[Global_chapter_committee] Finances Section of the Chapter Leader Handbook

Tom Brennan tomb at owasp.org
Thu Jun 30 07:51:21 EDT 2011


Andrew, note we have less then 70 active chapters

Semper Fi,

Tom Brennan
Tel: 973-202-0122







On Jun 30, 2011, at 3:04 AM, Andrew van der Stock <vanderaj at owasp.org> wrote:

> Matt,
> 
> I did read all the way to the end. It was a read, but it was worth it. 
> 
> Basically, your POV is perfectly valid. We have no easy way to provide micro-management of 200+ distributed bank accounts, so we've relied solely on chapter leaders funding chapters out of their own pocket / good will for almost all of our existence. 
> 
> I agree that we shouldn't be worried about $x where $x < significance. Almost certainly, I think we should think of video equipment example I gave as an immediate write off and not worry about it being returned as shipping costs and management overheads would approach re-acquisition costs. 
> 
> The problem is that we have 200+ chapters, and we need to provide guidance for folks who might never have managed money before. It's guidance not enforced policy as financial and organizational rules in the US are different to even (say) Australia, Latvia, or Brazil or Taiwan. For example, most not for profit groups here use a model constitution from our corporate regulator so they can get insurance, take in more than a certain $/yr, pay less tax and obtain tax concessions (http://www.asic.gov.au/asic/asic.nsf/byheadline/Registering+not-for-profit+or+charitable+organisations?openDocument). It's not hard, but it's also not free or laissez faire. 
> 
> I'm all for minimizing or eliminating micro management on our part - we can't do it and we'd be foolish to even try. However, we'd be remiss if we didn't set down some guidelines on the appropriate use of funds (as a statement of values more than anything), and making sure that at least one person is accountable for their use. We don't want chapters to become a cesspit of venality and lock in to local consultancy interests over ours.  
> 
> thanks,
> Andrew
> 
> 
> On 30/06/2011, at 2:16 PM, Matthew Chalmers wrote:
> 
>> Due to our decentralized nature and lack of real estate we'll never be efficient with tangible property of any kind. Even if we had a physical location for Foundation property, we'd have a bottleneck of either one person or a very small set of people with physical access to it, and the expense and time of having to ship it where it needs to be, and the logistics of keeping the entire organization informed of what we have, whether it's available, etc. Chapters are no different. If a chapter has one piece of property, like a projector, only one person can store it when it's not being used, and if that person isn't available when it's needed, the chapter may suffer. Even things as simple as signage/roll-ups--if they're sitting at someone's house they're not doing anybody any good.
>> 
>> On the other hand, I firmly believe that chapters are independent and should be able to buy whatever they want with their own money. I don't really even like the fact that the Foundation controls their money. In my opinion, every chapter should have its own Paypal account (or whatever other system makes sense, just for facilitating deposits), and the chapter leader(s) should have access to it so money can be spent when needed without any oversight. I'm sure there are many situations where payment by check is needed, and/or when a chapter member can't afford to front the money for a legit expense until the Foundation pays him back. It's the CHAPTER'S money. This BS about automatically going to the Foundation grinds my gears. The Foundation is stingy enough as it is, trying to keep chapters from fully benefiting from things like local/regional events/conferences. In my opinion if a chapter has done something to earn thousands of dollars, they should not then have to politely request reimbursement for their own expenses and make sure they spend all their money before it gets magically whisked away by the Foundation that doesn't trust them.
>> 
>> Allowing people and companies to join/support OWASP and designate a percentage to a chapter, then essentially dangling the money on a fish hook in front of the chapter just out of their reach, is only going to foster mistrust. If a company pays five grand to be an OWASP supporter and designates 40% to a chapter, hooray for the chapter, I say. If they want to buy 20 netbooks and distribute them to local elementary schools, that's their business, not the Foundation's. Chapters (their leadership) should be responsible for doing the right thing without having to be given a long list of dos and don'ts. The fact that we're discussing this seems to indicate we don't trust that people will do that. We seem to assume that as soon as a chapter gets that $2000 split from a corporate sponsorship, if they can spend it at will they're going to spend it at a strip club in one night. Are we really preventing that from happening now? What if a chapter leader submitted a reimbursement request with a forged receipt?
>> 
>> It seems to me that we shouldn't be worrying about chapters with a few hundred bucks or less to their name...and the ones that have more didn't get it by being irresponsible so we ought to trust them with it. In a nutshell, we need to stop thinking of (and account for) chapter money as Foundation money. Earmarked money gets paid to a chapter and kissed good-bye, period--it's like the Foundation never had it to begin with. If part of a membership, or a donation, or a sponsorship, etc. gets designated to a chapter, it's the chapter's--the Foundation doesn't get it.
