Understanding market changes

Coronavirus, stock exchange losses, countries going in to lockdown, businesses being shut down, stock shortages in the shopping centres.Market changes image

We live in unprecedented times with the business models of decades’ old organisations quite literally changing overnight.

The radical changes we have seen over the past few weeks have demonstrated the speed at which market dynamics can change, and the need for businesses to respond quickly.

Boards and management teams are needing to respond with urgency to scenario plan and make decisions with imperfect information as the situation unfolds.

The markets that we operate in and the customers we serve are always changing. Whilst the speed of change is not necessarily what we have seen recently, now is a time not just to focus on the immediate crisis at hand, but to think about how to structure management and board meetings so that market changes form part of the regular and ongoing conversation.

From our experience, we observe that management reports typically fall into one of three different categories:

  1. Activities completed or in progress in the week or month.
  2. Business KPIs which are typically backward-looking and reviewed to ensure the business metrics are on track, trends can be identified and corrective actions put into place. e.g. finance, HR, work health safety.
  3. Progress against the strategy which is often a table that lists out the: goals/objectives, comments on the status against them and an indicator (e.g. traffic light).

As part of aspiring to best practice, any discussion of the strategic plan and, in this case, progress against the strategy, is worth including an item to identify and (as required) discuss any changes to the market conditions.

The review of market changes can often be addressed simply with a few bullet points and identifies by exception, any material changes in the market environment since the last report. It is important to identify both what is going on in the external environment and the potential impact on the business.

Sometimes, where a significant change is occurring or has occurred, it might be appropriate to include a white paper or an article talking about the change, or set up a special meeting to consider those changes. A major technology change; action such as a significant merger or acquisition by a supplier, customer or competitor; or change in government/stakeholder funding might lead you to establish a separate meeting of the Board or a sub-committee like risk/finance.

Within the disability sector, we have seen changes every few weeks or months that impact on organisations. Changes to the NDIS price guide, the Royal Commission and new quality and safeguarding requirements are just a few recent examples.

Making a report on market conditions a regular part of the board reporting template can help to keep the Board and management team coming back to the important strategic matters, and not to just be stuck in the operational issues.

Next month we will share more about some tools that can be used to analyse and better understand your market.

If you’d like any assistance with reviewing your market environment, please contact Andrew for an obligation free consultation.


Andrew Ellis
Business Consultant
Email: aellis@cbb.com.au
Phone: 1300 763 505


Five steps to protect your organisation from cyber risk

Former Director of the FBI Robert S. Mueller, III, made the famous quote that:

“There are only two types of companies: Those that have been hacked and those that will be hacked.”

And others have since moved to suggest that the quote should now be: “There are only two types of companies: those that have been hacked and those that don’t know they have been hacked.”

It is unfortunate that not for profit organisations are sometimes the target of a cyber-attack. Given that not for profits often hold a lot of personal data, they can be seen as a soft target. Attackers also don’t need to have a lot of data about a person in order to perform identity theft, so the consequences can be significant if personal data is stolen.

Being the subject of a cyber attack can have wide ranging impacts on the organisation; including damage to reputation, financial losses and an inability to service clients during any downtime caused by the incident.

On 28 February 2020, the Office of the Australian Information Commissioner (OAIC) released the latest Notifiable Data Breaches Report on the period July to December 2019. A few key statistics and observations can be made from the report:

  • Nationally, there are approximately 80-90 data breaches per month which are “eligible”* and are reported to the OAIC
  • Malicious or criminal attacks (including cyber incidents) are the leading cause of data breaches, amounting to 64% of all notifications in the past six months
  • About a third of breaches are the result of human error
  • The health sector has the highest number of breaches
  • Most data breaches affect less than 100 individuals, showing the vulnerability of smaller organisations, including not for profits
  • The most common data which is involved is personal contact information.

*Under the Notifiable Data Breach legislation, it is an “eligible data breach” where:

  • there is unauthorised access to or unauthorised disclosure of personal information (or the information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur)
  • a reasonable person would conclude it is likely to result in serious harm to any of the individuals whose personal information was involved in the data breach, and
  • the entity has not been able to prevent the likelihood of serious harm through remedial action.

If an entity suspects that an eligible data breach has occurred, they must undertake an assessment into the relevant circumstances, notify affected individuals and the OAIC as soon as practicable.

Ensuring that your systems are secure is fundamental to data security, but human error also presents significant risk.  Human error can involve a staff member inadvertently opening a phishing email or clicking a link to a suspicious website. One of the other sources of data breach can be, for example, when a staff member accidentally selects the wrong email address and sends an email with personal details to the wrong person.

Cyber risks are often one of the risks that are identified in a risk assessment, but many organisations struggle to know what to do next to mitigate those risks.

