[Global_chapter_committee] Finances Section of the Chapter Leader Handbook

Jason Li jason.li at owasp.org
Thu Jun 30 01:14:25 EDT 2011


First off, let me just say that I'm a lurker on this list and not a member
of the Chapters committee, so take this entire unsolicited commentary of
mine with a grain of salt :)

I think you bring up some legitimate concerns about tangible property, what
constitutes "chapter" money, and logistical difficulties in managing
inactive finances.

With regards to tangible property, I agree that there are some pretty
significant challenges to ensuring that investment in tangible property is
worthwhile. I don't really have any additional comment here other than to
say I think you're spot on.

With regards to chapter money, I agree that a chapter that goes out and
earns its own money deserves to retain that money and spend it as the
chapter sees fit - as long as it's in line with OWASP core values and good
common sense (no strip clubs...).

The problem I see is that it's very muddy to figure out where a chapter's
involvement ends and the Foundation's involvement begins for large events.
For the Global AppSec events, and even for some of the larger regional
events, the Foundation has provided significant support in the past - both
financially and logistically - to stand up an event. The revenue from those
events has been the primary source of funds for the organization (~77%) as a
whole to provide things like promotional materials at conferences,
infrastructure like RegOnline, financial services and audits to maintain our
503(c) status, and perhaps most relevant to this discussion - as *seed money
to reinvest in local and regional events* for chapters that don't have
funds. There have been many small local/regional events in the past that
have lost money or barely broke even, but the Foundation takes on that risk
and loss in supporting such events. I don't think I've heard of any chapters
leaders clamoring for a payback policy out of future chapter funds for
losses incurred...

If a local chapter puts on a local/regional event, and they fund it out of
their own funds, then it seems pretty straight forward to me that the
chapter should get most of the proceeds - less a reasonable amount to pay
for any services rendered by the Foundation such as processing the
financials so as to be complaint with 503(c) policies, being covered under
the Foundation's event liability insurance policy, bank transaction
fees, registration services, providing conference schwag, etc.

But I imagine very few chapters have the funds right out of the gate to
start launching their own events. In those cases, chapters ask the
Foundation to front the money and absorb the risk to stand up the event ---
and in such cases, I think it's very muddy to determine what a fair and
equitable way to divide profits. Furthermore, my impression has been that
many of the chapters with large bank accounts (>$5,000) probably got to that
status due at least in part to a large Global/regional event that was held
by the Foundation in the chapter's region (caveat - that's just my personal
speculation - I don't know the individual chapter finances).

I agree with what you're saying about chapters deserving what they earn ---
but at the same time, the Foundation is a significant part to the success of
such events. So as with everything in life, nothing is clear cut and simple
to divide.

This is an area where I think the Conferences Committee and the Chapters
Committee needs to get together in person and talk it out. Online
communication makes things too detached and it's easy to become
antagonistic. Even voice calls are difficult to manage when there's
contentious issues to discuss.

I also wanted to touch on the other part of your concern regarding not
trusting leaders. I don't think it's an issue of not trusting leaders, so
much as it's an obligation of the Foundation to ensure that expenditures are
appropriate. The organization has annual audits to maintain its status as a
503(c) entity and there are some ridiculous rules regarding what a 503(c)
organization can do with its money. I agree that we should trust our
leaders, but I'm not a lawyer and I'm fairly certain most chapter leaders
aren't either... The last thing we need is to lose our status as a 503(c)
entity because an overzealous leader who wasn't fully cognizant of the
Foundation's legal obligations decided to spend money in an inappropriate
way. Note that if a chapter leader submits a fake receipt, well that's fraud
and I'm assuming the Foundation would be shielded from the fallout of
criminal actions made by an individual. I can understand how it feels like
the organization is stingy or that it doesn't trust its own leaders - but I
also feel like there are some rational reasons behind it (again caveat being
that it's just my personal speculation).

I'm not trying to marginalize your points (many of which I agree with in
principle) - I'm just trying to paint them in context of what I assume is a
bigger picture.

For the record, I did read to the end of your email and I don't know how we
can solve the logistical issue of inactive chapter funds...

