When you care about outcomes, it makes a lot of sense to distinguish between day-to-day maintenance and strategic planning.

Consider physical health, as an important outcome of nutrition.

If I wanted to, I could eat out for every meal, every day. It's expensive, but it's fun, and it's convenient.

Problem is, eating out gives me almost no control, nor knowledge, of the nutritional considerations.

If I care about my health and nutrition, making my meals in-house provides a ton of value.

On the other hand, if I'm trying to make significant changes to my nutritional intake, I can get a lot of value by consulting with an expert, a nutritional advisor or coach who can help me make a good plan.

This way, I get valuable guidance at a strategic level, and then I go in-house with the day-to-day so I can control the outcomes.

Here's the thing:

Bringing in an outside advisor is a great idea for strategic planning on big changes. But for day to day maintenance and support, keeping it in house is usually the long-term winning option.

All the best,
A.

You've probably got someone on your team actively monitoring for errors on your CRM system (and if you don't, we really should talk).

Still, sometimes you'll get a report from a user who's running into a problem.

Maybe they can't submit a payment. Maybe they're seeing something unexpected.

What to do?

A frustrated donor or member is a real problem. It's important to take them at their word.

But you can lose a lot of time and effort trying to solve this problem without a careful approach.

Here's where I like to remind people:

A little skepticism can be a virtue.

After all, how do you know what's causing this user's problem?

• Is it a bug in your software?

• Is it a misconfiguration somewhere?

• Is the user missing an important step?

To address it properly, the skeptical mind assumes that there nothing to fix, until you (or someone on your team) can see it happening.

Without seeing it happen, you really have no idea if:

• The problem exists,

• For whom it exists and under what circumstances, or

• What the nature of it really is.

You can guess and assume, but that wastes a lot of time.

Here’s the thing:

Someone on your team needs to replicate the bug. Otherwise, you don’t have a bug; you have a rumor.

Once you can see it happening you get a few advantages:

1. The cause of the problem may be obvious to you, so you can fix it right away.

2. If not, you now have a set of steps that you can repeat in slightly different scenarios. This is critical for deeper debugging.

3. Most importantly, you have a way to verify that any corrective action you take has actually solved the problem. Because you’ll be able to repeat those steps without issue.

Sometimes figuring out how to replicate the problem is 99% of fixing it.

But this only happens if you start with a little bit of healthy skepticism.

All the best,
A.

P.S. This email is part of a series, “Bug Monday”. Every Monday I’ll cover important concepts in dealing with real or imagined bugs in your CRM system. You can see previous emails in this series here.)

You're probably offering your members and donors some sort of recurring auto-pay option. (And if you're not, we really should talk.)

Why do you do that?

Because people forget. Even the things they want to do.

And they don't want to think about it every month or every year.

Can you even imagine a system of membership payments that are due in random amounts at random times throughout the year? Who in their right mind would want that?

But as the owner of business software systems, you're in a position to keep up with tasks that do come up unpredictably and without warning.

Security updates, user support requests, system bugs and errors, and more.

Wouldn't it be nice if there were a way to put yourself on auto-renewal for such tasks — or at least to automate them somehow — so you never had to think about them, and you could be sure they were getting done right?

Actually you can.

You just have to decide what those tasks are, and find a way to automate them.

For security updates and backup recovery, there are subscriptions available. (Yes I offer such services but that's not the point this email.)

For other tasks, you may need to think a little more carefully.

But here's the thing:

Mental stress is a cost. And you can reduce it by putting systems in place to even out the unpredictable.

All the best,
A.

We talk a lot about measuring, but how do you know what you want to measure?

• Membership renewal rates month over month?

• Email open rates from one mailing to another?

• Email bounce rates month to month?

• Relationships between member interaction and membership renewal?

• Relationship between the length of the registration form and the form completion rate?

If you haven't made a practice of measurement and analysis, it can be hard to know where to start.

But if you think about it for a moment, you probably have some idea.

At some level, you know what you want to achieve, and you have some theory about how to achieve it.

That, if nothing else, is the place to start measuring.

As you get a little more familiar with the process, you'll also be building up a valuable store of information that will help you refine your measurements towards more specific, attainable, and valuable goals.

