[Global_chapter_committee] Finances Section of the Chapter Leader Handbook

Tin Zaw tin.zaw at owasp.org
Thu Jun 30 14:49:01 EDT 2011


I read every line in your message, and what you said makes sense.

A few points I strongly agree with -- and strongly feel about -- in this
thread, being said by you, Mandeep, Andrew, et al., are:

* chapters are independent
* chapter finances are managed by the chapters
* chapters' funds are not the foundation's. foundation is the care taker of
these funds
* we do not penalize bigger chapters by imposing more rules. we help make
small chapters big

We have to understand some issues by the foundation.

* dormant/inactive chapters
* inappropriate use of funds
* accounting issues
* <insert your peeves here>

We need to address them. It does not mean we have to agree to the proposed
solutions. We can invalidate the issue. We can propose alternate solutions.
We can assume the risk for the time being and see what happes. Just like
risk management -- assume, mitigate, eliminate, etc. -- but we should not
ignore them.

I think we should discuss more at next committee meeting, but feel free to
add more here.

Thanks for all your inputs!

On Thu, Jun 30, 2011 at 6:35 AM, Kate Hartmann <kate.hartmann at owasp.org>wrote:

> Oops, I forgot a point that andrew's mail reminded me of...
> As a not for profit, we have a responsibility to our supporters to show
> them that their donations are used efficiently.  If we can not provide this
> or show that funds are used for items that do not support the mission they
> have spent $50 or $5000 on, then they will probably donate their money
> elsewhere.  I would be more likely to donate my funds to a non profit org
> that spent $2k equipping a local school with computers than I would an org
> that spent the same amount on a bar tab for a chapter board meeting.
> We currently do not do this very well, and I really think we should.
> Kate Hartmann
> OWASP Operations Director
> On Jun 30, 2011, at 3:04 AM, Andrew van der Stock <vanderaj at owasp.org>
> wrote:
> Matt,
> I did read all the way to the end. It was a read, but it was worth it.
> Basically, your POV is perfectly valid. We have no easy way to provide
> micro-management of 200+ distributed bank accounts, so we've relied solely
> on chapter leaders funding chapters out of their own pocket / good will for
> almost all of our existence.
> I agree that we shouldn't be worried about $x where $x < significance.
> Almost certainly, I think we should think of video equipment example I gave
> as an immediate write off and not worry about it being returned as shipping
> costs and management overheads would approach re-acquisition costs.
> The problem is that we have 200+ chapters, and we need to provide guidance
> for folks who might never have managed money before. It's guidance not
> enforced policy as financial and organizational rules in the US are
> different to even (say) Australia, Latvia, or Brazil or Taiwan. For example,
> most not for profit groups here use a model constitution from our corporate
> regulator so they can get insurance, take in more than a certain $/yr, pay
> less tax and obtain tax concessions (<http://www.asic.gov.au/asic/asic.nsf/byheadline/Registering+not-for-profit+or+charitable+organisations?openDocument>
> http://www.asic.gov.au/asic/asic.nsf/byheadline/Registering+not-for-profit+or+charitable+organisations?openDocument).
> It's not hard, but it's also not free or laissez faire.
> I'm all for minimizing or eliminating micro management on our part - we
> can't do it and we'd be foolish to even try. However, we'd be remiss if we
> didn't set down some guidelines on the appropriate use of funds (as a
> statement of values more than anything), and making sure that at least one
> person is accountable for their use. We don't want chapters to become a
> cesspit of venality and lock in to local consultancy interests over ours.
> thanks,
> Andrew
> On 30/06/2011, at 2:16 PM, Matthew Chalmers wrote:
> Due to our decentralized nature and lack of real estate we'll never be
> efficient with tangible property of any kind. Even if we had a physical
> location for Foundation property, we'd have a bottleneck of either one
> person or a very small set of people with physical access to it, and the
> expense and time of having to ship it where it needs to be, and the
> logistics of keeping the entire organization informed of what we have,
> whether it's available, etc. Chapters are no different. If a chapter has one
> piece of property, like a projector, only one person can store it when it's
> not being used, and if that person isn't available when it's needed, the
> chapter may suffer. Even things as simple as signage/roll-ups--if they're
> sitting at someone's house they're not doing anybody any good.
> On the other hand, I firmly believe that chapters are independent and
