Our blog is just another place where we can connect with you. Join the discussion, so we can learn, share, and grow together. Because knowledge is power!


The DelCor Connection

CAE Credential Conferred Upon Conley

(Our Company) Permanent link

DelCor consultant earns highest credential in association industry

headshot - Tobin ConleyASAE has announced that Tobin P. Conley of DelCor Technology Solutions has earned the Certified Association Executive (CAE®) designation. The CAE is the highest professional credential in the association industry.

“We at DelCor are extremely proud of Tobin for this accomplishment,” said CEO Loretta Monterastelli DeLuca, FASAE. “His dedication to the association community and his work ethic are second to none. We are lucky—the entire community is lucky—to benefit from his knowledge, experience, foresight, and sense of humor.”

Mr. Conley has worked in the non-profit, higher education, and association communities for more than 30 years—nearly half of them as a consultant at DelCor. As a senior consultant in technology management at DelCor, he helps associations achieve progress through technology strategic planning, digital strategy, system assessments and selection, e-learning strategies, and more.

“My work for and with various associations over the years, as well as my volunteer experiences, were particularly helpful in bringing the subject matter to life, which helped me apply the CAE body of knowledge effectively, and will continue to serve me—and my clients and cohorts—well in the future,” said Conley.

Mr. Conley is a member of ASAE and a course facilitator for ASAE University. He is a frequent author, speaker, and presenter in the association community. He previously chaired the ASAE Professional Development Section Council and serves on the Board of Directors (as Immediate Past President) for the Arc of Montgomery County.

Prior to joining DelCor, Mr. Conley worked in a number of associations, including the International Sign Association, the Association of American Colleges & Universities, United Educators Risk Retention Group, and the National Association of College & University Business Officers.

He holds a B.A. degree in Political Philosophy from Michigan State University, Cum Laude (Phi Beta Kappa member), as well as an M.A. degree in History and an M.L.S. from the University of Maryland, College Park.


DelCor Technology Solutions, Inc., is an independent technology consulting firm headquartered in Silver Spring, Maryland, with seven areas of service designed especially for associations and nonprofits. Since its founding in 1984, DelCor has helped hundreds of organizations nationwide achieve progress through technology, with a focus on IT Maturity. For more information, visit


To be designated as a Certified Association Executive, an applicant must have a minimum of three years’ experience with nonprofit organization management, complete a minimum of 100 hours of specialized professional development, pass a stringent examination in association management, and pledge to uphold a code of ethics. To maintain the certification, individuals must undertake ongoing professional development and activities in association and nonprofit management. More than 4,000 association professionals currently hold the CAE credential. The CAE Program is accredited by the National Commission for Certifying Agencies (NCCA). For more information, visit


ASAE is a membership organization of more than 21,000 association executives and industry partners representing 10,000 organizations. Its members manage leading trade associations, individual membership societies and voluntary organizations across the United States and in nearly 50 countries around the world. With support of the ASAE Foundation, a separate nonprofit entity, ASAE is the premier source of learning, knowledge and future-oriented research for the association and nonprofit profession, and provides resources, education, ideas and advocacy to enhance the power and performance of the association and nonprofit community. For more information about ASAE, visit

The secret to managing change during a technology project

(Project Management) Permanent link

Pop quiz! If your association is about to select a new AMS and plans to begin the implementation process in 3-4 months, when do you start thinking about change management?

  1. Just prior to user training
  2. During acceptance testing
  3. Immediately after the selection has been made
  4. During requirements gathering

Here’s a hint from René Shonerd, Managing Director of Technology Initiatives at the American Industrial Hygiene Association. (You might remember René from a 4-part series of posts I wrote about her framework for change management.)

Change management is a part of project management, but it’s often overlooked. That was our message during the session: project management steps must be in sync with change management steps.

A CiteWorld graphic that René used in a presentation at the ASAE Technology Conference reveals the answer: D. Start change management during the first phase of project management: requirements gathering and analysis.

PM and change management parallel timeline - CiteWorld

Each phase of project management must coordinate with each phase of change management. You can’t wait until you’re getting ready to roll out a new system to start thinking about change management. By then, it’s far too late.