In the words of the immortal, er, somebody (Benjamin Franklin? Lady Gaga?):

You don't have to get it right; you just have to get it started.

All the best,
A.

Imagine that you've been getting user complaints about your CRM.

Maybe they're getting error messages. Maybe they're confused about what their membership gets them. Maybe they're frustrated by the difficulty of updating their own contact information.

Now imagine that you decide to improve the situation. It’s time to take some action.

But you know that a good goal is not just “getting better." It's a number on a metric that you can aim for.

In this case, you could aim to “reduce user complaints by 15%.”

So the next question is: Reduce them compared to what?

To know if you're improving, you'll need to start with a baseline, a number that indicates your current performance on this metric.

If you've been tracking user complaints in a systematic way, then you probably have what you need to figure out your current baseline. A little time spent in analyzing that data, and you’ve got it.

But if you can't figure out your current baseline, then you can't make a goal about reducing user complaints.

Instead you need a goal like: Create a system to measure the frequency of user complaints.

Here’s the thing:

A goal has a measurable outcome. If your current number of ways to measure is zero, then an important goal is moving it from zero to one.

All the best,
A.

As you think about ways to improve your organization, and your systems, consider this:

How will you know if you've actually improved?

If you're not measuring the starting point and the outcomes, can you really say that you've improved anything?

If you're not measuring, you're not improving. (Or at least, you can’t know if you’re improving.)

What would you like to improve? And how can you find ways to measure that improvement?

All the best,
A.

New Year's resolutions are tricky. We’re 18 days into the new year, and a lot of people have already given up on theirs.

For a many of them, the reason is that they haven't set actual goals.

Exercise more. Eat healthier. Lose weight. Save more money.

What do these have in common?

They all sound nice. And none of them are goals.

Aspirations, yes. But goals, no.

Here's the thing:

A goal aims for a measurable outcome.

Exercise more: Well, how much more? And, by the way, why? What's the actual outcome of this aspiration?

If you want to set goals for your organization, first think about the business value you're trying to achieve.

And then pick a measurable indicator that will get you closer to that outcome.

That’s a real goal: one you can work toward and know when you've achieved it.

All the best,
A.

Like everything else, system complexity comes with significant trade-offs.

Just think about the mental overhead that's required when you decide to implement complex policies.

For example:

• Having 27 user roles in your system could be an administrator's nightmare.

• Having 18 different types of membership, each with six different variations in pricing, expiration date, term, and access to a different set of features and content, brings a lot of challenges when it's time to get everything straight.

The more complex these policies are, the more careful you have to be in implementing them. And when someone has a question about why the system behaves as it does, you've got a real task on your hands to figure it all out and explain it.

Even if the system is working right, the fact that you can't hold all the rules in your head at one time increases the mental stress of maintaining the system.

And mental stress is a cost.

Managing complex systems with confidence requires more systems to simplify that management. Good documentation. Automated testing. Staff training. Specialized interfaces.

Here's the thing:

If all of this helps you achieve a measurable business outcome, and the value of that outcome is great enough, then you're all set. Because you can afford to create those management systems.

But if the measurable business value is not there, why would you even bother?

Keep it simple, and sleep better at night.

All the best,
A.

I know a lot of organizations that rely on their CRM support provider almost as much as they rely on their CRM.

Smart decision?

Of course, systems need support. But the problem with outsourcing that support to an external provider is this:

It does not lead you to master your own systems.

The organizations I've seen who are happiest with their open-source CRMs — who are getting the most value out of their systems — are the ones who handle their support internally, and rely on external expertise only for strategic decisions and planning.

Naturally you can get some cost-savings by bringing CRM operations in-house. But that's not the primary value.

The primary value is in increasing institutional knowledge of your systems and how they work.

How you decided to do this will depend on your situation, but here are some ideas:

• Designate someone in your organization to be the point person for these tasks. All questions come to them, and they become, in time, the in-house expert.

• Work out a job description for a new hire that includes these tasks, either as a primary function or along with other responsibilities.

• Start taking on these tasks yourself. This may be the best option if you're running a very small operation.

Here’s the thing:

One of the great benefits of running open-source tools is that you own the data and the systems, which gives you extraordinary stability and freedom.

But if you're not mastering those systems over time, can you really say that you own them?

