[Global_chapter_committee] Finances Section of the Chapter Leader Handbook

Jason Li jason.li at owasp.org
Thu Jun 30 07:52:38 EDT 2011


Agree that face to face working sessions are *extremely* powerful.

Hoping to release the GPC Working Session Proceedings within the next 24
hours - fifteen pages so far and still running, not including generated
artifacts like the Projects Inventory. At the very least, I hope the
documented proceedings will clearly demonstrate the value of face to face
working sessions and establish a framework/precedent for other committees to
pursue their own working sessions.

-Jason
Global Projects Committee Chair

On Thu, Jun 30, 2011 at 7:44 AM, Tom Brennan <tomb at owasp.org> wrote:

> Looking forward to AppSecUSA working session for chapters <http://www.appsecusa.org>
> http://www.appsecusa.org
>
> Btw chapter leaders can attend for FREE and can use chapter funds to pay
> for the travel/hotel if needed.
>
> As we reach our 10th year anniversary we still have work to do to make
> "perfect code" using the design phase (face to face working sessions) makes
> that happen.
>
> Semper Fi,
>
> Tom Brennan
> Tel: 973-202-0122
>
>
>
>
>
>
>
> On Jun 30, 2011, at 12:16 AM, Matthew Chalmers <matthew.chalmers at owasp.org>
> wrote:
>
> Due to our decentralized nature and lack of real estate we'll never be
> efficient with tangible property of any kind. Even if we had a physical
> location for Foundation property, we'd have a bottleneck of either one
> person or a very small set of people with physical access to it, and the
> expense and time of having to ship it where it needs to be, and the
> logistics of keeping the entire organization informed of what we have,
> whether it's available, etc. Chapters are no different. If a chapter has one
> piece of property, like a projector, only one person can store it when it's
> not being used, and if that person isn't available when it's needed, the
> chapter may suffer. Even things as simple as signage/roll-ups--if they're
> sitting at someone's house they're not doing anybody any good.
>
> On the other hand, I firmly believe that chapters are independent and
> should be able to buy whatever they want with their own money. I don't
> really even like the fact that the Foundation controls their money. In my
> opinion, every chapter should have its own Paypal account (or whatever other
> system makes sense, just for facilitating deposits), and the chapter
> leader(s) should have access to it so money can be spent when needed without
> any oversight. I'm sure there are many situations where payment by check is
> needed, and/or when a chapter member can't afford to front the money for a
> legit expense until the Foundation pays him back. It's the CHAPTER'S money.
> This BS about automatically going to the Foundation grinds my gears. The
> Foundation is stingy enough as it is, trying to keep chapters from fully
> benefiting from things like local/regional events/conferences. In my opinion
> if a chapter has done something to earn thousands of dollars, they should
> not then have to politely request reimbursement for their own expenses and
> make sure they spend all their money before it gets magically whisked away
> by the Foundation that doesn't trust them.
>
> Allowing people and companies to join/support OWASP and designate a
> percentage to a chapter, then essentially dangling the money on a fish hook
> in front of the chapter just out of their reach, is only going to foster
> mistrust. If a company pays five grand to be an OWASP supporter and
> designates 40% to a chapter, hooray for the chapter, I say. If they want to
> buy 20 netbooks and distribute them to local elementary schools, that's
> their business, not the Foundation's. Chapters (their leadership) should be
> responsible for doing the right thing without having to be given a long list
> of dos and don'ts. The fact that we're discussing this seems to indicate we
> don't trust that people will do that. We seem to assume that as soon as a
> chapter gets that $2000 split from a corporate sponsorship, if they can
> spend it at will they're going to spend it at a strip club in one night. Are
> we really preventing that from happening now? What if a chapter leader
> submitted a reimbursement request with a forged receipt?
>
> It seems to me that we shouldn't be worrying about chapters with a few
> hundred bucks or less to their name...and the ones that have more didn't get
> it by being irresponsible so we ought to trust them with it. In a nutshell,
> we need to stop thinking of (and account for) chapter money as Foundation
> money. Earmarked money gets paid to a chapter and kissed good-bye,
> period--it's like the Foundation never had it to begin with. If part of a
> membership, or a donation, or a sponsorship, etc. gets designated to a
> chapter, it's the chapter's--the Foundation doesn't get it.
>
> What I think we should be concerned with is how to objectively determine a
> chapter (especially one with money) is dormant, inactive, etc., although I
> still just don't know if I'd believe that a chapter with a significant
> amount of money would become so. And in that case, it should be our job to
> find new leadership so they can use the dormant money--not let the
> Foundation scoop it up. Think about it realistically, how much money really
> makes a difference? Where do we draw the line? Should we evaluate this on an
> annual basis and make it a percentage of the Foundation's gross revenue from
> the last year, maybe 1%? (Incidentally I believe my company uses the figure
> 2% of gross annual revenue for "materiality.") So if the Foundation's gross