>> 
>> What I think we should be concerned with is how to objectively determine a chapter (especially one with money) is dormant, inactive, etc., although I still just don't know if I'd believe that a chapter with a significant amount of money would become so. And in that case, it should be our job to find new leadership so they can use the dormant money--not let the Foundation scoop it up. Think about it realistically, how much money really makes a difference? Where do we draw the line? Should we evaluate this on an annual basis and make it a percentage of the Foundation's gross revenue from the last year, maybe 1%? (Incidentally I believe my company uses the figure 2% of gross annual revenue for "materiality.") So if the Foundation's gross for a given year was half a million, then only chapters that had $5000 sitting around **for a year** would be targeted for reappropriation. I don't know how that would work from an accounting perspective, but 1% seems like it could be significant. The thing I want to focus on here for a minute is that the money has to have gone unused for a year--and do we really have any way of tracking that? It's not simply whether there's $x available at the time of inquiry--it's whether that $x has not been used for a year.
>> 
>> Let's use the corporate sponsorship example. Let's say the threshold for reclamation is $2000. Let's say a company designates 40% of their $5000 contribution ($2000) to a chapter in January and the chapter goes crazy and spends $100 on pizza for one meeting. That one meeting gets 10 people to join OWASP so they get $200 more in income over, say, 10 months (one person a month). Now they have $2000 - $100 + $200 = $2100. The next February, the chapter's over the line for funds being reclaimed...but they didn't have that $2100 sitting for a year, they had $1900. They had $1920 for 11 months, $1940 for 10 months, etc. We can't track this. It's crazy to try. But if we just say every February (or whenever) if a chapter has $2000 OWASP is just going to take it, that's totally unfair. Even if they haven't spent anything for a year as in this example. Maybe they have a venue sponsor so they never need money for that; maybe they have a refreshments sponsor so they never need money for that; maybe they just can't find any reason to spend their money. Should the Foundation just take it? No way. It's the chapter's money. If they come up with something to spend it on five years later, they should have it there to spend.
>> 
>> The only reason chapter money should be taken is if 1) the chapter's been totally inactive for a while (like a year), not just not spending their money; and 2) we as the chapters committee have spent a reasonable amount of time trying to re-activate the chapter and/or find a new leader but failed to do so. If both those conditions are satisfied then I would say the "reclaimed" monies should be treated as an anonymous donation to OWASP.
>> 
>> There are two problems with all the above, however: one is that there are probably some situations where a chapter needs true local funds like their own bank account in order to do business, efficiently or at all, and in a case where a chapter has set up its own account to which Kate/Allison/whoever has no access, we may never see the money again; two is that dormant funds are better off sitting in one big account earning interest, rather than in small accounts all over the place. If OWASP has an average global (all chapters, etc.) daily balance of a hundred grand, even at 1% that's another thousand bucks of income annually.
>> 
>> We can only 'solve' the latter problem by forbidding chapters from managing their own money (but we should allow for exceptions to be considered by the committee and/or board). We can probably only solve the former by imposing more requirements on chapters, like if they need to manage their own money, the Foundation chair or someone has to be named on the account before they can get their money to deposit.
>> 
>> I'm going to stop here, since it's not likely anyone's going to read this far anyway...
>> 
>> --matt
>> 
>> 
>> On Tue, Jun 28, 2011 at 10:13 PM, Andrew van der Stock <vanderaj at owasp.org> wrote:
>> There should be ethical considerations in chapter's disbursement of funds. I don't want a situation where funds are used to pay for room hire or staff where the local chapter leaders work. Arm's length between local approval of funds use and those who might profit from it. is vital to emphasise our open and transparent nature. 
>> 
>> I do want to allow chapters to start acquiring basic video equipment to allow the recording of chapter meetings (so a small HD camera, wireless mike, and stand), so we do need to work out a policy on hardware. 
>> 
>> Hardware should be returned to other active chapters within a country first, and then to the closest Foundation for re-distribution or donation to a local charity of the Foundation's choosing if the returned assets' life is more than the depreciated cost. 
>> 
>> For example, the local OWASP Chapter in Smallville bought LCD projector four years ago. If the Smallville chapter goes quiet, the LCD projector and all other hardware items should be sent in the first instance to a nearby chapter so that shipping costs aren't huge if a chapter ever restarts in Smallville. If there is no other nearby chapter, the Foundation could decide to donate the LCD project to a local charity or pay the shipping back to the nearest Foundation. 