All the best,
A.

Convenience and security are trade-offs.

Giving everyone in your office a key to the front door certainly adds convenience. But if you've got 200 people in your office, you probably want to think twice about the security implications.

Not long ago one of my clients had their website defaced. Someone had guessed the password for one of their user accounts, and used it to add spam links to a gambling website in every page on the site.

That user account wasn't even in use anymore. But nobody had thought to disable it.

Here's the thing:

Tightening security can cause some inconvenience.

• Somebody has to remember to disable unused accounts.

• Two-factor authentication makes logins just a little more cumbersome.

• Some of your board members may be unhappy learning they don't have absolute carte blanche access to change anything on your site.

But considering the implications of a security breach, isn't it worth thinking carefully about the trade-offs between security and convenience?

All the best,
A.

How would you find out if your site were off-line?

Would you get an email from one of your members? Would you get a phone call from your board chair? At 10 pm?

Sites go down. It happens. And usually, someone needs to take action to get it online again (or, you could just, you know, wait and see).

Here’s the thing:

If you’ve got a site you care about, you need to make sure someone’s monitoring it. Someone who can take action quickly in case it goes off-line.

For Joinery’s hosting clients, my team and I receive phone notifications within a minute or less if the site goes off-line.

For sites you’re not hosting with Joinery, you can still use a monitoring service (Joinery uses UptimeRobot) to keep on top of things. So you can take quick action.

It’s a lot better than hearing about it from your board members.

All the best,
A.

If you're still not sure that it's worth paying someone just for their advice, think about the ways people already do this all the time.

Fishing guides. Fashion advisors. Sports trainers. Personal tour guides. Real estate agents. Business coaches and mentors.

All of these people offerable a valuable service, none of which is actually doing the work.

Sure, I can hire a fisherman to go out and catch me a swordfish, and deliver it to me ready to mount on my office wall.

But if I hire a guide instead, I've got a good chance of getting that swordfish myself. And learning how to get more along the way.

All the best,
A.

I'm a big fan of managing your projects in-house, where possible.

It's one of the best things you can do to grow your institutional knowledge of your systems, which is a huge value long term.

But of course it's not always possible.

Some projects just involve too much new and specialized knowledge that you don't have in-house.

So what to do?

Fortunately, it's not always a stark choice between doing everything yourself and outsourcing the entire project.

Hiring a technical advisor can be a great choice. In this arrangement, you still do all the hands-on work in-house, so you get the cost savings of using your own staff and the long-term benefit of retaining institutional knowledge.

What the advisor provides is a voice of experience, to ensure that your progress is not blocked by surprises and beginner mistake. That all of that in-house work you’re doing is built around ideas that will work. That your project is not a series of hit-or-miss trials and errors.

Here's the thing:

Even on the most complex and mission-critical projects, there are ways to divide the work, and still focus on building institutional knowledge along the way.

All the best,
A.

Risk management is not something you want to leave as an afterthought.

• You probably have a routine to keep your smoke alarm batteries fresh — like changing them when you change your clocks for daylight saving time.

• You probably have a way to keep your car insurance premiums current — like putting them on auto-pay.

It’s great. You don’t have to think about it. Or remember it. Or risk putting it off. And important stuff gets done.

But what about software security updates?

CiviCRM releases security updates a few times a year. So do Drupal and WordPress.

But unlike insurance premiums and battery replacement, these security updates come on an unpredictable schedule.

If you don’t have a system in place to make sure they get installed on a timely basis, it’s easy to be unaware of them. Or put them off. Or forget about them.

That’s why thousands of site owners regularly fail to apply these updates in a timely manner – and as a result, thousands of those sites get compromised by hackers every year.

Here’s the thing:

It’s not easy to keep up with this stuff, until you make it easy.

You can subscribe to CiviCRM’s Security Notifications list to get advance notice of security updates, and then plan accordingly. (Drupal and WordPress have similar offerings.)

You can assign a member of your internal team to be responsible for performing security updates.

You can subscribe to Joinery’s Proactive Security Updates service and let me handle that for you. (Or hire some other CiviCRM Partner to handle it.)

Whatever it is, make a system, and stop putting off these updates for lack of a plan.

It’s just one more worry you can cross off your list.

