[Global_chapter_committee] Finances Section of the Chapter Leader Handbook

Matthew Chalmers matthew.chalmers at owasp.org
Thu Jun 30 00:16:25 EDT 2011


Due to our decentralized nature and lack of real estate we'll never be
efficient with tangible property of any kind. Even if we had a physical
location for Foundation property, we'd have a bottleneck of either one
person or a very small set of people with physical access to it, and the
expense and time of having to ship it where it needs to be, and the
logistics of keeping the entire organization informed of what we have,
whether it's available, etc. Chapters are no different. If a chapter has one
piece of property, like a projector, only one person can store it when it's
not being used, and if that person isn't available when it's needed, the
chapter may suffer. Even things as simple as signage/roll-ups--if they're
sitting at someone's house they're not doing anybody any good.

On the other hand, I firmly believe that chapters are independent and should
be able to buy whatever they want with their own money. I don't really even
like the fact that the Foundation controls their money. In my opinion, every
chapter should have its own Paypal account (or whatever other system makes
sense, just for facilitating deposits), and the chapter leader(s) should
have access to it so money can be spent when needed without any oversight.
I'm sure there are many situations where payment by check is needed, and/or
when a chapter member can't afford to front the money for a legit expense
until the Foundation pays him back. It's the CHAPTER'S money. This BS about
automatically going to the Foundation grinds my gears. The Foundation is
stingy enough as it is, trying to keep chapters from fully benefiting from
things like local/regional events/conferences. In my opinion if a chapter
has done something to earn thousands of dollars, they should not then have
to politely request reimbursement for their own expenses and make sure they
spend all their money before it gets magically whisked away by the
Foundation that doesn't trust them.

Allowing people and companies to join/support OWASP and designate a
percentage to a chapter, then essentially dangling the money on a fish hook
in front of the chapter just out of their reach, is only going to foster
mistrust. If a company pays five grand to be an OWASP supporter and
designates 40% to a chapter, hooray for the chapter, I say. If they want to
buy 20 netbooks and distribute them to local elementary schools, that's
their business, not the Foundation's. Chapters (their leadership) should be
responsible for doing the right thing without having to be given a long list
of dos and don'ts. The fact that we're discussing this seems to indicate we
don't trust that people will do that. We seem to assume that as soon as a
chapter gets that $2000 split from a corporate sponsorship, if they can
spend it at will they're going to spend it at a strip club in one night. Are
we really preventing that from happening now? What if a chapter leader
submitted a reimbursement request with a forged receipt?

It seems to me that we shouldn't be worrying about chapters with a few
hundred bucks or less to their name...and the ones that have more didn't get
it by being irresponsible so we ought to trust them with it. In a nutshell,
we need to stop thinking of (and account for) chapter money as Foundation
money. Earmarked money gets paid to a chapter and kissed good-bye,
period--it's like the Foundation never had it to begin with. If part of a
membership, or a donation, or a sponsorship, etc. gets designated to a
chapter, it's the chapter's--the Foundation doesn't get it.

What I think we should be concerned with is how to objectively determine a
chapter (especially one with money) is dormant, inactive, etc., although I
still just don't know if I'd believe that a chapter with a significant
amount of money would become so. And in that case, it should be our job to
find new leadership so they can use the dormant money--not let the
Foundation scoop it up. Think about it realistically, how much money really
makes a difference? Where do we draw the line? Should we evaluate this on an
annual basis and make it a percentage of the Foundation's gross revenue from
the last year, maybe 1%? (Incidentally I believe my company uses the figure
2% of gross annual revenue for "materiality.") So if the Foundation's gross
for a given year was half a million, then only chapters that had $5000
sitting around **for a year** would be targeted for reappropriation. I don't
know how that would work from an accounting perspective, but 1% seems like
it could be significant. The thing I want to focus on here for a minute is
that the money has to have gone unused for a year--and do we really have any
way of tracking that? It's not simply whether there's $x available at the
time of inquiry--it's whether that $x has not been used for a year.