> should be able to buy whatever they want with their own money. I don't
> really even like the fact that the Foundation controls their money. In my
> opinion, every chapter should have its own Paypal account (or whatever other
> system makes sense, just for facilitating deposits), and the chapter
> leader(s) should have access to it so money can be spent when needed without
> any oversight. I'm sure there are many situations where payment by check is
> needed, and/or when a chapter member can't afford to front the money for a
> legit expense until the Foundation pays him back. It's the CHAPTER'S money.
> This BS about automatically going to the Foundation grinds my gears. The
> Foundation is stingy enough as it is, trying to keep chapters from fully
> benefiting from things like local/regional events/conferences. In my opinion
> if a chapter has done something to earn thousands of dollars, they should
> not then have to politely request reimbursement for their own expenses and
> make sure they spend all their money before it gets magically whisked away
> by the Foundation that doesn't trust them.
> Allowing people and companies to join/support OWASP and designate a
> percentage to a chapter, then essentially dangling the money on a fish hook
> in front of the chapter just out of their reach, is only going to foster
> mistrust. If a company pays five grand to be an OWASP supporter and
> designates 40% to a chapter, hooray for the chapter, I say. If they want to
> buy 20 netbooks and distribute them to local elementary schools, that's
> their business, not the Foundation's. Chapters (their leadership) should be
> responsible for doing the right thing without having to be given a long list
> of dos and don'ts. The fact that we're discussing this seems to indicate we
> don't trust that people will do that. We seem to assume that as soon as a
> chapter gets that $2000 split from a corporate sponsorship, if they can
> spend it at will they're going to spend it at a strip club in one night. Are
> we really preventing that from happening now? What if a chapter leader
> submitted a reimbursement request with a forged receipt?
> It seems to me that we shouldn't be worrying about chapters with a few
> hundred bucks or less to their name...and the ones that have more didn't get
> it by being irresponsible so we ought to trust them with it. In a nutshell,
> we need to stop thinking of (and account for) chapter money as Foundation
> money. Earmarked money gets paid to a chapter and kissed good-bye,
> period--it's like the Foundation never had it to begin with. If part of a
> membership, or a donation, or a sponsorship, etc. gets designated to a
> chapter, it's the chapter's--the Foundation doesn't get it.
> What I think we should be concerned with is how to objectively determine a
> chapter (especially one with money) is dormant, inactive, etc., although I
> still just don't know if I'd believe that a chapter with a significant
> amount of money would become so. And in that case, it should be our job to
> find new leadership so they can use the dormant money--not let the
> Foundation scoop it up. Think about it realistically, how much money really
> makes a difference? Where do we draw the line? Should we evaluate this on an
> annual basis and make it a percentage of the Foundation's gross revenue from
> the last year, maybe 1%? (Incidentally I believe my company uses the figure
> 2% of gross annual revenue for "materiality.") So if the Foundation's gross
> for a given year was half a million, then only chapters that had $5000
> sitting around **for a year** would be targeted for reappropriation. I don't
> know how that would work from an accounting perspective, but 1% seems like
> it could be significant. The thing I want to focus on here for a minute is
> that the money has to have gone unused for a year--and do we really have any
> way of tracking that? It's not simply whether there's $x available at the
> time of inquiry--it's whether that $x has not been used for a year.
> Let's use the corporate sponsorship example. Let's say the threshold for
> reclamation is $2000. Let's say a company designates 40% of their $5000
> contribution ($2000) to a chapter in January and the chapter goes crazy and
> spends $100 on pizza for one meeting. That one meeting gets 10 people to
> join OWASP so they get $200 more in income over, say, 10 months (one person
> a month). Now they have $2000 - $100 + $200 = $2100. The next February, the
> chapter's over the line for funds being reclaimed...but they didn't have
> that $2100 sitting for a year, they had $1900. They had $1920 for 11 months,
> $1940 for 10 months, etc. We can't track this. It's crazy to try. But if we
> just say every February (or whenever) if a chapter has $2000 OWASP is just
> going to take it, that's totally unfair. Even if they haven't spent anything