If you made it this far in my response, thanks for reading and indulging in
my $0.02 :-)


On Thu, Jun 30, 2011 at 12:16 AM, Matthew Chalmers <
matthew.chalmers at owasp.org> wrote:

> Due to our decentralized nature and lack of real estate we'll never be
> efficient with tangible property of any kind. Even if we had a physical
> location for Foundation property, we'd have a bottleneck of either one
> person or a very small set of people with physical access to it, and the
> expense and time of having to ship it where it needs to be, and the
> logistics of keeping the entire organization informed of what we have,
> whether it's available, etc. Chapters are no different. If a chapter has one
> piece of property, like a projector, only one person can store it when it's
> not being used, and if that person isn't available when it's needed, the
> chapter may suffer. Even things as simple as signage/roll-ups--if they're
> sitting at someone's house they're not doing anybody any good.
> On the other hand, I firmly believe that chapters are independent and
> should be able to buy whatever they want with their own money. I don't
> really even like the fact that the Foundation controls their money. In my
> opinion, every chapter should have its own Paypal account (or whatever other
> system makes sense, just for facilitating deposits), and the chapter
> leader(s) should have access to it so money can be spent when needed without
> any oversight. I'm sure there are many situations where payment by check is
> needed, and/or when a chapter member can't afford to front the money for a
> legit expense until the Foundation pays him back. It's the CHAPTER'S money.
> This BS about automatically going to the Foundation grinds my gears. The
> Foundation is stingy enough as it is, trying to keep chapters from fully
> benefiting from things like local/regional events/conferences. In my opinion
> if a chapter has done something to earn thousands of dollars, they should
> not then have to politely request reimbursement for their own expenses and
> make sure they spend all their money before it gets magically whisked away
> by the Foundation that doesn't trust them.
> Allowing people and companies to join/support OWASP and designate a
> percentage to a chapter, then essentially dangling the money on a fish hook
> in front of the chapter just out of their reach, is only going to foster
> mistrust. If a company pays five grand to be an OWASP supporter and
> designates 40% to a chapter, hooray for the chapter, I say. If they want to
> buy 20 netbooks and distribute them to local elementary schools, that's
> their business, not the Foundation's. Chapters (their leadership) should be
> responsible for doing the right thing without having to be given a long list
> of dos and don'ts. The fact that we're discussing this seems to indicate we
> don't trust that people will do that. We seem to assume that as soon as a
> chapter gets that $2000 split from a corporate sponsorship, if they can
> spend it at will they're going to spend it at a strip club in one night. Are
> we really preventing that from happening now? What if a chapter leader
> submitted a reimbursement request with a forged receipt?
> It seems to me that we shouldn't be worrying about chapters with a few
> hundred bucks or less to their name...and the ones that have more didn't get
> it by being irresponsible so we ought to trust them with it. In a nutshell,
> we need to stop thinking of (and account for) chapter money as Foundation
> money. Earmarked money gets paid to a chapter and kissed good-bye,
> period--it's like the Foundation never had it to begin with. If part of a
> membership, or a donation, or a sponsorship, etc. gets designated to a
> chapter, it's the chapter's--the Foundation doesn't get it.
> What I think we should be concerned with is how to objectively determine a
> chapter (especially one with money) is dormant, inactive, etc., although I
> still just don't know if I'd believe that a chapter with a significant
> amount of money would become so. And in that case, it should be our job to
> find new leadership so they can use the dormant money--not let the
> Foundation scoop it up. Think about it realistically, how much money really
> makes a difference? Where do we draw the line? Should we evaluate this on an
> annual basis and make it a percentage of the Foundation's gross revenue from
> the last year, maybe 1%? (Incidentally I believe my company uses the figure
> 2% of gross annual revenue for "materiality.") So if the Foundation's gross
> for a given year was half a million, then only chapters that had $5000
> sitting around **for a year** would be targeted for reappropriation. I don't
> know how that would work from an accounting perspective, but 1% seems like
> it could be significant. The thing I want to focus on here for a minute is
> that the money has to have gone unused for a year--and do we really have any