Five steps to mitigate cyber risk

Not for profit providers can take these steps to prepare now and mitigate the risk:

  1. Ensure that cyber risk scenarios are identified in the organisation’s risk assessment.
  2. Look at your people and the role of training in mitigating the risk– it’s important that employees understand how to detect and report threats, protect their devices and the organisation’s data.
  3. Preventative technologies and processes – encryption, secure backups, multi-factor authentication and modern hardware/software will all help to minimise the risk of data loss.
  4. Review relevant policies and preparation – plan ahead by ensuring you have an up to date privacy policy, data breach policy and data breach response plan, and undertake simulation exercises to test management.
  5. Work with a specialised external consultant undertake an independent security review and penetration testing.

CBB consultants have had experience in helping organisations plan their risk management activities. If you’d like assistance with risk management, please contact:


Andrew Ellis
Business Consultant
Email: aellis@cbb.com.au
Phone: 1300 763 505



  1. October 2019 AICD Magazine – What boards can do in the event of a cyber breach
  2. OAIC Notifiable Data Breaches Report: July–December 2019
  3. OAIC Notifiable Data Breaches Scheme 12-month Insights Report

Digitising systems without losing human interaction

A range of factors, not least the realities of operating in the NDIS market, are prompting many of our clients to look at how they can make better use of digital systems to reduce their overhead costs, create efficiencies and improve data integrity. These drivers are often counter-balanced with concerns about losing connection with clients (because digital is less personal) and the anticipated reactions of staff. Sometimes this is because experience tells organisations that some of their employees are active resistors of digital. There’s also the sheer workload – any digital introduction or change requires a change management approach, staff training and active line management of employees to ensure that they are using the technology as intended.  If resources are released from process work, there’s also an opportunity to redeploy employees to more valuable activities.

There is no shortage of cautionary tales about failed digital implementations, so not for profits need to make sure that you are putting your limited assets and capacity for digital investments in the right place.

So when is it appropriate to digitise and when should you keep it human?

Predictable, repeatable processes

Digital systems – such as CRMs – generally work on a workflow model, with a structured, step by step process of if x, then y. They are ideally suited for a predictable, repeatable process. Depending on the process you are digitising, you may be able to automate significant parts of the process – for example generating reports, invoices, payment claims. You can also use systems to drive consistency in employee implementation of processes, such as client intake. In these circumstances, workflow and validation set up can offer efficiency, consistency and improved data accuracy in following internal processes.

Dealing with volume

As soon as you try to scale something, any existing inefficiencies in your business just get multiplied. If you’re working off spreadsheets and paper folders, you’ll very quickly run out of road. If you want to scale up, you’ll need those predictable, repeatable processes to be automated as far as possible, and to drive efficiency and data accuracy.

Dealing with data

We’ve mentioned data a couple of times now, and digital really is the most reliable way of collecting and managing data. This is particularly important when you need to share data within a team working across diverse sites or in the community. Digital systems that can be accessed by your staff whilst working with a client allow for information to be shared between shifts. As well as managing risk in relation to client care, this can also improve the customer experience, as they should not need to repeat the same information across multiple members of your team.


Digital systems also allow you to analyse and report data much more effectively. As well as retrospective and real time reporting against KPIs or other business measures, once you build up a good body of data, you should be able to identify patterns or spot trends that inform business and operational planning.

Audit requirements

For any organisation operating under NDIS or Aged Care standards, digital systems allow you to record information that will be required for audit and reporting purposes. Many of our clients have implemented digital systems for incident reporting and management.

Dealing with distance

Videoconferencing services such as Skype, FaceTime and Zoom are free and easy to use, as long as you have a decent internet connection. Internally, they allow for employees to engage across sites, reducing lost time in travel. If your services do not require physical presence, they also allow for services to be delivered into rural and remote locations. Telehealth services are one example of this.

Customer experience

The reasons we’ve discussed to date for going digital largely relate to improving the efficiency and accuracy of your back office processes, but digital can support the customer facing end of your business too. Often we hear concerns that going digital will remove the human interaction and alienate clients, but you shouldn’t assume that everyone wants a one to one discussion with another person for every transaction. 86% of Australian households have internet access and, according to Deloitte we’ve reached ‘peak smartphone’. Online banking and social media are two of the most popular uses of our domestic internet connections (at 80% each) and in 2016-17 over 50% of households used the internet for health services. This should be evidence enough that a significant number of people are happy to manage personal aspects of their lives online, at their convenience. So, if you are thinking about how to make your ‘front of house’ activities more digital, here are some things you should consider:

  • Who is your target market, and what’s their access to and comfort with digital? If you are going to implement a digital solution you should consider your customers access to technology, and – particularly in remote areas – to a decent internet connection. You should also think about their digital literacy and ensure that you design your digital solution to be accessible to your client group. When answering this question, beware of making inter-generational assumptions about the use of digital.
  • Offer choice: it’s unlikely that all of your clients will fall on one side or the other of the digital divide. Pushing everyone to a digital solution is likely to result in customer frustration if they can’t get the technology to behave as they want it to. So, offer people the option to engage in person or via digital. But don’t just assume you can lift your offline processes and apply them to an online solution – you are likely to need to make some adjustments.

We’ve been working through some of these changes at CBB. For example, we have digital options for appointment booking and are increasingly using webinars and videoconferencing to connect with our client organisations and their employees. These offer our clients greater convenience and ensure our salary packaging and consulting services are accessible to clients who work across multiple sites and operate in remote areas.

