Hi Reader,
Most workforce programs train people and hope someone hires them. The two organizations in this issue did something different. They built structures where the learner produces real work, inside a real organization, from day one — and gets paid to do it. One used a federal credentialing system. The other embedded people inside nonprofits for three months. In addition to those What's Most Good stories, you also get the following:
Quick Hits: Your Form 990 filing roadmap before May 15, a one-afternoon switch that stops your payment processor from skimming $2,900 a year, and the cheapest security investment your organization will ever make.
AI Insights: A board AI governance policy you can draft this week, a fundraising FAQ for the 2026 tax changes your donors are asking about, and a cybersecurity readiness audit your board can run in 45 minutes.
Board (Not Bored) Corner: A 12-minute exercise that stops micromanagement by making the invisible visible.
A portion of every dollar you pay for this newsletter goes to Rooted, a Madison, Wisconsin nonprofit building a community-led food system through urban farms, 70-plus community gardens, and hands-on education. Three urban farms (which I walk by almost every day). One neighborhood center. Thousands of pounds of produce going to families who need it. When we talk about building systems that keep producing results, Rooted is doing exactly that — with soil, seeds, and community trust.
You weren’t imagining it. Some items I used in Issue #21 also showed up in Issue #22. That’s on me, and I’ve taken steps to improve my systems and enlist technology to help avoid any future bollocks of that sort. Understand me well when I say: I want to give you really good, really new stuff each issue. I will never be perfect, but the mistakes will keep me humble.
A Nonprofit Built a Federally Registered Apprenticeship for the Creative Economy — and Disney Said Yes
BRIC Foundation built an actual registered apprenticeship — recognized by both the federal Department of Labor and state agencies — and got Paramount, Walt Disney Animation Studios, Warner Bros. Discovery, and Wasserman to sign on as employer partners.
Here’s why that distinction matters. A registered apprenticeship isn’t a certificate program or a bootcamp. It’s a federally defined structure with legal teeth: 2,000 hours of paid on-the-job training, structured mentorship, and job-related academic instruction. Graduates earn a portable, nationally recognized credential. The employer commits to training, not just interviewing.
BRIC launched in California in 2023 targeting youth ages 18-24, veterans of any age, and justice-impacted individuals (including formerly incarcerated people and those with arrest or conviction records). Two occupations: Marketing & Events Manager and Project & Production Manager — roles that exist across entertainment, media, and tech. Since launch, they’ve placed 34 apprentices with 13 employer partners — modest numbers, but the point isn’t the headcount. It’s the structure. Every new employer who signs on multiplies the pipeline without BRIC needing to redesign anything. In January 2026, they expanded to Washington State in partnership with the Workforce Development Council of Seattle-King County, registering the same two occupations with the Washington State Apprenticeship and Training Council.
Ignore the Hollywood connection. It’s the legal framework that's important. Registered apprenticeships exist in every state. The Department of Labor provides technical assistance and templates. The hard part is finding employers willing to commit to 2,000 hours of structured training — which is why BRIC’s approach of starting with a specific industry cluster (creative economy) and building relationships with a handful of anchor employers first is the right sequence.
If your organization does workforce development, here’s how to evaluate this model. First, identify an industry cluster in your region where demand for mid-level talent exceeds supply. Second, contact your state apprenticeship agency — every state has one — to understand registration requirements. Third, start with one occupation and two or three employer partners who are already struggling to fill roles. The credential portability is what sells employers: they’re building a trained workforce for their industry, not just one hire.
BRIC didn’t run a training program. They built a credentialing system — and employers showed up because the structure made the risk manageable.
Designed to Scale: This NYC Nonprofit Pays People to Build AI Capacity Inside Other Nonprofits
Pursuit, a New York nonprofit, has been doing workforce development in New York City. Since 2012, they have focused on investing in people from low-income communities — 70% Black or Latine, 50% receiving public assistance, 60% without four-year degrees, 40% immigrants. Their reported track record? More than $1 billion in cumulative lifetime wage gains for program participants — a figure Pursuit calculates by projecting career earnings trajectories for graduates who land quality jobs.
In February 2026, Pursuit launched the AI Nonprofit Build Corps, funded by a $450,000 three-year FutureReady Grant from the Mizuho USA Foundation. Pursuit trains participants to become AI-native experts — they call them Pursuit Builders. After completing the training, Builders take paid three-month assignments inside nonprofit organizations, helping them develop and implement AI tools for real operational problems.
This is a classic two-fer. Nonprofits that need AI capacity but can’t afford to hire for it get embedded expertise for three months. Participants who need real-world AI implementation experience get paid work inside organizations solving actual challenges — not classroom simulations. The nonprofit gets a deliverable. The Builder gets a resume line and skills.
The design is intentionally replicable. The Build Corps structure — train, embed, deliver — can work in any city with a concentration of nonprofits and a pipeline of talent from underserved communities. Because the Mizuho grant covers three years, Pursuit has time to document what works, refine the placement model, and publish a playbook.