> way of tracking that? It's not simply whether there's $x available at the
> time of inquiry--it's whether that $x has not been used for a year.
> Let's use the corporate sponsorship example. Let's say the threshold for
> reclamation is $2000. Let's say a company designates 40% of their $5000
> contribution ($2000) to a chapter in January and the chapter goes crazy and
> spends $100 on pizza for one meeting. That one meeting gets 10 people to
> join OWASP so they get $200 more in income over, say, 10 months (one person
> a month). Now they have $2000 - $100 + $200 = $2100. The next February, the
> chapter's over the line for funds being reclaimed...but they didn't have
> that $2100 sitting for a year, they had $1900. They had $1920 for 11 months,
> $1940 for 10 months, etc. We can't track this. It's crazy to try. But if we
> just say every February (or whenever) if a chapter has $2000 OWASP is just
> going to take it, that's totally unfair. Even if they haven't spent anything
> for a year as in this example. Maybe they have a venue sponsor so they never
> need money for that; maybe they have a refreshments sponsor so they never
> need money for that; maybe they just can't find any reason to spend their
> money. Should the Foundation just take it? No way. It's the chapter's money.
> If they come up with something to spend it on five years later, they should
> have it there to spend.
> The only reason chapter money should be taken is if 1) the chapter's been
> totally inactive for a while (like a year), not just not spending their
> money; and 2) we as the chapters committee have spent a reasonable amount of
> time trying to re-activate the chapter and/or find a new leader but failed
> to do so. If both those conditions are satisfied then I would say the
> "reclaimed" monies should be treated as an anonymous donation to OWASP.
> There are two problems with all the above, however: one is that there are
> probably some situations where a chapter needs true local funds like their
> own bank account in order to do business, efficiently or at all, and in a
> case where a chapter has set up its own account to which
> Kate/Allison/whoever has no access, we may never see the money again; two is
> that dormant funds are better off sitting in one big account earning
> interest, rather than in small accounts all over the place. If OWASP has an
> average global (all chapters, etc.) daily balance of a hundred grand, even
> at 1% that's another thousand bucks of income annually.
> We can only 'solve' the latter problem by forbidding chapters from managing
> their own money (but we should allow for exceptions to be considered by the
> committee and/or board). We can probably only solve the former by imposing
> more requirements on chapters, like if they need to manage their own money,
> the Foundation chair or someone has to be named on the account before they
> can get their money to deposit.
> I'm going to stop here, since it's not likely anyone's going to read this
> far anyway...
> --matt
> On Tue, Jun 28, 2011 at 10:13 PM, Andrew van der Stock <vanderaj at owasp.org
> > wrote:
>> There should be ethical considerations in chapter's disbursement of
>> funds. I don't want a situation where funds are used to pay for room hire or
>> staff where the local chapter leaders work. Arm's length between local
>> approval of funds use and those who might profit from it. is vital to
>> emphasise our open and transparent nature.
>> I do want to allow chapters to start acquiring basic video equipment to
>> allow the recording of chapter meetings (so a small HD camera, wireless
>> mike, and stand), so we do need to work out a policy on hardware.
>> Hardware should be returned to other active chapters within a country
>> first, and then to the closest Foundation for re-distribution or donation to
>> a local charity of the Foundation's choosing if the returned assets' life is
>> more than the depreciated cost.
>> For example, the local OWASP Chapter in Smallville bought LCD projector
>> four years ago. If the Smallville chapter goes quiet, the LCD projector and
>> all other hardware items should be sent in the first instance to a nearby
>> chapter so that shipping costs aren't huge if a chapter ever restarts in
>> Smallville. If there is no other nearby chapter, the Foundation could decide
>> to donate the LCD project to a local charity or pay the shipping back to the
>> nearest Foundation.
>> thanks
>> Andrew
>> On 29/06/2011, at 11:35 AM, Tin Zaw wrote:
>> Kate,
>> Thanks for kickstarting the chapter finance discussion. In this email, I
>> will focus on reimbursable expenses and hardware. I will start another
>> thread for chapter finances (
>> https://www.owasp.org/index.php/Chapter_Finance_Policy_and_Procedure).
>> On reimbursable expenses -- or appropriate use of funds -- we should
>> expand the list of reimbursable items.
>> But before that, we should make it a policy and practice that *all
