Join our Nonprofit Good News-Letter
A nonprofit is only as strong as its weakest link
What happens if your only IT staff person leaves tomorrow? Or if the one vendor who handles your online donations suddenly shuts down? Too often, nonprofits find out the hard way. In my book, Managing Your Nonprofit for Resilience, I called this the “lack of necessary redundancy.” It’s the technical name for a very practical problem, when critical knowledge, systems, or responsibilities live in only one place. One staff member. One system. One vendor. One funder. One password. This create numerous single points of failure (“SPOFs”), an organizational fragility that can bring operations to a standstill if that one point falters.
Even worse, a lack of redundancy increases the likelihood of fraud or costly mistakes. When no one else reviews the books, checks a process, or understands a system, problems can snowball unnoticed for years.
Want a real-world example? A small nonprofit preschool discovered its long-time accountant had embezzled funds for years. This was partly because only she (and a too-trusting director) had access to the books. No one else was in a position to notice the red flags. This “single point of failure” in oversight not only threatened finances but also betrayed community trust. Proper redundancy, such as separation of duties or a second pair of eyes on the accounts, would have caught this much earlier.
For many nonprofits, the SPOF challenge hasn’t gone away. In some ways, it’s gotten worse.
Staffing remains a critical pressure point. Coming out of the pandemic era, many nonprofits faced staffing shortages, and by 2024, the situation hasn’t been resolved. Roughly 74% of nonprofits have at least one job vacancy and are struggling to recruit and retain staff. This talent crunch means existing employees wear multiple hats, and organizations often operate one person deep in key functions. Burnout is widespread, which only increases the odds that your most valuable person could suddenly step away or let something fall through the cracks. It’s hard to build redundancy when you’re just trying to fill vacancies, and that reality has largely worsened the redundancy challenge since 2022.
At the same time, reliance on technology and outside vendors has increased. Cloud platforms, donor systems, remote workflows, and cybersecurity tools have become essential—but often without proper documentation, backups, or shared access.
Many nonprofits have adopted cloud tools and remote systems without fortifying internal controls or backup processes. For instance, if you moved to a cloud file storage but only one staffer administers it and knows the passwords, your files are at risk if that person leaves or if the account is compromised. Cybersecurity experts now rank tech disruptions as a top risk for nonprofits precisely because an attack on a key vendor or a single weak link (like one IT admin using an insecure home network) can have cascading effects on operations. (Technology can improve redundancy, such as cloud backups and shared platforms, if used wisely, but it can also worsen redundancy if organizations simply trade one single point of failure for another. The key is to intentionally create overlaps and backups in our tech stack, and many nonprofits still do not.)
Overall, I can’t say the SPOF challenge has improved sector-wide. Many organizations are still one stroke of bad luck away from a major interruption. The awareness of the issue is higher now, but closing the gap requires action, not just awareness.
To illustrate, I think of a nonprofit where the long-serving development director who personally managed all major donor relationships unexpectedly retired. With her went decades of donor knowledge that hadn’t been documented. Contributions plummeted for months because no one else had cultivated those donors or even knew their names. This wasn’t a theoretical risk; it was a preventable crisis.
On the flip side, I worked with an organization that handled a similar transition far better. Anticipating the founder’s eventual exit, they gradually shifted key contacts and knowledge to others, updated their CRM with notes on every relationship, and had a deputy ready to step up. The difference in outcomes was night and day.
Then there’s the IT side. A charity may have its website and email offline for over a week because the only staffer with server access had left, and no one could retrieve the login credentials in time. In contrast, consider another nonprofit that utilizes a shared password manager and maintains a comprehensive IT “runbook.” When their IT lead took a sabbatical, a trained colleague is able to follow the documented procedures to ensure that the systems continued to run smoothly without any issues.
And remember the preschool fraud case mentioned earlier: it underscores how a lack of redundancy isn’t just an efficiency risk but a fiduciary risk. When only one person handles the money, it’s easier for mistakes or misdeeds to go unchecked.
These examples show both sides of the coin: the fragility of single-point dependencies, and the power of redundancy in action. The good news is that any nonprofit, regardless of size, can take practical steps to avoid the former and achieve the latter. That will be the topic of my next post.