And who doesn’t want that?

All the best,
A.

Trying something new entails risk.

At the very least there's the risk that you'll put in time, money, and mental effort, and you won't get anything out of it.

To mitigate that risk, start small.

Train one department or one staff member in a new technique. Roll out a feature to a fraction of your constituents. Adopt one new workflow for yourself.

By starting small, you limit your investment.

And as a bonus, since you're measuring outcomes (you are, right?) you can compare the benefit of this new idea to doing it the old way.

Risk mitigation and measurement of outcomes? Double win.

All the best,
A.

One of the most common risks on software projects is cost overruns.

Many projects begin with a simple idea for a feature improvement, for which you would then get an estimate of work, to be billed hourly.

The big unknown here is in the estimate — after all, it's just an estimate.

Nobody, and I really do mean nobody, can know if that estimate is accurate, until the project is done.

So it should be obvious that nobody knows what the total billables will be, until the work is complete.

Naturally this leads to a significant risk of cost overrun.

How can we mitigate that risk?

Simple:

Stop relying on hourly estimates.

Find a provider who's willing to give you a price. For a specific set of deliverables. Which you’re confident will help you meet a specific business goal.

That price may come out a little higher, or even a lot higher, then whatever lowball estimate you might get from someone who “really needs the work.”

But we're not just hoping for the best here. We're creating plans to mitigate risk. And then it's up to you to decide whether that mitigation is worth it. (Hint: It usually is.)

All the best,
A.

Would you drive across the desert without a spare tire? You could. But I wouldn't recommend it.

Would you operate your mission-critical CRM without a system of daily backups and a way to recover those backups in an emergency? You could. But I wouldn't recommend it.

Would you embark on a project to create custom features for your systems without a Plan B just in case everything goes wrong? You could. But ... Well, you get the idea.

It's natural to hope that everything will go according to plan. But the smart choice is to prepare, in case it doesn't.

Here’s the thing:

Every endeavor comes with some risk.

And while you can't prepare for every possibility, and you can’t afford to be paralyzed by endless what-ifs, there are probably some simple precautions you can take to mitigate some of that risk.

What steps are you taking to ensure that your plans, systems, and projects will be protected in case of the unexpected?

All the best,
A.

One of the cool things about open-source software is that developers in the community work together to address issues when they come up. (The recent team effort to solve card testing abuse is a great example.)

And of course you as an open-source software user get to benefit from those efforts. Somebody else has just fixed your problem, and they’re giving the solution away to everyone for free.

But to take advantage of that, you have to stay aware.

The official blog at CiviCRM.org is a great resource for keeping up. So are the CiviCRM StackExchange, and the online discussions at chat.civicrm.org.

Having an expert on your team, internal or external — someone who keeps up with developments in the community — is an important part of staying aware and ensuring you get these benefits.

How are you keeping up with developments for your open source tools?

All the best,
A.

In the past few weeks many CiviCRM sites using the Stripe payment processor have had serious troubles with a kind of abuse called card testing.

It's not the kind of thing that could allow someone to break into a site, or steal user data, but on many sites it has been aggressive enough to bring them to a crawl, and occasionally to a halt. Or get their Stripe account suspended. Or other troubles.

Developers in the CiviCRM community got together pretty quickly and worked out a solution. You can read about it in my blog post on civicrm.org: Stripe: Solving Card-Testing and Fraudulent Transactions

If you're processing payments through Stripe on CiviCRM, you really should give that a look and apply that fix on your site.

If you need help with that, you should reach out to your support team.

You do have a support team right?

All the best,
A.

The great thing about an open-source CRM is that you can make it do pretty much anything you want it to do.

But just because you can, does that really mean that you should?

In the world of CRM, trying to make your tools do everything your way can become an expense that quickly exceeds the value.

That's why in many cases I recommend just doing it the software's way. Adapting your workflow to the software usually gets you more value than adapting the software to your workflow.

And when it doesn't — when you've got a clear business case for customization — you'll know it, because you can state plainly the business value of what you're hoping to achieve.

Until then, it's okay to work with what you have. No system will ever be perfect, resources will always be limited, and smart improvements are driven by measurable business goals.

What measurable goals are you pursuing now?

All the best,
A.