When a project fails to live up to expectations, you can often trace the cause back to the project’s beginning. For example, requirements analysis, a critical project step, might have been done poorly or not at all. Or, as René pointed out, change management may not have been part of the project plan from the start. As you build a system, you also need to build the desire for that system and the capacity to adopt that system in the people who will interact with it.

The bottom timeline in the graphic above illustrates the 5-step ADKAR change management model.

  • Awareness of the need to change
  • Desire to participate and support the change
  • Knowledge of how to change (and what the change looks like)
  • Ability to implement the change on a day-to-day basis
  • Reinforcement to keep the change in place

Awareness of the need to change

Once the go-ahead is given and the project plan is developed, requirements analysis begins. During this project stage, staff stakeholders and business analysts identify and document the requirements for the new system as well as changes to business processes.

Staff and project leaders must start communicating withstaff about the need for change at the very beginning of the project. Some staff may not understand or agree with the need for change, so it’s crucial to listen carefully, address their concerns, answer questions, and squash misinformation and rumors.

Desire to participate and support the change

While the project moves onto the design phase, staff leaders must focus on building within the staff the desire to support the forthcoming change. At this point, staff should understand the reason for a new system, but now they want to know how the change is going to affect them. How will their business processes, procedures, and job descriptions change?

Change is personal. You need to understand reasons for resistance to change and develop a plan for turning that resistance into support.

Knowledge of how to change

As the system is being developed, you must help everyone develop the knowledge they need to make the required change. Some staff will only require training, but some will need more individual attention and coaching. This is an anxious and awkward time for those who aren’t used to learning new skills, so keep reminding them of the positive impact the new system will make on their job, the organization’s operations, and/or the membership experience.

Ability to implement the change on a day-to-day basis

As the system is rolled out, your change management efforts focus on helping staff develop and practice the new skills and behavior required to sustain the change. To do this, you need to identify any logistical and cultural barriers that could prevent them from implementing the new system and/or processes.

  • Are supervisors modeling the change you want to see?
  • Is staff able to fall back on old methods of doing things?
  • Has staff been given the necessary time to learn new skills and develop new workflows, or are they expected to add those responsibilities to their existing schedule?
  • Are they being rushed too quickly?

Reinforcement to keep the change in place

Even though a project may have come to a close, the change management process continues. You have to make the change stick. Change is sustained through ongoing coaching and training, opportunities for feedback, celebration of quick wins, and the demonstration of individual and collective progress.

When you plan for change from the beginning of a new project, you can prevent most of the frustrations, complaints, and resistance that normally occur when change management isn’t synchronized with project management.

Security tools to protect your association against social engineering, and then some

(Cloud Computing, Infrastructure, Security) Permanent link

crook cracking into computer

What if someone on your staff received a curt, unexpected email from a colleague asking them to read an attached memo? Would they open the attachment? You’d be surprised how many would do that without realizing they’re about to be phished.

Phishing is just one of the security threats on an association IT department’s radar these days. In this post – the last in a series about security – I’ll share some suggestions for security tools that will help protect your association and its data from evil doers, both human and bot.

Last fall, the security company McAfee sent out a 10-question Phishing Quiz to more than 30,000 participants. 80% of them fell for at least one phishing email in the quiz. Moral of the story? You can have the best perimeter defenses, but one malware link clicked by someone on staff can let in an outside agent.

To minimize that risk, you can hire a company to provide social engineering training for staff. With your permission, these companies send phishing emails to staff. When someone clicks on a “bad” link, they are sent a 30-second video teaching them how to respond to these types of threats. If you do hire a social engineering training company, let your staff know what you’re doing and why; you don’t want to make them feel like they’re being punished or patronized.

Because everyone brings their phone and tablets to work these days, you need a mobile device policy and mobile device management software. Your policy should cover passwords, loss of devices, and consequences of lost devices (i.e., data wipes). Let staff know that if they want to access association data or networks from their phone, you must implement these security considerations.

2 solutions that also deserve a place in your security toolkit are:

  • BeyondTrust, privilege account management and vulnerability management software – stops viruses and other threats by restricting the types of executables that can run on computers.
  • OpenDNS, cloud-delivered network security software – provides phishing protection and optional content filtering.