For nonprofit leaders watching this: the immediate takeaway isn’t “apply for a Builder.” It’s the model itself. Your local workforce development board, community college, or tech training program could run a version of this. The key ingredients are: (1) a training curriculum tied to specific deliverables nonprofits actually need, (2) paid placements — not internships, not volunteer hours — because compensation attracts serious talent, and (3) a host organization that commits to giving the Builder a real problem, not busywork.
Build a Form 990 Filing Roadmap Before May 15
In Issue #17, we covered building a compliance calendar and running a 990 risk scan. This is the clock-is-ticking version.
Since 2010, the IRS has revoked tax-exempt status from more than 760,000 nonprofits for failure to file. Three consecutive missed years and your exemption disappears automatically — no warning, no hearing. For calendar-year filers, the May 15 deadline is five weeks out.
Pull last year’s 990 from your files (or from ProPublica’s Nonprofit Explorer). Walk through it against this year’s reality: Did your mission statement change? Any new related organizations? Any changes to officer compensation? New programs to describe? The 990 asks about governance policies — conflict of interest, whistleblower, document retention. If you said “yes” last year and haven’t actually adopted them, fix that before you sign the return.
Time: 2 hours for the internal walkthrough. Your preparer handles the rest.
Estimated value: Your tax-exempt status. That’s not a metaphor.
Switch to Zeffy and Stop Losing $2,900 a Year in Payment Processing Fees
If your organization processes $100,000 a year in online donations through a standard payment processor, you’re losing roughly $2,900 to transaction fees — typically 2.9% plus $0.30 per transaction. That’s money your donors intended for your mission.
Zeffy is a 100% free fundraising platform for nonprofits. No platform fees, no transaction fees, no monthly subscription. They fund their operations through optional donor tips at checkout — which means your donors see the tip prompt, and some will add 15-18% on top of their gift. That’s a trade-off worth knowing about, but it’s the donor’s choice, not a hidden fee. The platform handles donation pages, event ticketing, peer-to-peer fundraising, and membership management.
(Disclosure: I have no relationship with Zeffy and receive nothing for recommending them. I’d tell you if I did.)
The switch takes an afternoon. Export your donor list from your current platform, set up your Zeffy account, build your donation page, and redirect your website links. Run both platforms in parallel for a week to make sure everything works, then turn off the old one.
Time: One afternoon for setup. One week running parallel.
Estimated value: ~$2,900/year recovered per $100,000 in online donations.
Enable Multi-Factor Authentication on Every Account That Touches Money or Data
If your email, banking, CRM, or donor management accounts aren’t protected by multi-factor authentication (MFA), you’re relying on passwords alone — and passwords get stolen. The Verizon 2025 Data Breach Investigations Report found that stolen credentials were involved in nearly half of all breaches. MFA — requiring a second verification step beyond a password — blocks over 99% of automated credential-based attacks, according to Microsoft’s security research.
Start with your highest-risk accounts: banking and financial platforms, email (especially the ED’s), your CRM or donor database, and any cloud storage with client or beneficiary data. Most platforms now offer MFA for free — you just have to turn it on. Use an authenticator app (Google Authenticator, Microsoft Authenticator, Authy) rather than SMS codes, which can be intercepted.
Time: 15 minutes per account. An afternoon for the whole organization.
Estimated value: IBM’s 2024 Cost of a Data Breach Report pegs the average breach cost for organizations under 500 employees at $2.98 million. Your nonprofit probably wouldn’t hit that number — but even a breach that costs $10,000 in notification, legal review, and donor trust is $10,000 you didn’t need to spend. MFA is free.
Draft a Board-Ready AI Governance Policy
The White House released its National AI Legislative Framework on March 20, 2026 — a proposal to preempt state AI laws with federal standards and make AI infrastructure available to nonprofits and small businesses. The 2026 Nonprofit AI Adoption Report from Virtuous and Fundraising.AI found that 92% of nonprofits now use AI — but 47% have no governance policy. Your staff is already using AI tools (even if they don’t tell you — trust me). The question is whether you’ve met your basic managerial obligation to tell them how.
Having clear guidelines frees everyone to use AI confidently — knowing where the boundaries are.
Act as a nonprofit compliance officer and governance advisor at a [small/mid-size/large] nonprofit called [Organization Name] ([paste your organization’s URL here]) with [number] staff and annual revenue of approximately $[amount]. We currently use AI tools for the following purposes: [list 2-5 uses, e.g., donor communications, grant writing, program planning, client intake, social media]. Draft a one-page AI Use Policy for our organization that covers: (1) permitted and restricted uses of AI tools by staff and volunteers, (2) data privacy and confidentiality rules, especially for client or beneficiary data, (3) staff disclosure requirements for AI-generated content, including grant reports and donor communications, (4) review and approval process for high-stakes AI-generated materials, (5) a six-month review schedule. Keep it under 500 words, in plain English, and include a signature line for staff acknowledgment.
Build a Donor-Ready FAQ on the 2026 Tax Changes
The One Big Beautiful Bill Act, signed July 4, 2025, restored the above-the-line charitable deduction for non-itemizers: $1,000 for individuals, $2,000 for joint filers. For the roughly 87% of taxpayers who take the standard deduction, this is the first direct tax incentive for charitable giving since the pandemic-era provision expired. Your donors are going to ask about it, and your fundraising team needs a clear, accurate answer.