>> chapter finances are subject to OWASP policies and ethics, as well as
>> common-sense, fiscal responsibility and good judgement*. In other words,
>> *funds are to be used for advancing OWASP mission in a prudent (and
>> frugal?) manner*.
>> We should add "Administrative support for the chapter", or expand
>> "Promotion of a meeting" to "Managing  and promoting chapter activities"
>> which includes administrative support.
>> As for the hardware, how about this policy? *Hardware* -- computing
>> equipment, audio visual equipment, etc. -- *is owned by the Foundation
>> but dedicated for use by the chapter that funds it for its useful life*.
>> If a chapter dissolves and has some hardware, it must be returned to the
>> Foundation. For tax purposes, we could depreciate it within whatever the
>> allowable period is (2 years?). Fully depreciated equipment can be disposed
>> or continued to use at the chapter's discretion.
>> Does the Foundation need to track the hardware assets? If so, the chapters
>> should be required to report (via Google Spreadsheet, for example) the
>> status of the hardware including depreciation.
>> I think it sounds good for US chapters, but I don't know what the
>> complications are for international chapters and chapters under European
>> Foundation. I need help and comments from our international committee
>> members.
>> The question of if the hardware is needed, yes it is. Many times, we use
>> our own equipment or borrowed equipment (such as the host organization's)
>> for our hardware need. For example, I have been using my personal spare
>> laptop for many of the OWASP activities -- most chapter meetings and AppSec
>> conference -- until it died recently. It came in very useful when a keynote
>> speaker at AppSec conference got her laptop stolen. (BTW, I requested a
>> reimbursement for a laptop because my personal spare laptop I was using for
>> OWASP purposes died, and I thought it will be good use of LA chapter's
>> funds. LA Board agreed too). We could also use things like video camera to
>> record meetings -- some members requested it -- but we held on to this idea
>> because we do not have time for post-production work.
>> Committee members, please share your thoughts.
>> On Tue, Jun 28, 2011 at 12:46 PM, Kate Hartmann <kate.hartmann at owasp.org>wrote:
>>> During the last Chapter Committee Call, the topic of the Finance Section
>>> of the Handbook and it’s impending update was discussed.  The date for this
>>> to be completed was set as July 11 (for the Board Meeting).
>>> https://www.owasp.org/index.php/Chapter_Handbook:_Managing_Money ****
>>> ** **
>>> We are seeing some reimbursement requests for items that do not fall
>>> within the current reimbursement guidelines:****
>>>    - (Meeting venue rental. ****
>>>    - Refreshments for a meeting. ****
>>>    - Promotion of a meeting. ****
>>>    - Travel for speakers.****
>>> And I believe that we need to clarify what might be considered
>>> appropriately reimbursable items/services.  We need to include contracting
>>> services (as are currently in place in NY and LA) and be sure to include
>>> other support systems for chapters.  One reimbursement request is for
>>> hardware.  With a request for equipment, the issue of proprietary and
>>> depreciable Foundation Equipment arises.  If the Foundation reimburses for
>>> the hardware, then it essentially belongs to the Foundation, even though the
>>> funds are “chapter funds.”  Since we are 99.9% volunteer organization, how
>>> do you suggest we manage this?  Also, since we are all in the computer
>>> industry and most of our work is done via the internet on the wiki, can we
>>> approve a hardware purchase for use by a volunteer?****
>>> ** **
>>> I want to be sure we clarify this, and other situations.  Sarah, I’m not
>>> sure that we are the best people to decide what is appropriate for chapter
>>> support since neither one of us are chapter leaders.  ****
>>> ** **
>>> Kate Hartmann****
>>> Operations Director****
>>> 301-275-9403****
>>> www.owasp.org ****
>>> Skype:  Kate.hartmann1****
>>> ** **
>>> _______________________________________________
>>> Global_chapter_committee mailing list
>>> Global_chapter_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> --
>> Tin Zaw, CISSP, CSSLP
>> Chapter Leader and President, OWASP Los Angeles Chapter<http://www.owaspla.org/>
>> Chair, OWASP Global Chapter Committee<http://www.owasp.org/index.php/Global_Chapter_Committee>
>> Google Voice: (213) 973-9295
>> LinkedIn: http://www.linkedin.com/in/tinzaw
>>  _______________________________________________
>> Global_chapter_committee mailing list
>> Global_chapter_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> _______________________________________________
>> Global_chapter_committee mailing list
>> Global_chapter_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20110630/472db5a9/attachment-0001.html 

More information about the Global_chapter_committee mailing list