To stay current with the constantly changing security landscape, check out the valuable information and tips about IT security from these 2 federal organizations:

  • The U.S. Computer Emergency Readiness Team is a federal agency that provides weekly and monthly notices about security vulnerabilities.
  • InfraGard, a collaboration between the FBI and the private sector to prevent hostile acts against the U.S., provides free access to its many resources.

Back in the office, make sure the IT department knows about all the technology platforms and vendors used by staff. For example, is anyone using Dropbox? Has there ever been a conversation with your website hosting provider about web app security? Dangerous communication gaps can result when a single person or department has the relationship with a vendor and the IT department is left out of the loop.

IT staff must review the access that every vendor has to your networks, systems, and data. They must have candid discussions with the providers of SaaS platforms and cloud hosting to learn about the vendor’s security policies.

IT security is a collaborative effort. IT staff doesn't need to completely lock down the fortress, but they do need to educate colleagues about security vulnerabilities and the reasons they do what they do.

Read our complete series on association data security:

  1. The IT security threat landscape for associations
  2. Finding the sweet spot for your association’s IT security
  3. Is your association’s IT security policy up to snuff?
  4. Security tools to protect your association against social engineering, and then some (this post)

Flickr photo by elhombredenegro

How associations can dive in to Big Data

(AMS, Association Management) Permanent link

black & white retro deep sea divers

Not so long ago, the only people in associations who were in charge of purchasing or implementing technology were the hardcore geeks who hung out in the server room – the ones who talked about .php, web apps, patches, and other tech gobbledygook.

Ironically, it’s cool to be called a geek now; the geeks are today’s technology leaders. Meanwhile, staff from departments across the association are also leading technology projects. Technology has, in a sense, been democratized.

Data democratization

Data is heading that way too. When articles and conference sessions about “big data” started showing up in association industry magazines and conferences, you could sense a bit of resistance. Association professionals first wanted to get a handle on the “small” data they’d been collecting before taking on the big stuff.

But soon enough, people stopped worrying about the size of data, and started focusing on the impact of data. “Associations are looking at data sets with a different point of view,” says Vice President of Information Technology at American Gastroenterological Association, Prabhash Shrestha, PMP, CAE. “They’re using data to understand trends, to identify problems, and to figure out why things are happening.”

The perks of deep data dives

Traditionally, monthly membership reports have included retention rates along with new and total membership numbers. Now, membership staff can dig deeper into data and learn about the wide range of membership experiences in their association. They can segment data to compare the retention rate of first-year members with other members, or to look at the retention of members who joined as part of a conference registration package. They can track engagement data to identify the activities that have the most impact on retention.

“This type of data analysis makes a dent in what we do,” says Prabhash, who is admittedly passionate about data strategy. I wanted to talk to him about his approach to data after hearing about a session he co-presented at the ASAE Technology Conference, Creating a Big Data Strategy with Tactics for Quick Implementation.

Prabhash believes association professionals are more data-driven and strategic than they were 5 years ago. “We’re using predictive analysis now. We’re deciding what action to take based on our analysis of data.”

Data that’s not daunting

“Big data” sounds overwhelming, but it doesn’t have to be. Prabhash believes in “analyzing data in place,” instead of corralling it all from separate databases into one hub – a formidable (and often expensive) task for many associations.

He says, “We’re fortunate in 2015 to have data visualization tools, like Tableau, that have the proper API and security in place to access different databases. You don’t have to bring data into one system.”

At his former association, the Association of Fundraising Professionals, his team used Tableau to create 26 different dashboards that pulled real-time data from multiple systems. During the first week of every month, they shared these dashboards with each functional area of the association.

He’s bringing this same approach to the American Gastroenterological Association. “The key is to have a solid partnership between the IT team and each department, so you can assist them in defining the type of data that will help them do things differently and better.”

They started with the IT dashboard, which they shared with senior staff as a warm-up exercise. They’re rolling out an additional dashboard each month. Ultimately, Prabhash projects having about 15 or 16 dashboards, each with 6-8 graphs and charts.