Let's use the corporate sponsorship example. Let's say the threshold for
reclamation is $2000. Let's say a company designates 40% of their $5000
contribution ($2000) to a chapter in January and the chapter goes crazy and
spends $100 on pizza for one meeting. That one meeting gets 10 people to
join OWASP so they get $200 more in income over, say, 10 months (one person
a month). Now they have $2000 - $100 + $200 = $2100. The next February, the
chapter's over the line for funds being reclaimed...but they didn't have
that $2100 sitting for a year, they had $1900. They had $1920 for 11 months,
$1940 for 10 months, etc. We can't track this. It's crazy to try. But if we
just say every February (or whenever) if a chapter has $2000 OWASP is just
going to take it, that's totally unfair. Even if they haven't spent anything
for a year as in this example. Maybe they have a venue sponsor so they never
need money for that; maybe they have a refreshments sponsor so they never
need money for that; maybe they just can't find any reason to spend their
money. Should the Foundation just take it? No way. It's the chapter's money.
If they come up with something to spend it on five years later, they should
have it there to spend.

The only reason chapter money should be taken is if 1) the chapter's been
totally inactive for a while (like a year), not just not spending their
money; and 2) we as the chapters committee have spent a reasonable amount of
time trying to re-activate the chapter and/or find a new leader but failed
to do so. If both those conditions are satisfied then I would say the
"reclaimed" monies should be treated as an anonymous donation to OWASP.

There are two problems with all the above, however: one is that there are
probably some situations where a chapter needs true local funds like their
own bank account in order to do business, efficiently or at all, and in a
case where a chapter has set up its own account to which
Kate/Allison/whoever has no access, we may never see the money again; two is
that dormant funds are better off sitting in one big account earning
interest, rather than in small accounts all over the place. If OWASP has an
average global (all chapters, etc.) daily balance of a hundred grand, even
at 1% that's another thousand bucks of income annually.

We can only 'solve' the latter problem by forbidding chapters from managing
their own money (but we should allow for exceptions to be considered by the
committee and/or board). We can probably only solve the former by imposing
more requirements on chapters, like if they need to manage their own money,
the Foundation chair or someone has to be named on the account before they
can get their money to deposit.

I'm going to stop here, since it's not likely anyone's going to read this
far anyway...

--matt


On Tue, Jun 28, 2011 at 10:13 PM, Andrew van der Stock
<vanderaj at owasp.org>wrote:

