fbpx

< Back to Thought Leadership

Strengthening Cybersecurity in Not-for-Profits: Assigning Oversight Responsibilities to Mitigate Risk

By Allen Norvell, CPA, MBA, Director at Blue & Co.

While certainly not a new risk for not-for-profit (NFP) organizations, cybersecurity risk is increasing in profile as an area of interest among members of governance. NFPs manage a significant volume of customer and donor data. We have previously provided thought leadership to help NFPs identify the cybersecurity risks they face related to that data and the steps NFPs can take to mitigate those risks.

Some of that guidance can be found at the following links:

In addition to the practices identified above, how has governance at your organization embraced the oversight of cybersecurity risks? Has oversight been assigned to a specific committee? Which committee is best equipped to exercise oversight over the organization’s cybersecurity risk management?

The answers to the above questions will vary depending upon the size and complexity of your organization.

In many organizations that have an Audit Committee, it is becoming increasingly common for that committee to take on the oversight responsibility for cybersecurity risk management. Once an appropriate committee is identified, the committee’s charter is likely to need to be amended and expanded to incorporate the additional responsibilities. It is also possible that the mix of skills and experience of the committee members will need to be revised and broadened.

If your organization has not yet formally assigned oversight responsibility for cybersecurity risk management, the above questions are a good starting point for that deliberation.

If your organization is currently deliberating these issues and you have questions how best to implement this oversight function or need assistance with developing related policies and best practices, please feel free to reach out to your Blue & Co., LLC advisor and we will be happy to assist.

Our Cybersecurity and Data Management team, led by Tom Skoog, has the experience and tools necessary to successfully guide your organization through this process.

From Missed to Maximized: Medicare Bad Debt Crossover Potential Revealed | patient in a mask sitting on an examination table speaking to a doctor in a white coat and mask with a nurse in the background

Medicare Bad Debt Crossover Potential Revealed

Beginning June 7, 2024, Indiana Medicaid launched a transformative new program: PathWays, a managed long-term service and support (MLTSS) initiative designed to streamline care for aging Hoosiers. This program partners […]

Learn More
Upcoming Hospital 340B Program Recertification Window

Upcoming Hospital 340B Program Recertification Window

The Health Resources and Services Administration (HRSA) has set the annual recertification period for the 340B Drug Pricing Program for hospitals to begin on August 11, 2025, and end on […]

Learn More
What’s the Difference? Actual Home office expenses vs. the simplified method

What’s the Difference? Actual Home Office Expenses vs. the Simplified Method

Small business owners who work from home could save money on their taxes by taking the home office deduction, as long as they meet the requirements set forth by the […]

Learn More