“We’ll continue to have conversations with the different departments as the year goes on to make sure everyone understands what the data is saying and how it can move them closer to their business goals.” Eventually staff will be trained to develop dashboards themselves.

Business intelligence is a hot topic right now, but Prabhash says you need to bring big data down to the practical level, that is, to make big data more human-scaled. “These dashboards will change how my colleagues think and they’ll shed new light on the information we already have,” he says. “They’re the quickest way for IT professionals to become rock star CIOs.”

Flickr photo by James Vaughan

Is your association’s IT security policy up to snuff?

(Cloud Computing, Infrastructure, Security) Permanent link

Is there a shark in your computer?

Anthem, the nation's second-largest health insurance company, is just another big name in a series of Fortune 500 companies and other entities (Office of Personnel Management, anyone?) that have been targets of security breaches. 80 million Anthem customers had their account information, including social security numbers, stolen. Ouch.

To minimize the chances of this nightmare scenario at your association, make sure your IT security policy addresses each of the following 5 areas.


Backups must be a top priority in your security policy because some day you may have to rely on backups to continue operations.

The American Public Power Association (APPA) uses a fully virtualized storage area network (SAN) – installed by DelCor – for their server infrastructure, according to their IT manager, Adam Kuhn. A SAN is a high-speed network of storage devices connected to your servers. The SAN is capable of keeping backups for 28 days, but at the same time, the critical virtual servers, including all user data, is written across a communications link to DelCor’s Network Operations Center (NOC) for disaster recovery purposes. 

Furthermore, Adam employs Backup Exec to a separate local storage container for the purpose of retaining data beyond the 28 day retention period of the SAN. “Sometimes, staff don’t realize they’ve deleted something until after a month goes by,” Adam stated. 


I sometimes find firewalls with 5-10 year old technology. That’s a frightening prospect. You should budget for a firewall replacement every 3-4 years to leverage new security technology.

Your firewall must have:

  • Deep packet inspection (DPI), a technology that inspects packets of data being sent and received by network users.
  • Perimeter-based malware protection that controls access to all entry and exit points of the network.
  • Integrated intrusion prevention, a technology that leverages DPI to identify and block known exploits.
  • Ability to block suspicious outbound traffic so you can identify a system that may be compromised and used for malicious activity such as a spambot.
  • Ability to block downloadable executables.

Adam at APPA suggests using a third-party service to analyze your firewall logs and alert you to any threats. That task is too time-consuming and critical to do yourself.


How often do you patch and reboot your servers and apps? Unpatched systems are often the entry way for security threats so it’s critical to apply patches on a daily basis. Web application servers are the most vulnerable. For example, if you have an old version of Cold Fusion, it needs to be patched regularly.

Web application security

You can have the best systems and policies in place but if there’s a vulnerability in your web application code, you’re putting your data at risk. Schedule a conversation with your web app developer to understand how the developer has (or hasn’t) ensured proper security for their web apps.

For example, make sure you have input sanitization for web apps that integrate with databases. Input sanitization ensures that any input, such as a website login, is ‘cleansed’ of harmful data and prevented from executing unauthorized actions.

For more information on possible threats, the OWASP Top Ten lists the most common web application vulnerabilities.

Staff computers

In an earlier post (second in this series), I suggested developing a security policy that balances the productivity needs of staff with the security needs of the association. Consider these practices when developing your policy:

  • Replace older operating systems, like Windows XP, that are no longer supported.
  • Don’t allow staff to have local administrator rights. As a result of this change, IT staff may be called upon to install printers or apply updates.
  • IT should centrally manage patches for vulnerable third-party applications such as Flash and Java.
  • Practice the principle of least privilege, when appropriate; that is, users can only access what they absolutely need. This principle swings the pendulum of security balance toward less functionality for the user and more support from IT, but it may sometimes be necessary to protect your data.

Next we’ll look at tools. In the meantime, if you need an audit of your security policy – or help creating one in the first place – we can help.

Editor’s note: This post in third in a series on the IT security threat landscape for associations. If you missed the first post, read it here.

