Blog home Tips & Training Building a culture of nonprofit compliance at Candid
Search blog

Building a culture of nonprofit compliance at Candid

Three people in an office going over paperwork.

Here’s a familiar scene: your nonprofit organization just won its first big grant, and you’re ecstatic. But before receiving funds, you need to show you’re legally registered, governed by a board, and have solid financial management policies. On top of that, there’s a lengthy contract to review and sign. It’s a lot of due diligence and compliance work to handle.  

At Candid, we can relate. We’ve had our own share of nonprofit compliance undertakings over the years.  

In 2023, Candid completed our first external SOC 2 audit, a collaborative effort across our administrative teams. For background, SOC 2 is a framework for organizations offering information and technology services (e.g., software, business intelligence, data storage, financial reporting) to ensure they can operate smoothly. Now that we’ve done our audit (at least until next year), I’m taking a moment to reflect on key takeaways from our compliance initiative that all nonprofits can benefit from.  

Whether you’re preparing for a financial audit, creating a new employee policy, or gathering materials to establish a new nonprofit, your compliance efforts are likely to succeed if you have the whole organization on board. In this blog, I’ll share lessons learned from our SOC 2 audit to help you build a culture of nonprofit compliance.  

Compliance takes collaboration 

One key takeaway from our SOC 2 audit is that effective nonprofit compliance requires collaboration. It takes a village to get ready for a large-scale effort like our recent audit. For example, we tapped resources from all parts of Candid—from facilities to product managers—to collect and develop necessary materials and documentation. Each team played a role, whether big or small, in supporting this work. 

To help your nonprofit succeed in its compliance efforts, you need awareness and support from all levels of your organization, from board members to interns. Before embarking on your compliance activity, take a moment to identify your team of compliance superheroes who can help share the responsibility and lend critical support.  

Avoid assumptions—test iteratively 

A saying I’ve always lived by is, “You don’t know what you don’t know.” This couldn’t be truer when it came to our recent compliance effort.  

Our SOC 2 audit required us to refine our policies and plans for responding to incidents or unexpected events. It would have been easy for our core team to come up with policies ourselves. But, instead, we relied on others to provide feedback on what we were doing well, as well as which policies needed improvement. We also leaned on teams across Candid to refine and test these procedures. 

As you undertake this work, avoid making assumptions to ensure outcomes reflect your organization’s needs. Talk to your teams directly to assess where you stand on compliance. For example, if you’re a research organization, learn about your studies to identify applicable regulations. Similarly, if you’re developing a new travel policy, talk to your employees to understand their work travel needs.  

Don’t let your policies gather dust 

It’s a waste of effort to develop policies if no one uses them or even knows they exist. Once you’ve created your policies and documentation, be sure to share them, so they get used!   

At Candid, we tapped into multiple ways to internally share our SOC 2-related policies. For example, staff can access policies through our intranet, and we refer to these resources regularly. We also communicated new or updated policies at organization-wide town halls with information on where to find them. 

Lastly, revisit your policies annually to ensure they reflect your nonprofit’s requirements and communicate any changes with all staff. 

Always keep an eye on the big picture 

The final lesson we learned is the importance of seeing the big picture. We spent over a year getting ready for our SOC 2 audit. This included countless hours ironing out details like the wording of certain policies or processes for vendor reviews. While doing so, it could’ve been easy to lose sight of why we were doing this in the first place. 

Ultimately, we avoided this common nonprofit compliance pitfall. In fact, our SOC 2 efforts helped Candid identify process gaps and develop plans to address them. In the end, this massive effort allows us to operate better. It strengthens our data security and brings efficiency to the due diligence requests we receive from our funders, clients, partners, and others. 

Whether you’re poring through pages of nonprofit registration forms, walking an auditor through financial transactions, or sitting through hours of government contract trainings, be sure to take a step back and identify how your compliance work helps your nonprofit achieve its mission. By bringing compliance back to your mission, you help bring everyone onboard. And that’s what building a culture of compliance is all about. 