> There should be ethical considerations in chapter's disbursement of
> funds. I don't want a situation where funds are used to pay for room hire or
> staff where the local chapter leaders work. Arm's length between local
> approval of funds use and those who might profit from it. is vital to
> emphasise our open and transparent nature.
>
> I do want to allow chapters to start acquiring basic video equipment to
> allow the recording of chapter meetings (so a small HD camera, wireless
> mike, and stand), so we do need to work out a policy on hardware.
>
> Hardware should be returned to other active chapters within a country
> first, and then to the closest Foundation for re-distribution or donation to
> a local charity of the Foundation's choosing if the returned assets' life is
> more than the depreciated cost.
>
> For example, the local OWASP Chapter in Smallville bought LCD projector
> four years ago. If the Smallville chapter goes quiet, the LCD projector and
> all other hardware items should be sent in the first instance to a nearby
> chapter so that shipping costs aren't huge if a chapter ever restarts in
> Smallville. If there is no other nearby chapter, the Foundation could decide
> to donate the LCD project to a local charity or pay the shipping back to the
> nearest Foundation.
>
> thanks
> Andrew
>
> On 29/06/2011, at 11:35 AM, Tin Zaw wrote:
>
> Kate,
>
> Thanks for kickstarting the chapter finance discussion. In this email, I
> will focus on reimbursable expenses and hardware. I will start another
> thread for chapter finances (
> https://www.owasp.org/index.php/Chapter_Finance_Policy_and_Procedure).
>
> On reimbursable expenses -- or appropriate use of funds -- we should expand
> the list of reimbursable items.
>
> But before that, we should make it a policy and practice that *all chapter
> finances are subject to OWASP policies and ethics, as well as common-sense,
> fiscal responsibility and good judgement*. In other words, *funds are to
> be used for advancing OWASP mission in a prudent (and frugal?) manner*.
>
> We should add "Administrative support for the chapter", or expand
> "Promotion of a meeting" to "Managing  and promoting chapter activities"
> which includes administrative support.
>
> As for the hardware, how about this policy? *Hardware* -- computing
> equipment, audio visual equipment, etc. -- *is owned by the Foundation but
> dedicated for use by the chapter that funds it for its useful life*. If a
> chapter dissolves and has some hardware, it must be returned to the
> Foundation. For tax purposes, we could depreciate it within whatever the
> allowable period is (2 years?). Fully depreciated equipment can be disposed
> or continued to use at the chapter's discretion.
>
> Does the Foundation need to track the hardware assets? If so, the chapters
> should be required to report (via Google Spreadsheet, for example) the
> status of the hardware including depreciation.
>
> I think it sounds good for US chapters, but I don't know what the
> complications are for international chapters and chapters under European
> Foundation. I need help and comments from our international committee
> members.
>
> The question of if the hardware is needed, yes it is. Many times, we use
> our own equipment or borrowed equipment (such as the host organization's)
> for our hardware need. For example, I have been using my personal spare
> laptop for many of the OWASP activities -- most chapter meetings and AppSec
> conference -- until it died recently. It came in very useful when a keynote
> speaker at AppSec conference got her laptop stolen. (BTW, I requested a
> reimbursement for a laptop because my personal spare laptop I was using for
> OWASP purposes died, and I thought it will be good use of LA chapter's
> funds. LA Board agreed too). We could also use things like video camera to
> record meetings -- some members requested it -- but we held on to this idea
> because we do not have time for post-production work.
>
> Committee members, please share your thoughts.
>
>
>
> On Tue, Jun 28, 2011 at 12:46 PM, Kate Hartmann <kate.hartmann at owasp.org>wrote:
>
>> During the last Chapter Committee Call, the topic of the Finance Section
>> of the Handbook and it’s impending update was discussed.  The date for this
>> to be completed was set as July 11 (for the Board Meeting).
>> https://www.owasp.org/index.php/Chapter_Handbook:_Managing_Money ****
>>
>> ** **
>>
>> We are seeing some reimbursement requests for items that do not fall
>> within the current reimbursement guidelines:****
>>
>>    - (Meeting venue rental. ****
>>    - Refreshments for a meeting. ****
>>    - Promotion of a meeting. ****
>>    - Travel for speakers.****
>>
>> And I believe that we need to clarify what might be considered
>> appropriately reimbursable items/services.  We need to include contracting
>> services (as are currently in place in NY and LA) and be sure to include
>> other support systems for chapters.  One reimbursement request is for
>> hardware.  With a request for equipment, the issue of proprietary and
>> depreciable Foundation Equipment arises.  If the Foundation reimburses for
>> the hardware, then it essentially belongs to the Foundation, even though the
>> funds are “chapter funds.”  Since we are 99.9% volunteer organization, how
>> do you suggest we manage this?  Also, since we are all in the computer
>> industry and most of our work is done via the internet on the wiki, can we
>> approve a hardware purchase for use by a volunteer?****
>>
>> ** **
>>
>> I want to be sure we clarify this, and other situations.  Sarah, I’m not
>> sure that we are the best people to decide what is appropriate for chapter
>> support since neither one of us are chapter leaders.  ****
>>
>> ** **
>>
>> Kate Hartmann****
>>
>> Operations Director****
>>
>> 301-275-9403****
>>
>> www.owasp.org ****
>>
>> Skype:  Kate.hartmann1****
>>
>> ** **
>>
>> _______________________________________________
>> Global_chapter_committee mailing list
>> Global_chapter_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>
>>
>
>
> --
> Tin Zaw, CISSP, CSSLP
> Chapter Leader and President, OWASP Los Angeles Chapter<http://www.owaspla.org/>
> Chair, OWASP Global Chapter Committee<http://www.owasp.org/index.php/Global_Chapter_Committee>
>
> Google Voice: (213) 973-9295
> LinkedIn: http://www.linkedin.com/in/tinzaw
>
>  _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20110629/6509030b/attachment-0001.html 


More information about the Global_chapter_committee mailing list