Flickr photo by EFF Photos

Happy anniversary to us! (and our monthly blogger’s digest)

(Our Company) Permanent link

Yesterday marked DelCor’s 31st anniversary. Last year, we made a big deal of turning 30 by conducting 30 Acts of Appreciation. This year, the official anniversary date passed humbly and quietly. But we’ll take this brief opportunity to say thanks for sticking by us for another year as our client, colleague, employee, and friend. Each and every one of you is valued and contributes to DelCor’s success. Cheers!

neon 31 sign

44,645 meals

Last month, we enlisted the help of our local association community to support our local food bank. The impact we’ve had on our community this year – and for the past 13 years, really – is amazing. Get the full results here.

Warehouse Wednesday

In the continuing spirit of The Power of Associations, we are sponsoring our 3rd annual Volunteer Night @ CAFB on June 10. Join us at the food bank warehouse in Northeast DC to provide some hands-on help! Registration is required and just 26 spots remain. Read more and sign up today!

Blogger’s Digest: May 2015

  • All the world’s a stage when Dave Coriale of DelCor and René Shonerd of AIHA wrap up their series, “Reframe Your Approach to Change Management.” Enter the world of comedy and tragedy as you explore the fourth and final frame in Community Theater (May 13, 2015).
  • Although the call for proposals has closed, we are still psyched for this year’s technology conference. Dave Coriale gives us a preview in Thoughts on the ASAE Technology Conference Pathways (May 13, 2015). Keep your calendar open for #tech15, coming to National Harbor December 15-16!
  • Baseball season is in full swing and the Nats are leading the National League Eastern Division. But what if they subbed the “Peanuts! Popcorn!” guy in the shortstop position? It could be humorous, or disastrous. Dave Coriale takes a cue from the lineup to unveil 3 essential positions on your project team. (April 16, 2015)
  • Employees are human, and humans do incredible things with portable devices. Make sure you’re prepared for successes – and accidents. Read Dave Coriale’s What association CEOs need to know about Bring Your Own Device (BYOD) policies (May 28, 2015).

Upcoming Events


  • In his article Technology and Strategy: Connect the Dots (June 1, 2015) for Associations Now, Mark Athitakis explores what (and how) CEOs need to know about technology, including a case study of the American Gastroenterological Association.

Stay Informed

How’d you get here?! If it wasn’t from your inbox, it’s easy to sign up so you don’t miss next month’s issue. Simply drop us a line: marketing @


 Flickr photo [edited] by Dennis Yang

What association CEOs need to know about Bring Your Own Device (BYOD) policies

(Cloud Computing, Infrastructure, Security, Mobile, Social) Permanent link

Your association is already practicing Bring Your Own Device (BYOD) whether you have a BYOD policy or not. Staffers are using mobile devices in the office, while commuting, and at home to read emails, work on documents, and access your network and apps. And why wouldn’t they? We’re an always-on, get-it-done society.

You need a BYOD policy that everyone can understand and follow. And, it must be a policy that your IT staff can enforce. A good BYOD policy defines the roles, responsibilities, and expectations for IT staff, non-IT staff, and management concerning the use of mobile devices to connect with your association’s network, apps, and data.

man holding chinese takeout container

What to consider when making a BYOD policy

In developing a BYOD policy, one of the most critical considerations is security. How will you minimize the risk of security breaches in a way that doesn’t adversely affect staff productivity and privacy? What will you do if an employee’s mobile device is lost, stolen, or missing? Will you be able to wipe that device clean to protect your network and data?

Large associations may have the luxury of investing in Mobile Device Management (MDM) suites that provide more granular control over individual apps and the ability to wipe devices clean when warranted. You still have to balance staff expectations of privacy with the association’s expectations for security, and making it clear to staff where the line is drawn between the two. For example, with MDM, you have the ability to track someone’s location because of their phone’s GPS. Staff must be able to trust IT and management not to look at personal data and photos on their phone.

Understand what part of your data is subject to PCI, HIPPA, Sarbanes-Oxley, and other regulations, and develop a records retention policy that complies with these regulations.