One important limitation for your FAQ: itemizers face a floor of 0.5% of adjusted gross income before the deduction kicks in, and contributions are capped at 35% of AGI for individuals (down from the standard 60% for cash gifts). These details matter if you have major donors who itemize. Here is the prompt:
Act as a nonprofit fundraising advisor preparing donor communications about the 2026 tax law changes affecting charitable giving. I’m going to describe my organization and donor base: [Organization Name] ([paste your organization’s URL here]), a [type] nonprofit with approximately [number] individual donors. Our average gift size is $[amount] and roughly [percent]% of our donors itemize their deductions. Create a donor-ready FAQ document covering: (1) the restored above-the-line charitable deduction for non-itemizers ($1,000/$2,000) under the One Big Beautiful Bill Act, (2) the key limitations — the 0.5% AGI floor for itemizers and the 35% AGI cap, (3) how this changes the giving calculus for both itemizers and non-itemizers, (4) three suggested talking points for fundraising staff and board members, (5) a short email template announcing the change to donors. Keep each answer under 75 words. Use plain English — no tax jargon without an immediate explanation.
Run a 45-Minute Cybersecurity Board Readiness Audit
The unfortunate, normal, nonprofit protocol for addressing cybersecurity at the board level? Silence until crisis, then panic. We can do better. The Verizon DBIR consistently finds that small organizations are disproportionately targeted — and nonprofits are small organizations with donor data, beneficiary records, and financial systems that make attractive targets. You can swing the issue in your favor if the board has already discussed cybersecurity, especially when it is a forty-five-minute conversation, not a six-month project.
Act as a nonprofit cybersecurity consultant preparing a board of directors for a 45-minute cybersecurity readiness discussion. The organization is [Organization Name] ([paste your organization’s URL here]), a [small/mid-size] nonprofit with [number] staff, annual revenue of $[amount], and the following technology profile: [list key systems — e.g., CRM, email platform, cloud storage, donor database, accounting software]. Generate: (1) a one-page board briefing document summarizing the organization’s top 5 cyber risk areas based on the technology profile provided, (2) three yes/no diagnostic questions the board can answer in the meeting to gauge current readiness, (3) a prioritized action list of 5 steps the organization should take in the next 90 days, ranked by impact and cost, (4) a recommended cadence for future board cybersecurity updates. Keep the briefing document under 400 words and assume board members have no technical background.
The Decision Authority Matrix: A 12-Minute Exercise That Stops Micromanagement
Every board eventually has the conversation. Not the one about the budget or the strategic plan — the one where someone says, “I thought that was our decision,” and someone else says, “I thought that was mine.” In my 35 years of advising nonprofit boards, this has been the most consistent source of board/leadership tension.
The line between board oversight and operational micromanagement is clear in theory and invisible in practice. Most governance trainings tell boards to “stay in their lane.” But nobody draws the lanes. This exercise does.
What you’ll need: A whiteboard or shared document with four columns: Decision, Board Decides, ED Decides (Board Informed), and ED Decides (No Board Input Needed). Also, you need a handbook handout for each board member with those three columns listed on it.
How to run it (12 minutes):
1. Pre-load 8-10 real decisions your organization has faced in the past year. Mix them: hiring a senior director, approving a grant application over $50K, changing the CRM vendor, setting staff salary ranges, signing a new lease, accepting a restricted gift with conditions, posting a public statement on a political issue, changing program eligibility criteria. Use your actual decisions — not hypotheticals.
2. Each board member silently places each decision in one of the three columns on their handout. No discussion yet. (3 minutes)
3. Reveal the results. Where there’s agreement, move on. Where there’s disagreement, that’s your conversation. (2 minutes to review)
4. Discuss only the disagreements. For each one, ask: “What’s the risk if the ED makes this call alone? What’s the cost if the board has to approve it?” Most disagreements dissolve when you name the actual stakes. (7 minutes)
Why this works: The exercise doesn’t ask anyone to give up power. It asks everyone to be specific about which decisions actually need board-level involvement — and which ones the board slows down without adding value. Most boards discover they’re spending time on decisions that don’t need them and missing decisions that do.
The deliverable: After the exercise, the ED drafts a one-page Decision Authority Matrix based on the group’s answers. The board approves it at the next meeting. From that point forward, when someone asks “whose call is this?” — there’s a document that answers.
Pitfall to avoid: Don’t let the conversation become theoretical. If a board member says “the board should approve all hires over $75K,” ask: “When was the last time the board’s involvement in a hiring decision changed the outcome?” Ground every answer in reality.
That’s Issue #23. If you found something useful, forward this to one colleague who’d benefit. And if you want to talk about any of these ideas, just reply to this email — it comes straight to me.
See you next week.
Ted
|
|
Founder and CEO Risk Alternatives, LLC 202.758.7572 (cell) 608.709.0793 (office) Website
Author of Managing Your Nonprofit for Resilience
We help nonprofits thrive by providing practical tools and support to address uncertainty and improve risk management.
|
Did a cool person forward you this email?
Sign up here