> for a year as in this example. Maybe they have a venue sponsor so they never
> need money for that; maybe they have a refreshments sponsor so they never
> need money for that; maybe they just can't find any reason to spend their
> money. Should the Foundation just take it? No way. It's the chapter's money.
> If they come up with something to spend it on five years later, they should
> have it there to spend.
> The only reason chapter money should be taken is if 1) the chapter's been
> totally inactive for a while (like a year), not just not spending their
> money; and 2) we as the chapters committee have spent a reasonable amount of
> time trying to re-activate the chapter and/or find a new leader but failed
> to do so. If both those conditions are satisfied then I would say the
> "reclaimed" monies should be treated as an anonymous donation to OWASP.
> There are two problems with all the above, however: one is that there are
> probably some situations where a chapter needs true local funds like their
> own bank account in order to do business, efficiently or at all, and in a
> case where a chapter has set up its own account to which
> Kate/Allison/whoever has no access, we may never see the money again; two is
> that dormant funds are better off sitting in one big account earning
> interest, rather than in small accounts all over the place. If OWASP has an
> average global (all chapters, etc.) daily balance of a hundred grand, even
> at 1% that's another thousand bucks of income annually.
> We can only 'solve' the latter problem by forbidding chapters from managing
> their own money (but we should allow for exceptions to be considered by the
> committee and/or board). We can probably only solve the former by imposing
> more requirements on chapters, like if they need to manage their own money,
> the Foundation chair or someone has to be named on the account before they
> can get their money to deposit.
> I'm going to stop here, since it's not likely anyone's going to read this
> far anyway...
> --matt
> On Tue, Jun 28, 2011 at 10:13 PM, Andrew van der Stock <<vanderaj at owasp.org>
> vanderaj at owasp.org> wrote:
>> There should be ethical considerations in chapter's disbursement of
>> funds. I don't want a situation where funds are used to pay for room hire or
>> staff where the local chapter leaders work. Arm's length between local
>> approval of funds use and those who might profit from it. is vital to
>> emphasise our open and transparent nature.
>> I do want to allow chapters to start acquiring basic video equipment to
>> allow the recording of chapter meetings (so a small HD camera, wireless
>> mike, and stand), so we do need to work out a policy on hardware.
>> Hardware should be returned to other active chapters within a country
>> first, and then to the closest Foundation for re-distribution or donation to
>> a local charity of the Foundation's choosing if the returned assets' life is
>> more than the depreciated cost.
>> For example, the local OWASP Chapter in Smallville bought LCD projector
>> four years ago. If the Smallville chapter goes quiet, the LCD projector and
>> all other hardware items should be sent in the first instance to a nearby
>> chapter so that shipping costs aren't huge if a chapter ever restarts in
>> Smallville. If there is no other nearby chapter, the Foundation could decide
>> to donate the LCD project to a local charity or pay the shipping back to the
>> nearest Foundation.
>> thanks
>> Andrew
>> On 29/06/2011, at 11:35 AM, Tin Zaw wrote:
>> Kate,
>> Thanks for kickstarting the chapter finance discussion. In this email, I
>> will focus on reimbursable expenses and hardware. I will start another
>> thread for chapter finances (<https://www.owasp.org/index.php/Chapter_Finance_Policy_and_Procedure>
>> https://www.owasp.org/index.php/Chapter_Finance_Policy_and_Procedure).
>> On reimbursable expenses -- or appropriate use of funds -- we should
>> expand the list of reimbursable items.
>> But before that, we should make it a policy and practice that *all
>> chapter finances are subject to OWASP policies and ethics, as well as
>> common-sense, fiscal responsibility and good judgement*. In other words,
>> *funds are to be used for advancing OWASP mission in a prudent (and
>> frugal?) manner*.
>> We should add "Administrative support for the chapter", or expand
>> "Promotion of a meeting" to "Managing  and promoting chapter activities"
>> which includes administrative support.
>> As for the hardware, how about this policy? *Hardware* -- computing
>> equipment, audio visual equipment, etc. -- *is owned by the Foundation
>> but dedicated for use by the chapter that funds it for its useful life*.
>> If a chapter dissolves and has some hardware, it must be returned to the
>> Foundation. For tax purposes, we could depreciate it within whatever the
>> allowable period is (2 years?). Fully depreciated equipment can be disposed