Your BYOD policy must identify the services provided by IT staff to mobile device users. Which devices do you offer for staff’s use and/or support? What type of support do you offer? Do you provide any reimbursement to staff using their own personal devices for work?

You should also spell out the responsibilities of mobile device users. What is your password protocol? What type of back-up must staff use and how often?

Even if you have a good BYOD policy, people are susceptible to being human. They will do things like leave a tablet behind in a hotel room, click on phishing links, or use weak passwords. You will minimize these risks if you provide regular training to build a culture of security.

Provide regular BYOD training to staff

Train staff on the dos and don’ts of BYOD during on-boarding and off-boarding processes. Disgruntled former employees can wreak havoc if you don’t have the appropriate BYOD and security policies in place. Reinforce the training regularly so staff doesn’t fall into bad habits.

Make sure your BYOD policy and training cover all practical security concerns and scenarios. For example, what is your policy on accessing the AMS and viewing reports via a mobile device?

Have an email protocol in place and provide the training to support it. Don’t assume everyone knows and follows safe email practices. Just imagine several staffers venting about a board member via email. What if someone decides to forward that email?

4 items for your BYOD to-do list

Here are 4 things you should do to avoid these types of scenarios:

  • Find out if you have a BYOD policy.
  • Find out if your IT staff can tell you how many people are accessing your system via mobile devices and what type of devices they’re using.
  • Decide what level of support you will spend on mobile devices and mobile device management.
  • Make mobile device considerations part of your employee onboarding and off-boarding processes.

These resources can help you further explore BYOD considerations.

  • The White House’s toolkit for federal agencies implementing BYOD programs
  •’s list of 10 MDM tools

Once you determine where you are on the BYOD spectrum, if you decide to seek outside help, our technology consultants can provide additional guidance for developing a BYOD policy and training program, and/or selecting an MDM tool.

Flickr photo by Gabriel Saldana

3 essential positions on your project team

(Project Management) Permanent link

Cracker Jack baseball card

You expect to see 9 players on the field at a professional baseball game, right? But what if you go to a game and your team’s catcher, first baseman, and shortstop aren’t there?

What if the manager decided instead to use some of the front-office guys in those positions? He figures they’re already on the payroll, they’re smart, and they’re hard workers. How well do you think that will work?

Everyone knows the types of players and skills required for a successful baseball team, but many association executives and IT professionals don’t know the types of players needed for a project team. Too often, association staffers are asked to take on project roles for which they’re not at all qualified, yet they’re expected to perform as if they were.

When associations decide to select and implement a new system, 3 roles on the project team must be filled by qualified professionals:

  • Business analyst
  • System analyst
  • Project manager


Here’s a breakdown on each of those roles.


Business Analyst

The business analyst (BA) helps staff define, analyze, prioritize, and document functional requirements for the new system. She has a proven process for guiding organizations through the requirements phase of a project. She knows which questions to ask to reveal issues and needs, and can safely ask those sometimes difficult questions.

Having come to an understanding of the association’s business goals, business rules, and desired features, the business analyst develops user stories and functional requirements for the new system. She conveys to the system analyst and solution provider what the system has to do to deliver value to the end-users and other stakeholders. Ultimately, she is accountable for the solution meeting business requirements and, therefore, the association’s expectations.


System Analyst

The system analyst (SA) writes specifications for the solution based on the business requirements developed by the business analyst. These specs include the configuration of the system, and the configuration results necessary to meet system requirements and goals. Often, the same person serves as both the business analyst and system analyst. However, it is important to understand the difference between the two roles or steps in the process:

  • First, the business requirements and rules (BA)
  • Then, translating them into what the system needs to do to meet those requirements (SA)


Project Manager

The project manager is in charge of managing the project, including its schedule, costs, and resources. He sets up the project charter, outlines the scope of the project, and is in charge of communication about the project. He is responsible for defining the roles and responsibilities of those on the project team, and monitoring any risks that may impact the project’s budget, schedule, and ultimate success.


Minor league players can cause major league consequences.

Why is it so important that qualified professionals be in these roles, rather than staff trying to learn on the job? When a project goes haywire, we can usually trace the cause back to one of these roles being poorly done or going unfilled.