>> 
>> thanks
>> Andrew
>> 
>> On 29/06/2011, at 11:35 AM, Tin Zaw wrote:
>> 
>>> Kate,
>>> 
>>> Thanks for kickstarting the chapter finance discussion. In this email, I will focus on reimbursable expenses and hardware. I will start another thread for chapter finances (https://www.owasp.org/index.php/Chapter_Finance_Policy_and_Procedure).
>>> 
>>> On reimbursable expenses -- or appropriate use of funds -- we should expand the list of reimbursable items.
>>> 
>>> But before that, we should make it a policy and practice that all chapter finances are subject to OWASP policies and ethics, as well as common-sense, fiscal responsibility and good judgement. In other words, funds are to be used for advancing OWASP mission in a prudent (and frugal?) manner. 
>>> 
>>> We should add "Administrative support for the chapter", or expand "Promotion of a meeting" to "Managing  and promoting chapter activities" which includes administrative support. 
>>> 
>>> As for the hardware, how about this policy? Hardware -- computing equipment, audio visual equipment, etc. -- is owned by the Foundation but dedicated for use by the chapter that funds it for its useful life. If a chapter dissolves and has some hardware, it must be returned to the Foundation. For tax purposes, we could depreciate it within whatever the allowable period is (2 years?). Fully depreciated equipment can be disposed or continued to use at the chapter's discretion. 
>>> 
>>> Does the Foundation need to track the hardware assets? If so, the chapters should be required to report (via Google Spreadsheet, for example) the status of the hardware including depreciation. 
>>> 
>>> I think it sounds good for US chapters, but I don't know what the complications are for international chapters and chapters under European Foundation. I need help and comments from our international committee members. 
>>> 
>>> The question of if the hardware is needed, yes it is. Many times, we use our own equipment or borrowed equipment (such as the host organization's) for our hardware need. For example, I have been using my personal spare laptop for many of the OWASP activities -- most chapter meetings and AppSec conference -- until it died recently. It came in very useful when a keynote speaker at AppSec conference got her laptop stolen. (BTW, I requested a reimbursement for a laptop because my personal spare laptop I was using for OWASP purposes died, and I thought it will be good use of LA chapter's funds. LA Board agreed too). We could also use things like video camera to record meetings -- some members requested it -- but we held on to this idea because we do not have time for post-production work. 
>>> 
>>> Committee members, please share your thoughts. 
>>> 
>>> 
>>> 
>>> On Tue, Jun 28, 2011 at 12:46 PM, Kate Hartmann <kate.hartmann at owasp.org> wrote:
>>> During the last Chapter Committee Call, the topic of the Finance Section of the Handbook and it’s impending update was discussed.  The date for this to be completed was set as July 11 (for the Board Meeting). https://www.owasp.org/index.php/Chapter_Handbook:_Managing_Money
>>> 
>>>  
>>> 
>>> We are seeing some reimbursement requests for items that do not fall within the current reimbursement guidelines:
>>> 
>>> (Meeting venue rental.
>>> Refreshments for a meeting.
>>> Promotion of a meeting.
>>> Travel for speakers.
>>> And I believe that we need to clarify what might be considered appropriately reimbursable items/services.  We need to include contracting services (as are currently in place in NY and LA) and be sure to include other support systems for chapters.  One reimbursement request is for hardware.  With a request for equipment, the issue of proprietary and depreciable Foundation Equipment arises.  If the Foundation reimburses for the hardware, then it essentially belongs to the Foundation, even though the funds are “chapter funds.”  Since we are 99.9% volunteer organization, how do you suggest we manage this?  Also, since we are all in the computer industry and most of our work is done via the internet on the wiki, can we approve a hardware purchase for use by a volunteer?
>>> 
>>>  
>>> 
>>> I want to be sure we clarify this, and other situations.  Sarah, I’m not sure that we are the best people to decide what is appropriate for chapter support since neither one of us are chapter leaders. 
>>> 
>>>  
>>> 
>>> Kate Hartmann
>>> 
>>> Operations Director
>>> 
>>> 301-275-9403
>>> 
>>> www.owasp.org
>>> 
>>> Skype:  Kate.hartmann1
>>> 
>>>  
>>> 
>>> 
>>> _______________________________________________
>>> Global_chapter_committee mailing list
>>> Global_chapter_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Tin Zaw, CISSP, CSSLP
>>> Chapter Leader and President, OWASP Los Angeles Chapter
>>> Chair, OWASP Global Chapter Committee 
>>> Google Voice: (213) 973-9295
>>> LinkedIn: http://www.linkedin.com/in/tinzaw
>>> 
>>> _______________________________________________
>>> Global_chapter_committee mailing list
>>> Global_chapter_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> 
>> 
>> _______________________________________________
>> Global_chapter_committee mailing list
>> Global_chapter_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> 
>> 
> 
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20110630/da6b2ed5/attachment-0001.html 


More information about the Global_chapter_committee mailing list