Tags:

About the author

  • Headshot of Astrid Vinje.
    Astrid Vinje (she/her)
    Contracts and Compliance Manager, Candid
    See bio

    Astrid Vinje is Candid’s contracts and compliance manager. She works with internal Candid teams to identify and address legal or compliance issues, coordinate legal reviews of contracts, streamline internal contracting systems and processes, and manage cross-departmental compliance activities.

    Astrid brings to Candid over 15 years of experience in project management, compliance, and operations within the social sector. Prior to joining Candid, Astrid served as a project administrator for a global health organization focusing on health technology and innovation. Astrid also worked in contracts and proposal budgeting for a public health social marketing organization, and served as a Peace Corps volunteer in Togo.

    Astrid holds a B.A. in Political Science and Psychology from the University of Washington and an M.A. in International Development Studies from The George Washington University. She is an avid traveler and has lived in eight countries with her husband and two kids.

    Close

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Kate, Digital Communications Manager, Candid says:

    December 12, 2023 10:55 am

    We aren't able to advise this specific situation. We recommend you seek expertise from someone or an organization in your area.

  • Joset Roberts says:

    December 8, 2023 10:50 am

    We are in foreclosure litigation. The State/HCD gave us a grant in 2009 to add on to our building. The note states that if we were serving the same homeless/transitional people after 7 or 10 years that the principal and interest would be forgiven. HCD chose not to, started the foreclosure and on 10/11/23 the judge stated we proved that HCD ... "was in breach of contract and breach of the implied covenant of good faith and fair dealing." Now, HCD is going to ask for us to give a deposition...but instead has turned the Franchise Tax Board (FTB)on us to ask the same questions over and over. Can you help us with answers to FTB or should we take it to the media?

Related posts

A woman looking down at a laptop with a search box in the background.

Grants prospecting strategy 101 

Learn best practices for creating a funder prospecting strategy to help you secure grants to support your nonprofit’s mission-driven work.

By Anabel Tejeda (she/her)

April 15, 2024

Tags: Nonprofits; International; US; Fundraising, giving, and donations; Grants; Nonprofit and charity work;
People having a conversation and building relationships.

Visibility and relationships: Effective fundraising for small nonprofits

Candid’s senior development manager shares tips, tactics, and strategies for effective fundraising to help smaller nonprofits find, win, and retain grant funding.

By Erin DeSandro (she/her)

April 2, 2024

Tags: Nonprofits; International; US; Candid’s tools; Fundraising, giving, and donations; Nonprofit and charity work;
A man giving a presentation in front of a group of people.

Mitigating future risks: Why your organization should have an AI policy 

Find out three reasons why having an AI policy can help maximize the benefits of new technology while minimizing the risks for organizations seeking to make a social impact.

By Astrid Vinje (she/her)

April 1, 2024

Tags: Funders; Nonprofits; International; US; Candid; Nonprofit and charity work; Technology and software;
A group of colleagues having a discussion during a meeting.

Is your nonprofit organization ‘grant-ready’? 

Seeking a grant for the first time? Here’s how to make sure your nonprofit is prepared to receive foundation grant funding and what you can expect funders will require in the process.

By Lori Guidry (she/her)

March 25, 2024

Tags: Nonprofits; International; US; Fundraising, giving, and donations; Grants; Nonprofit and charity work;
A young Black woman staring at a laptop screen.

How to tell a compelling story with a Seal of Transparency 

If you’re wondering what a Seal of Transparency is, how to earn a 2024 Seal, the benefits of doing so, and more, this article answers nonprofits’ top questions about Candid Seals.

By Chris Bunting (they/them)

March 19, 2024

Tags: Nonprofits; International; US; Candid’s tools; Fundraising, giving, and donations; Nonprofit and charity work; Videos;
A woman looking at her smart phone.

Rethink, reuse, and repurpose: How to create more social media content with less work

Candid’s senior manager of digital communications explains how you can repurpose social media content to save you time and work when engaging your nonprofit’s online community.

By Kate Meyers Emery, Ph.D. (she/her)

March 14, 2024

Tags: Nonprofits; International; US; Candid; Nonprofit and charity work; Social media and marketing;