For example, if you don’t have a qualified business analyst on the project team, you can end up with insufficiently developed requirements and, therefore, a final product that may not solve your business problems.

Or, you may end up with a weak contract. We’re sometimes called in after the fact because a vendor isn’t delivering what the association expected. We often find a contract containing nebulous terms about the prototype, deliverables, and/or client approval process.

These 3 roles—business analyst, system analyst, and project manager—are all easily outsourced, yet many organizations don’t budget for them. If you have a hard time selling this concept to your leadership, try the realtor analogy.

A good realtor will tell you to spend only 80% of your housing budget so you can reserve 20% of your funds for other costs related to a new home purchase, like moving, repair, and furniture expenses. Projects need a similar resource buffer to cover business analysis, system analysis, and project management.

Flickr photo by murphman61

Thoughts on the ASAE Technology Conference Pathways

(Community, Events) Permanent link

Later this week the call for proposals for the ASAE Technology Conference (aka #tech15) are due. It’s a good time to review why the conference’s 4 educational pathways are appropriate themes for the association community to discuss.

Tech14 CIO Session

Leadership and Strategy

Here’s the Leadership and Strategy pathway description from the conference website:

Specifically designed for the c-suite executive, this pathway will focus on high level learning such as how to build a top-notch staff, talent management, c-suite communication, trends, etc.

The 4 pathways reflect the shift made by IT departments in the last several years as well as new issues they must address. In the past, IT was a service department that answered the calls of staff when a new report or printer repair was needed. IT’s place in the org chart, as part of overhead, was often underneath Finance or Administration.

Now, IT is a business unit whose leader is most likely to report directly to the CEO. IT employees are in-house technology advisors who help other departments address challenges and accomplish goals. They understand their organization’s membership value proposition and help their colleagues use technology to deliver, enhance, and measure that value proposition.

In the past, IT might get a copy of the board-approved strategic plan and learn how they were expected to support it. Now, they’re involved in influencing strategy, developing the plan, and offering ideas on how technology can further their association’s strategic objectives.

If your organization lacks the resources to hire a full-time IT professional for this critical role, don’t despair. Many of us in the association community provide that type of consulting, and a handful of us provide virtual CIO services as well. Even the smallest staff association can benefit from having IT Leadership and Strategy talent on its team.

The Business of IT

Topics can address risk management, security, privacy, intellectual properties, security for members, litigations, and ‘things your board needs to know.’

IT leaders have a more strategic focus nowadays, but they still must dedicate time to managing staff, deploying projects, and “putting out fires.” They must also deal with the repercussions and liabilities that are inherent in using technology.

In this pathway, ASAE has identified several challenges that associations must address to prevent worst case scenarios. These issues often slip off the radar and don’t make it into leadership conversations as they should.

Kudos to ASAE’s Technology Council for raising the visibility of these issues and starting a conversation at Tech 15 that you can take back to your office. You will find vendors on Tech 15’s Expo floor that provide services, such as security assessment or digital asset management, that can help you minimize the risk these new threats present.

The New IT

How does IT get deployed in an organization? What does the Co-IT look like? What is the face of leadership in the new IT? What is trending in digital ecosystems?

Associations are investing an increasing proportion of their budget in technology solutions and, understandably, have high expectations for that investment. To deploy these solutions successfully, you must have people on the project team with the appropriate, specialized skills: business analysis, system analysis, and project management. Yet, too often, organizations expect staff to develop requirements, select systems, and manage the entire project without the benefit of these skills.

Because everyone is used to figuring out how to use new apps in their personal lives, many organizations fail to provide the necessary training for IT and non-IT staff to effectively use the technology at work. For example, staff usually receives training on a new system prior to implementation, but too often that’s where training ends. Additional training isn’t included in future budgets so staff never learns how to take full advantage of the technology.

Marketing and communication (MarComm) professionals find themselves in constant catch-up mode, as new social, mobile, and web tools come onto the market. Do they understand the capabilities of MarComm technology so they can decide which type of system will help them accomplish their goals?

MarComm and Technology

How do marketing, communications and technology blend to develop and distribute a true digital experience? What factors contribute to a successful collaboration?

