into the work that the organization is doing. And that’s not always, that’s not true for every organization.

You know, there are some organizations whose entire mission is to collect and report on data. Those organizations may need to be at level five in order to leverage IT to its fullest capacity in order for them to accomplish their mission.

But other organizations may not need to be at level five. That level of investment may not yield enough return to make sense. So, thinking about IT maturity is valuable.

Budget Categories for IT at Nonprofits

And then as you’re putting your budget together, it can be helpful to think about the budget in a few different categories. 

Personnel

What’s the personnel budget? That’ll probably be the most expensive. Who is going to be dealing with IT, either fixing issues, supporting staff, managing IT projects, doing the technical work to get IT initiatives deployed? It’s important that you understand who’s doing that work and how that’s going to get paid for. Because if you don’t, the work’s either not going to get done, or someone who wasn’t planning on doing the work is going to end up taking responsibility for it. 

Making sure that the personnel costs are explicitly identified in the IT budget is a critical part of taking that roadmap and turning it into a budget.

Hardware

I talked at length before about the importance of hardware, so those costs should be built into the budget. We typically recommend for workstations and laptops that the typical laptop life cycle is three to four years, and we recommend that organizations plan to replace in a three-year replacement cycle, a third of their laptops every year, and a four-year replacement cycle replace a quarter of the laptops every year. It’s just a regular part of the ongoing budget.

Other organizations will get funding to replace their hardware and will replace everything at once. That may work better for some organizations, but it can be extremely disruptive, especially if you’re a large organization. If you’re a 120-person organization, to replace all 120 laptops in one year is going to be very expensive, not just in terms of the cost of the laptops, but also in terms of staff time, everybody getting a new laptop in one year. So that’s why we recommend spreading it out over an even lifespan. 

Software Licenses

You want to make sure you’re including the cost of software licenses, and this gets into the shadow IT, what are some of the software solutions that staff may be using? They’re using the free version, but you really need to have them on the business version of the software. What’s the impact on the budget going to be for that? 

Additional Services and Platforms

And then finally, any additional services or platforms that the organization is using.

Change Management and the IT Roadmap

We talked at some length earlier about the importance of change management, and as Carolyn mentioned at the outset, we know you all have a lot of background in change management, so we aren’t going to go into that topic in great detail, other than to note the fact that IT involves a lot of change management, and the successful IT projects really need to put change management front and center. 

In our experience, even something as simple as replacing someone’s laptop requires a lot of thought as to the change that that’s going to create for those staff, and that change needs to be managed effectively. 

Communication and Change Management

Yes, and communication is critical. And I think sometimes IT people aren’t the best at communicating, so don’t necessarily make that their responsibility. If you’re a larger organization and if you have a good framework for how internal communications happen, you have a strong communications team, you definitely want to leverage that team for communicating IT changes. 

If you’re a smaller organization, just make sure that whoever is communicating the change, is able to do that in a way that is effective for the organization. 

In our experience, it’s almost always better to have IT draft the communication and send it to someone in the operations team and then have them be responsible for sending out that communication.

Training and Change Management

Carolyn Woodard: Same thing with trainingIf you’re doing a new IT tool, you might turn to the IT people to do the training on it, but you might want to get HR involved if they do training or have more resources, more capability to do those kinds of rollout of training. You might want to make sure that you partner up with them. 

I think, Louisa, you had said on this slide, you might want to weigh in on how you talk about adaptive leadership and change management.

Louisa Boyarsky: I think we covered a fair amount of it but just remembering that when we are doing major change, even if it is around IT, that people are entrenched in the way that we’ve always done things. We find comfort in the way that things have been done before in our organizations.

To recognize that even when it might be something that seems like a technical change like IT, it might require, just to your point, Carolyn, bringing in others who are thinking about the HR side of things or how this might be affecting folks beyond the specific technical change. Just so that there’s that understanding and can be a conversation around it.

