What IT-related skills should you have internally in your Not for Profit? This is a frequent conversation I have with organisational executives.
So, this morning I decided to scan IT job ads in the Not for Profit sector to see what roles were being advertised. One job caught my eye more than others. It asked for a:
“Junior Cybersecurity Analyst”
This charity employer had revenue of about $6.5 million last year per the ACNC website.
And the job being advertised was for $65k-$70k – not bad for a junior role that doesn’t require any experience.
Nevertheless, my question to that organisation is… Is this role the best use of your funding?
I ask because having a junior cybersecurity analyst would also necessitate a senior cybersecurity analyst or a similar role to supervise their work.
But could an organisation of this size afford both roles? Perhaps. But is it the best use of internal skills?
Maybe because of their mission needs.
However, in my view, this role could be done better and cheaper by an external provider than most Not for Profits of this size or smaller.
Another example of the internal IT-related skills debate
In another conversation I had with a Not for Profit executive at a conference, they recently fired their managed service provider and hired an internal help desk person.
In his view, this hiring decision was a huge success.
When I questioned how they would be supported when that person was sick or on leave, he didn’t have an answer.
When I asked if their new hire could cover the full spectrum of IT skills required to fully manage the security needs of the organisation, he was unsure.
What he was happy about was: 1) the help desk response time was faster; and 2) the cost of hiring this individual was cheaper than their previous managed service provider.
While the organisation may not have had the right managed service provider before, there are obvious cybersecurity and business continuity risks with their new support model when depending on a single individual to fulfil so many IT roles.
What internal IT-related skills should you have?
While a lot of IT-related skills can be outsourced efficiently and effectively, I do think that there are some that should be kept in-house for business-facing roles, at least for the lower levels of support needs.
These skills include:
- System administration for your core business systems like HR, CRM and LMS. Your organisational needs will change frequently for these systems, and having to outsource the basic configuration needs to an external provider can be costly. It’s better to only depend on external system administrator providers for the more complex changes, not something as simple as changing a field’s dropdown menu.
- Report generation – Assuming that your systems have the ability for ad hoc reports, it’s essential to have someone internally who understands the true reporting needs (not just the assumed needs) to avoid unnecessary costs and frustration.
- Data analysis – No one understands your data as well as your own staff do. So having someone in-house to analyse your data is critical. Managers often perform this role, but sometimes your data needs may warrant a specialist.
For smaller organisations, the same person can potentially perform these three roles. Just ensure that someone is trained as the backup.
What about more technical IT skills?
Even if your organisation is large enough to have an internal IT team of 2 FTE or more, I would still recommend outsourcing the following roles for most organisations.
- Network management – This role ensures your network and related devices are protected and operating appropriately. With the migration from servers to cloud-based providers, this role and related skills have changed dramatically in the last few years, and whenever I find in-house IT staff, they are seldom appropriately trained to manage their networks.
- Security monitoring and management – This role watches and reacts to unusual behaviours or actions on your organisation’s devices, databases, systems and networks (assuming it’s set up properly in the first place). Managed Service Providers can monitor multiple clients at once, resulting in less cost with a trained specialist than any single organisation can do for this role.
- Solution architecture – This role helps design your major business systems, including any major changes. This is especially important for CRMs like Salesforce and Dynamics, which are very configurable but can become unstable quickly if not designed well.
- Enterprise architecture – This role helps ensure that all of your IT investments (current and future) are aligned and supporting your mission and business goals effectively and safely. I often play this advisory role for NFP clients either on an ad hoc or ongoing basis.
While it’s not a complete list, these are the skills I see lacking and causing the most potential pain in various size organisations.
As for cybersecurity as a whole, that role should be a part of all IT-related roles because rarely can Not for Profits afford to make it a separate one. Furthermore, external providers can usually support cybersecurity tasks more effectively and efficiently, too.
Final Thoughts
There’s a lot of debate about what IT-related skills should be performed internally or externally.
I personally believe that most Not for Profits with limited budgets are better off by keeping the business-facing roles in-house, while outsourcing the more technical roles.
Nevertheless, if you want to see how the really big Not for Profits IT departments work, check out the interview I did a while ago with Red Cross Australia’s CIO, Brett Wilson.
I regularly help Not for Profits with strategic IT decisions, including for investments. Let me know if you need some help.
P.S. If you found this article helpful, you might want to read these too:
- 5 Tips for a Non-Technical Manager in charge of IT
- Why you need to budget for a CRM business administrator
- Is it better to keep my IT department in-house or to outsource it?
Tammy Ven Dange is a former charity CEO, Association President, Not for Profit Board Member and IT Executive. Today, she helps NFPs with strategic IT decisions, especially around investments.