MarComm is quickly becoming the department most reliant on technology to do its job. Email marketing, social media, marketing automation, content management, and web analytics are just some of the tools used by MarComm association professionals every day.

The IT and MarComm departments are business partners – and that’s why association MarComm professionals should participate in this conference and the high-level conversations that will take place at it.

IT staff must understand the technology needed by MarComm staff now and in the future. For example, IT staff should become familiar with inbound marketing tools: how these tools can help their association achieve its goals and which tools will integrate best with their organization’s existing systems. As for MarComm staff, they must understand the security and privacy issues that surround the use of SaaS products and mobile devices, and be a true partner with IT in minimizing those risks.

Contribute to the conversation

The ASAE Technology Conference provides the opportunity for the executive, IT, and MarComm departments to have strategic conversations about the role of technology in fulfilling their association’s mission. If you want to help drive that conversation, consider submitting a session proposal before COB Friday!

Photo: @TechConf

Editor’s note: The author is a former chair of the ASAE Technology Council.

Reframe Your Approach to Change Management: Community Theater

(Project Management) Permanent link

man posing as stone mask  

Change has the potential to create office drama, and, along with it, a whole range of emotions: anger, loss, angst, stress, relief, joy. You can minimize the drama by preparing for change management challenges.

I had a fascinating conversation with René Shonerd, Managing Director of Technology Initiatives at the American Industrial Hygiene Association, about her approach to change management. She uses a four-frame model based on Reframing Organizations by Lee Bolman and Terrence Deal.

These 4 frames of change management are lenses through which we can understand, prepare for, and respond to resistance to change. So far, we’ve discussed 3 of the frames:

  1. The Structural frame is useful for dealing with changes that affect the infrastructure or framework of your organization, such as policies, processes, procedures, and job positions or descriptions.
  2. The Human frame deals with the effects of change on people and takes into consideration their perceptions, emotions, and behavior.
  3. The Political frame approaches the organization as a jungle, a place where conflict, concerns, and power grabs (or losses) are worked out with rules, referees, and spectators.

This fourth and final post in the series will discuss how René uses the Symbolic frame. This frame views the organization as a theater – in the classical Greek sense with its rituals and traditions, and catharsis and celebration.

For some people, change is perceived as a personal tragedy. They may have a hard time letting the ways of the past go. When a new system or process is introduced, they may no longer be the go-to person. René recommends honoring, not dismissing, their feelings of loss, and taking steps to make them still feel important and valued by others.

Honor thy traditions.

Before introducing change, think about any formal or informal traditions (or rituals) attached to the old system or process. Were there traditions such as regular meetings, reports, or presentations that were meaningful to people? Were any informal roles attached to the old system or process? Or to those traditions? Is someone’s institutional knowledge no longer needed?

Be aware of the feelings of those who might feel as if their skills and knowledge are no longer valued. For example, in the past everyone might have gone to the membership department’s program assistant to ask her to pull reports from the old database, but now everyone can easily produce the reports they need themselves. Honor the assistant’s knowledge by including her in requirements gathering meetings and asking her to help test the new system, particularly the reports. Don’t shut her out.

Pay attention to language. Project teams often use jargon that others don’t understand. That language becomes a wall between project champions and those on staff who are at-risk for becoming project naysayers.

Throw a cast party.

René says it’s important to create rituals to mark the transition to the new system and the new opportunities it brings the organization. She organized a retirement party to honor an old AMS and, by extension, all those who worked with it. If you sense people are having a hard time letting go, don’t disparage the old system, acknowledge that it served your past needs well, and that now’s the time to adopt a system that will serve the organization and its members well into the future.

Organize an all-staff champagne toast to celebrate the launch of a new system – another idea from René. The underlying message for these visible rituals is: change is here, it’s happening, and it’s time for you to join us and get on board.

Use the 4 frames to reframe.

Try on each of these 4 frames or perspectives when planning your next project and as you progress through the project timeline. Using these 4 frames, you can better understand the needs of the organization and individual staff as well as the structural, social, cultural, and psychological barriers to change.

Flickr photo by Nano Anderson