And also helping people really understand why the change is needed. So not just saying, we’re now changing, but giving them the explanation. I think, Johan, at the beginning when you were talking about the need for insurance, I think there are probably a lot of folks who don’t know about the need for cyber insurance.

And so, helping educate our staff as we’re making these changes helps everyone kind of feel a little bit more comfortable, but also really understand more clearly the need for these kinds of changes or new types of policies.

Carolyn Woodard: We just did a webinar on using an IT skills matrix, having a team sit down and think about what skills we need as an organization, how do we make our organization stronger, maybe by using some of the tools we have more effectively or efficiently, and then how can we share those skills?

If somebody is really good at Excel, they could share those skills with others. Or if you all know as a team that you want to be better at Excel or Power BI, or whichever tool it is, using Microsoft Teams even, all the different features for teams, that you could get some of that training and commit to it as a team, as a group, or as an organization, but then also work with HR to build that into your performance reviews. “You wanted to get better at this tool, you did, you get that recognition.”

There’s a lot of ways to collaborate around that change management and rolling out new tools. 

I want to make sure we have time to get to the roadmap and building out the timeline. Johan, so we had a couple of examples we were going to talk about.

Maybe we can save those to the end, or maybe people have some examples they’d like to share with us. But I think if we want to just go a little bit quickly through here and talk about how you would then put that roadmap that you came up with against the timeline.

IT Roadmap + Timeline

Johan Hammerstrom: The question is, you take this and then you want to turn it into this.

Basically, you take the recommendations, and you look through their urgency, their complexity, and the impact that they’ll have, and you use that to identify when the work needs to happen.

So obviously, high priority issues that are creating risk for the organization should happen sooner. Initiatives that have a high impact on staff need to be planned and coordinated with other things that are happening over the course of the year. 

In this example, we categorize it into these different categories. There are a number of key networking recommendations that were creating risk for the organization. Risk of the Internet going down at their main office. They were using a lot of old equipment that needed to be replaced quickly. That has very minimal staff impacts, because when you’re replacing the Internet equipment, nothing really changes from the staff perspective, and it mitigates some significant risk that the organization was facing.

So, those recommendations were scheduled to happen very early in the process. 

Then you look at some of the security recommendations. For example, implementing a password manager. That’s something that also is important because it helps reduce the risk that the organization might be facing from passwords getting stolen, simplistic passwords, passwords being stored in an insecure fashion. But switching people over from whatever they’re doing now to manage their passwords, to a password management solution that the organization is providing, is going to require a lot of change management. It’s going to require a lot of communication.

And so that’s something that maybe makes sense to wait to start, and is going to take six months, rather than something that can just get done in three months, in one quarter. 

And then maybe you’ve got your battery backup that’s powering the servers. Not a big risk. That’s something that could wait till later in the year. 

So, you go through all the recommendations and based on how you’ve prioritized those issues according to their urgency, their complexity, and the impact on staff, you start to map out when it makes sense to work on them.

Where Do Policies Fall in Terms of Urgency and Timeline?

Carolyn Woodard: And I want to just weigh in on, I loved how policy is at the bottom and in the future. And I noticed that because we did a webinar recently on policies. And in some ways, we say, your policies need to be your foundation for everything.

And as an IT leader or a nonprofit leader, you’re going to want to have that acceptable use policy. You’re going to want to have data retention policies, for example how do you comply with HIPAA, if you have that as a compliance issue.

So, policies are foundational, but if you don’t have them, it might make sense to tackle them later as you are doing these first steps and understanding where your vulnerabilities are. That might help you build up the policy or understand that you need to have a policy. So just putting that in there, you can do it either way. And we have a whole bunch of resources on doing policies and how important that is.

Johan Hammerstrom: Yeah, that’s such a great point, Carolyn. I mean, we do say policy should come first. And in this example, policy is in the middle of the timeline.

And it just reflects reality. I mean, that kind of goes back to the pyramid of priorities, for example hardware in some ways comes first. Because if your firewall breaks, if your wireless access points start to malfunction, no one’s connecting to the Internet, no one’s getting any work done.