>> or continued to use at the chapter's discretion.
>> Does the Foundation need to track the hardware assets? If so, the chapters
>> should be required to report (via Google Spreadsheet, for example) the
>> status of the hardware including depreciation.
>> I think it sounds good for US chapters, but I don't know what the
>> complications are for international chapters and chapters under European
>> Foundation. I need help and comments from our international committee
>> members.
>> The question of if the hardware is needed, yes it is. Many times, we use
>> our own equipment or borrowed equipment (such as the host organization's)
>> for our hardware need. For example, I have been using my personal spare
>> laptop for many of the OWASP activities -- most chapter meetings and AppSec
>> conference -- until it died recently. It came in very useful when a keynote
>> speaker at AppSec conference got her laptop stolen. (BTW, I requested a
>> reimbursement for a laptop because my personal spare laptop I was using for
>> OWASP purposes died, and I thought it will be good use of LA chapter's
>> funds. LA Board agreed too). We could also use things like video camera to
>> record meetings -- some members requested it -- but we held on to this idea
>> because we do not have time for post-production work.
>> Committee members, please share your thoughts.
>> On Tue, Jun 28, 2011 at 12:46 PM, Kate Hartmann <<kate.hartmann at owasp.org>
>> kate.hartmann at owasp.org> wrote:
>>> During the last Chapter Committee Call, the topic of the Finance Section
>>> of the Handbook and it’s impending update was discussed.  The date for this
>>> to be completed was set as July 11 (for the Board Meeting). <https://www.owasp.org/index.php/Chapter_Handbook:_Managing_Money>
>>> https://www.owasp.org/index.php/Chapter_Handbook:_Managing_Money****
>>> ** **
>>> We are seeing some reimbursement requests for items that do not fall
>>> within the current reimbursement guidelines:****
>>>    - (Meeting venue rental.****
>>>    - Refreshments for a meeting.****
>>>    - Promotion of a meeting.****
>>>    - Travel for speakers.****
>>> And I believe that we need to clarify what might be considered
>>> appropriately reimbursable items/services.  We need to include contracting
>>> services (as are currently in place in NY and LA) and be sure to include
>>> other support systems for chapters.  One reimbursement request is for
>>> hardware.  With a request for equipment, the issue of proprietary and
>>> depreciable Foundation Equipment arises.  If the Foundation reimburses for
>>> the hardware, then it essentially belongs to the Foundation, even though the
>>> funds are “chapter funds.”  Since we are 99.9% volunteer organization, how
>>> do you suggest we manage this?  Also, since we are all in the computer
>>> industry and most of our work is done via the internet on the wiki, can we
>>> approve a hardware purchase for use by a volunteer?****
>>> ** **
>>> I want to be sure we clarify this, and other situations.  Sarah, I’m not
>>> sure that we are the best people to decide what is appropriate for chapter
>>> support since neither one of us are chapter leaders. ****
>>> ** **
>>> Kate Hartmann****
>>> Operations Director****
>>> 301-275-9403****
>>> <http://www.owasp.org/>www.owasp.org****
>>> Skype:  Kate.hartmann1****
>>> ** **
>>> _______________________________________________
>>> Global_chapter_committee mailing list
>>> <Global_chapter_committee at lists.owasp.org>
>>> Global_chapter_committee at lists.owasp.org
>>> <https://lists.owasp.org/mailman/listinfo/global_chapter_committee>
>>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> --
>> Tin Zaw, CISSP, CSSLP
>> Chapter Leader and President, OWASP Los Angeles Chapter<http://www.owaspla.org/>
>> Chair, OWASP Global Chapter Committee<http://www.owasp.org/index.php/Global_Chapter_Committee>
>> Google Voice: (213) 973-9295
>> LinkedIn:  <http://www.linkedin.com/in/tinzaw>
>> http://www.linkedin.com/in/tinzaw
>> _______________________________________________
>> Global_chapter_committee mailing list
>> <Global_chapter_committee at lists.owasp.org>
>> Global_chapter_committee at lists.owasp.org
>> <https://lists.owasp.org/mailman/listinfo/global_chapter_committee>
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> _______________________________________________
>> Global_chapter_committee mailing list
>> <Global_chapter_committee at lists.owasp.org>
>> Global_chapter_committee at lists.owasp.org
>> <https://lists.owasp.org/mailman/listinfo/global_chapter_committee>
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee

Chapter Leader and President, OWASP Los Angeles Chapter<http://www.owaspla.org/>
Chair, OWASP Global Chapter

Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20110630/87d49538/attachment-0001.html 

More information about the Global_chapter_committee mailing list