Whilst we talk about the digital revolution, none of these changes have to be revolutionary. Instead they can be managed as a series of incremental changes as part of an ongoing commitment to continuous improvement.


Jane Arnott
General Manager, Consulting and Business Services
Email: jarnott@cbb.com.au
Phone: 1300 284 364


Do you feel that you are paid fairly for your job?

The topic of salaries in not for profit organisations is a sensitive one. To a certain extent, we’ve shot ourselves in the foot with some of our messaging about ‘every cent you donate’ going to the cause, creating an expectation that employees in the not for profit sector should work for the love of it, rather than drawing a market wage.

The truth of it is that we are dealing with some of society’s most complex issues and it takes skill, experience, perseverance and long hours to lead and manage organisations that deliver social impact, meet stakeholder expectations and generate sufficient profit to keep your organisation afloat, and to invest in the necessities of new technologies and innovations. The move to consumer-directed care models in aged and disability services has pushed the sector further towards commercial business models, broadening the range of skills and experience needed to operate effectively.

Continue reading…

Ageism and our lack of respect

The Aged Care Royal Commission’s interim report makes for difficult reading. Its single word title “neglect” is, in itself, a smack in the face for anyone who cares about how we treat older people, which should be all of us.

The interim report outlines the following key issues:

  • Difficulties in navigating the system – once older people reach the stage of needing formal care (beyond support which can be provided by family and friends) they are thrust into a system of applications and assessments, which commoditise them into a care package and are largely conducted by phone and internet
  • Whilst home care is often the preferred option for older people, and can maintain their independence for longer, significant waiting times for home care packages are putting many people at risk and increasing the pressure on family and other informal carers
  • Substandard care is all too common in residential aged care, with ‘thoughtless acts’ that “when repeated day after day, become unkindness and often cruelty. This is how ‘care’ becomes ‘neglect’.”

Continue reading…

Strategy can’t be created in a vacuum

There have been radical changes to the way in which community services are funded in recent years. It’s not as simple as the money just coming from a different place, the changes have completely transformed the business model for many organisations, particularly in areas such as aged care and disability, where purchasing decisions are now made by consumers, not commissioners. This comes alongside other changes in the way that people engage with causes, organisations and work; and rapidly developing technologies and stakeholder expectations of how organisations use technology to engage and deliver services. All this means that, even if you haven’t had a major change in your business model, your organisation is still going to be impacted by a changing external context.

Continue reading…

Key person risk – Is your organisation vulnerable?

If your business depends on you, you don’t own a business – you have a job. And it’s the worst job in the world because you’re working for a lunatic!
– Michael E. Gerber

Organisations can live forever, but people cannot. In the UK, the oldest not for profit organisation is said to be King’s School, Cantebury which was established more than 1400 years ago in 597.

There are many factors that contribute to the longevity of an organisation and one of them is ensuring that key person risk is mitigated.

Continue reading…

CBB Community Business Grants

Do you feel fully on top of the business-side of running your organisation? You might be delivering outstanding social impact, but are you confident that your business practices are fit for purpose?

We work with hundreds of not for profit organisations and we see first hand the challenges of juggling the operational realities of delivering community services with the management and planning needed to run a purpose driven business. We know that many organisations do not have the time – and sometimes don’t have the in-house skills – to invest in adequately planning ahead, managing corporate functions, and continuous improvement.

As part of our commitment to reinvest some of our own funds into supporting the sector to build its business capability, we are offering a series of Community Business Grants in 2019/20. Grants will be offered on a staged basis through 2019/20 and will take the form of pro bono consulting projects in areas such as understanding your market opportunities, and financial management.

The first round will open to applications soon. Sign up for news and updates on our Community Business Grant program here, including announcements as rounds open, and access to the grant guidelines.

For any queries on our Community Business Grants contact consulting@cbb.com.au.

Jane Arnott
General Manager, Consulting and Business Services
Email: jarnott@cbb.com.au
Phone: 1300 763 505


Three simple truths to strengthen your organisation for change

Thinking for Change: part three

Previous blogs in this series:

Part 1: Playing with the rules 
Part 2: Finding inspiration

If you’ve been anywhere near a business blog in the last month or so, you’ve probably seen some predictions for the year ahead. While we can’t be sure which predictions will come true, one thing is certain: change will come. When it does, how will your organisation adapt? Will it respond to chaos in “firefighting mode”, or with intention and grace? Continue reading…

Reflections from 2018 Governor’s Leadership Foundation Scholarship recipient

There are many benefits to working and volunteering in the not for profit sector. A feeling of working for a higher purpose, a calling, the satisfaction that comes with an alignment of values. Yet one thing NFPs often struggle with, compared to our more affluent corporate cousins, is finding sufficient funding to train and develop staff. Which is why I felt incredibly privileged and blessed to be a recipient of a half scholarship from CBB when I was accepted into the 2018 Governor’s Leadership Foundation Program.

Continue reading…