Research: challenging times ahead for NFPs

Grant Thornton New Zealand’s latest NFP research paints a picture of an agile industry, but also indicates a breaking point is on the horizon for many organisations.

Barry Baker, Partner and Co-Leader of Not for Profit services at Grant Thornton says, “The report clearly demonstrates the great work the sector has done over the last few years in creating more robust and financially secure organisations, but it also uncovers some major gaps that will ultimately prevent many from delivering on their purpose”.

Not for Profit organisations have seen a raft of legislative changes in recent years, with more to come. “Engagement with, and understanding of certain legislative changes has been unexpectedly low,” says Baker. “For example, nearly a quarter of Incorporated Societies surveyed haven’t addressed the impacts of the newly passed Incorporated Societies Act 2022 which is intended to clarify the responsibilities and risks to organisations’ governance groups, and a third haven’t considered the new reporting obligations required.

“There are financial penalties for non-compliance with the Act, and prison terms for more extreme cases.”

“The Privacy Act 2020 is another important piece of legislation that has strengthened requirements for the protection and disclosure of personal information. It impacts all NFPs, but well over a third haven’t updated their Privacy Policies, and even more alarming is the 40 percent of entities in breach of the Act by not appointing a Privacy Officer.

“For profits and NFPs alike are required to have suitable person in this role to prevent or resolve any privacy issues before they become a financial, reputational or legal risk, but it was surprising to see the wide range of team members charged with this task including corporate services, operations, office managers and even receptionists.”

Risk management

Baker (pictured) says there’s serious room for improvement in the sector’s business continuity planning, and that the survey results in this area were particularly concerning given the events over the last couple of years.

“The findings around business continuity demonstrate some neglect here: One quarter of NFPs never update their business continuity plan, over half never test the plan they have, and 59 percent never circulate the plan to employees.

“Unfortunately, there will always be black swan events like financial crises and pandemics, so complacency isn’t an option.”

Cyber security

“Although it’s unthinkable, NFPs are targets for cyber criminals, so cyber security is an area that needs ongoing investment as organisations are constantly bombarded with phishing attempts, ransomware attacks and fraudulent activity,” says Baker.

“That’s why it’s surprising to find only 43 percent of NFPs invested in this over the past two years and 27 percent plan to invest in it over the next two to three years”.

“A major security breach can cause enormous disruption or even shut down operations, and it will almost always require considerable time and money to rectify the issue for those NFPs who haven’t invested enough in their systems, processes and staff training.”

The way forward for NFPs

“There’s no doubt we will all face troubled waters ahead at some stage, but those NFPs who have planned well and invested in future proofing their organisations will be the ones equipped to continue their good work. They just need to make sure their oxygen mask is fitted before they can help others”, says Baker.

Grant Thornton’s report Here for good? can be downloaded here.