> for a given year was half a million, then only chapters that had $5000
> sitting around **for a year** would be targeted for reappropriation. I don't
> know how that would work from an accounting perspective, but 1% seems like
> it could be significant. The thing I want to focus on here for a minute is
> that the money has to have gone unused for a year--and do we really have any
> way of tracking that? It's not simply whether there's $x available at the
> time of inquiry--it's whether that $x has not been used for a year.
>
> Let's use the corporate sponsorship example. Let's say the threshold for
> reclamation is $2000. Let's say a company designates 40% of their $5000
> contribution ($2000) to a chapter in January and the chapter goes crazy and
> spends $100 on pizza for one meeting. That one meeting gets 10 people to
> join OWASP so they get $200 more in income over, say, 10 months (one person
> a month). Now they have $2000 - $100 + $200 = $2100. The next February, the
> chapter's over the line for funds being reclaimed...but they didn't have
> that $2100 sitting for a year, they had $1900. They had $1920 for 11 months,
> $1940 for 10 months, etc. We can't track this. It's crazy to try. But if we
> just say every February (or whenever) if a chapter has $2000 OWASP is just
> going to take it, that's totally unfair. Even if they haven't spent anything
> for a year as in this example. Maybe they have a venue sponsor so they never
> need money for that; maybe they have a refreshments sponsor so they never
> need money for that; maybe they just can't find any reason to spend their
> money. Should the Foundation just take it? No way. It's the chapter's money.
> If they come up with something to spend it on five years later, they should
> have it there to spend.
>
> The only reason chapter money should be taken is if 1) the chapter's been
> totally inactive for a while (like a year), not just not spending their
> money; and 2) we as the chapters committee have spent a reasonable amount of
> time trying to re-activate the chapter and/or find a new leader but failed
> to do so. If both those conditions are satisfied then I would say the
> "reclaimed" monies should be treated as an anonymous donation to OWASP.
>
> There are two problems with all the above, however: one is that there are
> probably some situations where a chapter needs true local funds like their
> own bank account in order to do business, efficiently or at all, and in a
> case where a chapter has set up its own account to which
> Kate/Allison/whoever has no access, we may never see the money again; two is
> that dormant funds are better off sitting in one big account earning
> interest, rather than in small accounts all over the place. If OWASP has an
> average global (all chapters, etc.) daily balance of a hundred grand, even
> at 1% that's another thousand bucks of income annually.
>
> We can only 'solve' the latter problem by forbidding chapters from managing
> their own money (but we should allow for exceptions to be considered by the
> committee and/or board). We can probably only solve the former by imposing
> more requirements on chapters, like if they need to manage their own money,
> the Foundation chair or someone has to be named on the account before they
> can get their money to deposit.
>
> I'm going to stop here, since it's not likely anyone's going to read this
> far anyway...
>
> --matt
>
>
> On Tue, Jun 28, 2011 at 10:13 PM, Andrew van der Stock <<vanderaj at owasp.org>
> vanderaj at owasp.org> wrote:
>
>> There should be ethical considerations in chapter's disbursement of
>> funds. I don't want a situation where funds are used to pay for room hire or
>> staff where the local chapter leaders work. Arm's length between local
>> approval of funds use and those who might profit from it. is vital to
>> emphasise our open and transparent nature.
>>
>> I do want to allow chapters to start acquiring basic video equipment to
>> allow the recording of chapter meetings (so a small HD camera, wireless
>> mike, and stand), so we do need to work out a policy on hardware.
>>
>> Hardware should be returned to other active chapters within a country
>> first, and then to the closest Foundation for re-distribution or donation to
>> a local charity of the Foundation's choosing if the returned assets' life is
>> more than the depreciated cost.
>>
>> For example, the local OWASP Chapter in Smallville bought LCD projector
>> four years ago. If the Smallville chapter goes quiet, the LCD projector and
>> all other hardware items should be sent in the first instance to a nearby
>> chapter so that shipping costs aren't huge if a chapter ever restarts in
>> Smallville. If there is no other nearby chapter, the Foundation could decide
>> to donate the LCD project to a local charity or pay the shipping back to the
>> nearest Foundation.
>>
>> thanks
>> Andrew
>>
>> On 29/06/2011, at 11:35 AM, Tin Zaw wrote:
>>
>> Kate,
>>
>> Thanks for kickstarting the chapter finance discussion. In this email, I
>> will focus on reimbursable expenses and hardware. I will start another
>> thread for chapter finances (<https://www.owasp.org/index.php/Chapter_Finance_Policy_and_Procedure>
>> https://www.owasp.org/index.php/Chapter_Finance_Policy_and_Procedure).
>>
>> On reimbursable expenses -- or appropriate use of funds -- we should
>> expand the list of reimbursable items.
>>
>> But before that, we should make it a policy and practice that *all
>> chapter finances are subject to OWASP policies and ethics, as well as
>> common-sense, fiscal responsibility and good judgement*. In other words,