Carolyn Woodard: If your laptops can’t be updated with the most recent security patches, you just need new laptops right away.

Johan Hammerstrom: Exactly. It’s kind of a Maslow’s hierarchy situation where you need to get the hardware stabilized and then you can start focusing on the policy. 

I think the other thing about policy that’s tricky is that it really is much more about the organization’s culture and capacity.

Is the organization a policy-driven organization? Some organizations are, everyone’s looking at the employee handbook, at the acceptable use policies. Maybe it’s not. Some organizations are just not strong on policy. And so, IT policy, as important as it is, is not going to be more mature than the overall sort of organizational policy. 

So that reality, it kind of gets back to the maturity model. It’s important to just be clear on what this organization is capable of in terms of developing and communicating and enforcing and normalizing policy.

Carolyn Woodard: Let’s go over the learning objectives and recap what we wanted to talk about.

Next year, if you haven’t done it before, if you do it this year and use it in your budgeting, next year, you’ve got something to build on. So, it can be hard to get started, but we really urge you to, if you haven’t done this before, to take the time and prioritize it with your executive team because it gets easier after that.

And you’ll be able to see those strategic benefits.

Leadership and Nonprofit IT

Johan Hammerstrom: I just want to say as we’re wrapping up this presentation, I just want to thank all of you for being leaders in the nonprofit space. 

I think one of the things that I’ve experienced and learned over the years is that a nonprofit organization can only accomplish as much as the quality of the leadership allows.

And so, all of you committing yourselves to being leaders for the nonprofit sector, continuing your education in this way, is really encouraging and I just want to thank you all for that because that’s what really makes the biggest difference.

I mean, everything we’ve talked about today, these are all important kinds of rules of thumb, but there’s really no substitute for good leadership. And I’m just grateful for the work that you all do. 

If anybody has any questions that weren’t asked today, or you have specific questions about your specific situation, you know, feel free to reach out to us. We’d be happy to just have a conversation with you to answer whatever questions you have. It’s not a sales pitch. We’re not, we don’t really sell consulting services. We just do IT support. But we really want to share our knowledge around freely with the nonprofit sector. So, if you reach out, you’re not going to get the hard sell. We’re really just here to answer your questions and provide you with advice that hopefully is helpful for you all in your situation.

Carolyn Woodard: The one example I really wanted to just mention was the Academy of Hope, which people may know right here in DC. It’s an adult charter school. They had worked with us for a while. They had an IT roadmap. They were already thinking about how they could get their students to be able to be remote when they needed to be remote.

Their students are low-income, working families, working parents, so they can’t always come to class. So, they were already thinking about this, and they had a plan, I believe, Johan, that was supposed to be a three or four-year plan.  

And then the pandemic hit. They closed down in that spring and they took their plan – they already had this roadmap – and they went to their funders and said, “can we open in the fall with our students 100 percent remote?” And the funders backed them, because they had a plan of knowing how to do it. 

It was incredibly stressful to do a four-year plan in three months, but they did it. They were able to open, all of the students had these laptops, they had a way to teach online that fall. 

So, it really can make a huge difference for you to be organized and have that strategic plan in place when something unexpected happens.

Well, I think that’s about it.

Louisa, do you want to close?

Louisa Boyarsky: Yeah. Well, first off, I just wanted to echo what you said and that we often talk about, for example when we think about fundraising, that you want to have a plan in advance before you start to try to implement.

And I think it’s just a similar approach to IT. How are we planning in advance so that when we do have either opportunities or crises or needs, that we’re ready for them rather than scrambling? I think that this is just a really helpful way to be thinking about more thoughtful and intentional consideration of IT, and then also really thinking about the budget and the HR implications that are related to any of this IT planning. 

I just want to thank you guys so much for partnering with us on this. Thank you, Johan and Carolyn, for all of your knowledge, and thank you everybody for your time and have a great rest of your day.

Carolyn Woodard: Thank you, Louisa.

Johan Hammerstrom: Thank you.

Carolyn Woodard: Thank you, everyone.