Accounting missteps and tragedy take a toll on Shadowserver
From the inception of the foundation, it conducted its bookkeeping and recordkeeping within Quickbooks and multiple spreadsheets. It also worked with outside accountants to help the organization prepare taxes and manage nonprofit guidelines. However, the day-to-day operations were heavily reliant on one person, Shadowserver’s director, Richard Perlotto.
“Everything was manual—everything was relying on me,” commented Perlotto. “If we had to do invoices or anything with the finances outside of taxes, it was 100% reliant on me.”
Some issues started to emerge with the foundation’s accountants. They made changes without properly communicating what they had done, and tax considerations such as deductions were irregular and inconsistent when they should have been standardized.
At the same time, Perlotto suffered a tragic death in the family, and understandably stepped away from the organization to focus on his family. However, with so much of the business operations dependent on Perlotto, Shadowserver found itself in a situation where nobody was running the organization and following up with the accounting firm in his absence.
By the time Perlotto returned to the organization, the amount of accounting issues and inaccuracies had caught up to Shadowserver, with books and records that were lacking in several areas. With the accountant not performing as intended, the organization was not up to date from a federal and state tax filing standpoint and the federal government consequently revoked Shadowserver’s 501(c)(3) nonprofit status.
Perlotto quickly determined that he needed a business partner to help get the organization’s financials back in order and chart a course for success in the future.
“I wanted someone that I could have a permanent relationship with,” said Perlotto. “We will probably never have internal finance people, so we needed someone with the history and the expertise to meet our complexities, being three nonprofits, not a single nonprofit.”
Catching up and building a brighter future
Shadowserver chose to work with RSM US LLP to revise financial statements and refile its tax returns from 2015–2018, work to regain its nonprofit status, and perhaps most importantly, implement a back-office structure that wasn’t reliant on a single person and could persist beyond a potential catastrophic event.
“I interviewed several companies—small corporations and the large corporations,” said Perlotto. “RSM scratched several of the itches that I had right away. They were able to bring in several 501(c)(3) experts right away, and they had a variety of experts from within the organization that they were able to bring into the equation quickly to answer my questions.”
Shadowserver and RSM worked together for nearly a year performing the accounting cleanup, developing a very close, friendly relationship. That process represented a tremendous amount of work, with a typical week consisting of three meetings and roughly a dozen emails exchanged to scrutinize how items were accounted for.
“The process of fixing the accounting and going through the taxes proved the point of what I was looking for,” commented Perlotto. “I wanted an organization that could bring in people as necessary—experts that could deal with the exact problems that I was having. This was not a new thing for RSM, and that gave me confidence moving forward.”
RSM’s tax team filed the new tax returns and communicated with the IRS to restore Shadowserver’s nonprofit status. In addition, the finance and accounting outsourcing group began work on establishing a new, consistent back-office framework to help the organization optimize critical financial processes.
Shadowserver took a major step forward with the FAO platform, gaining automation capabilities within several key functions, including transaction processing, financial reporting, month-end close, and financial planning and analysis. By replacing the previous manual financial processes with scalable technology solutions, Shadowserver has gained more consistency and real-time insight it never had in the past.
The new technology framework is able to better manage the complexity of how Shadowserver’s financials must be prepared, due to its international sister corporations. The U.S.-based organization provides a significant amount of support for those entities abroad, so the accounting and reporting must be presented in a different way, which is much more easily captured within the automated approach than in the previous manual structure.
“I have gone from one person to a team,” said Perlotto. “Every time there was a question about something, RSM had an appropriately skilled person to answer those questions. While this was going on, RSM was educating me. I have run very large departments in the past, but how you run a department is vastly different than the things you need to consider for an entire corporation, and more specifically a nonprofit.”
Continued change on the horizon
As Shadowserver has gotten its taxes and finances current and back in line to include a retroactive reinstatement of their 501(c)(3) and implemented a more proactive technology solution to manage the financial function, it is also undergoing a fundamental shift in organizational operations.
Perlotto had a long, successful career with Cisco Systems, and for many years, Shadowserver was a project within that company. Cisco was the largest U.S. sponsor and primary financial supporter for the organization, but Perlotto maintained control over the mission and executed any necessary processes. The vision for Shadowserver has always been to become a truly independent, self-sustaining international nonprofit organization, but Cisco accelerated that process by surprisingly deciding to discontinue funding in 2019.
The shift in structure—from a black box governance approach to a community model—actually may have come at an opportune time, as the way people think about internet security has also evolved over time. When Shadowserver was first established, the organization presented an operational model that not everybody agreed with, but through hard work and perseverance, the framework became the standard for the security community.
However, the vision for internet security is currently more focused in the industry, amid an environment of persistent, volatile threats. With the change in strategy and more involvement in decision-making, Shadowserver is better positioned to combat bad actors and encourage a safer internet experience. With an outsourced finance department, an expanded board and community-driven paths of communication, the organization can continue moving forward with a shared mission without being dependent on any one person.
The fundraising model is certainly a new process for Shadowserver, but it has been a successful transition thus far following recent significant contributions from tech powers such as Avast, Trend Micro, Mastercard and The Internet Society (ISOC). In fact, in its first year as an independent organization, Shadowserver reached its annual funding goal within six months.
While the organization now has to work much harder for funding, the timing for bringing organizational finances up to date and automating the finance function was impeccable. As support for Shadowserver has changed dramatically, the foundation is able to quickly and accurately answer financial questions from new constituents, new investors or contributors to the business.
“Organizations really need to evaluate their finance needs on a quarterly and annual basis,” commented Perlotto.
With a stronger financial foundation in place, Shadowserver continues to look ahead and implement proactive goals to provide timely internet security reporting and malicious activity investigation. By driving change, fostering collaboration and contributing to a culture that delivers greater services and capabilities, Shadowserver continues to be the standard for uncovering emerging threats, working altruistically behind the scenes to make the internet more secure for everyone.