>> *funds are to be used for advancing OWASP mission in a prudent (and
>> frugal?) manner*.
>>
>> We should add "Administrative support for the chapter", or expand
>> "Promotion of a meeting" to "Managing  and promoting chapter activities"
>> which includes administrative support.
>>
>> As for the hardware, how about this policy? *Hardware* -- computing
>> equipment, audio visual equipment, etc. -- *is owned by the Foundation
>> but dedicated for use by the chapter that funds it for its useful life*.
>> If a chapter dissolves and has some hardware, it must be returned to the
>> Foundation. For tax purposes, we could depreciate it within whatever the
>> allowable period is (2 years?). Fully depreciated equipment can be disposed
>> or continued to use at the chapter's discretion.
>>
>> Does the Foundation need to track the hardware assets? If so, the chapters
>> should be required to report (via Google Spreadsheet, for example) the
>> status of the hardware including depreciation.
>>
>> I think it sounds good for US chapters, but I don't know what the
>> complications are for international chapters and chapters under European
>> Foundation. I need help and comments from our international committee
>> members.
>>
>> The question of if the hardware is needed, yes it is. Many times, we use
>> our own equipment or borrowed equipment (such as the host organization's)
>> for our hardware need. For example, I have been using my personal spare
>> laptop for many of the OWASP activities -- most chapter meetings and AppSec
>> conference -- until it died recently. It came in very useful when a keynote
>> speaker at AppSec conference got her laptop stolen. (BTW, I requested a
>> reimbursement for a laptop because my personal spare laptop I was using for
>> OWASP purposes died, and I thought it will be good use of LA chapter's
>> funds. LA Board agreed too). We could also use things like video camera to
>> record meetings -- some members requested it -- but we held on to this idea
>> because we do not have time for post-production work.
>>
>> Committee members, please share your thoughts.
>>
>>
>>
>> On Tue, Jun 28, 2011 at 12:46 PM, Kate Hartmann <<kate.hartmann at owasp.org>
>> kate.hartmann at owasp.org> wrote:
>>
>>> During the last Chapter Committee Call, the topic of the Finance Section
>>> of the Handbook and it’s impending update was discussed.  The date for this
>>> to be completed was set as July 11 (for the Board Meeting).
>>> <https://www.owasp.org/index.php/Chapter_Handbook:_Managing_Money>
>>> https://www.owasp.org/index.php/Chapter_Handbook:_Managing_Money ****
>>>
>>> ** **
>>>
>>> We are seeing some reimbursement requests for items that do not fall
>>> within the current reimbursement guidelines:****
>>>
>>>    - (Meeting venue rental. ****
>>>    - Refreshments for a meeting. ****
>>>    - Promotion of a meeting. ****
>>>    - Travel for speakers.****
>>>
>>> And I believe that we need to clarify what might be considered
>>> appropriately reimbursable items/services.  We need to include contracting
>>> services (as are currently in place in NY and LA) and be sure to include
>>> other support systems for chapters.  One reimbursement request is for
>>> hardware.  With a request for equipment, the issue of proprietary and
>>> depreciable Foundation Equipment arises.  If the Foundation reimburses for
>>> the hardware, then it essentially belongs to the Foundation, even though the
>>> funds are “chapter funds.”  Since we are 99.9% volunteer organization, how
>>> do you suggest we manage this?  Also, since we are all in the computer
>>> industry and most of our work is done via the internet on the wiki, can we
>>> approve a hardware purchase for use by a volunteer?****
>>>
>>> ** **
>>>
>>> I want to be sure we clarify this, and other situations.  Sarah, I’m not
>>> sure that we are the best people to decide what is appropriate for chapter
>>> support since neither one of us are chapter leaders.  ****
>>>
>>> ** **
>>>
>>> Kate Hartmann****
>>>
>>> Operations Director****
>>>
>>> 301-275-9403****
>>>
>>> <http://www.owasp.org/>www.owasp.org ****
>>>
>>> Skype:  Kate.hartmann1****
>>>
>>> ** **
>>>
>>> _______________________________________________
>>> Global_chapter_committee mailing list
>>>  <Global_chapter_committee at lists.owasp.org>
>>> Global_chapter_committee at lists.owasp.org
>>>  <https://lists.owasp.org/mailman/listinfo/global_chapter_committee>
>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>>
>>>
>>
>>
>> --
>> Tin Zaw, CISSP, CSSLP
>> Chapter Leader and President, OWASP Los Angeles Chapter<http://www.owaspla.org/>
>> Chair, OWASP Global Chapter Committee<http://www.owasp.org/index.php/Global_Chapter_Committee>
>>
>> Google Voice: (213) 973-9295
>> LinkedIn: <http://www.linkedin.com/in/tinzaw>
>> http://www.linkedin.com/in/tinzaw
>>
>>  _______________________________________________
>> Global_chapter_committee mailing list
>> <Global_chapter_committee at lists.owasp.org>
>> Global_chapter_committee at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/global_chapter_committee>
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>
>>
>>
>> _______________________________________________
>> Global_chapter_committee mailing list
>>  <Global_chapter_committee at lists.owasp.org>
>> Global_chapter_committee at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/global_chapter_committee>
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>>
>>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20110630/e9c3de77/attachment-0001.html 


More information about the Global_chapter_committee mailing list