[Owasp-board] FW: Audit of OWASP

Dave Wichers dave.wichers at owasp.org
Thu Jun 7 22:14:32 UTC 2007

I agree with all this, but the same people that we would be paying the $5K
to, are the same people that did our taxes for the past two years and so
they have already seen most of this data anyway. I'm sure an 'audit' pokes a
little deeper but they are the ones that suggested we simply post our 990.


Would that serve the same purpose/have the same affect? If so, then the $5K
is a wasted expense. If it would not have the same affect, then spending
money is probably appropriate.


What do you think? Would it be equivalent/good enough, or not?


Thanks, Dave


From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Andrew van der
Sent: Thursday, June 07, 2007 12:51 PM
To: Dinis Cruz; OWASP Board
Subject: Re: [Owasp-board] FW: Audit of OWASP



I agree - 2006 is the year we had the most funds, and I'm sure it will show
that everything is in order if we do a full audit. It's also the first year
that all four of us were on board as a team, and therefore demonstrates that
we've been fiscally responsible (assuming everything is indeed okay). As
this is an expense that was going to catch up with us in one way or another,
let's get it out of the road, and pay the $5k for the 2006 full audit, but
let's keep on top of things from here on in. 

Dinis, can you please keep an eye out for new memberships that derive from
our increased transparency. For example, if you know of a few folks who
would join, but currently are not, we should chase them down afterwards to
help pay for the audit. 

Although we are a non-profit, this does not mean we spend everything every
year. We should look towards one day having a paid staff. Without having
something in the kitty for that eventuality, we will only grow so big. This
happened to SAGE-AU, and we were stuck at 750 members for years because of
it. Only when we got a full time admin assistant processing memberships, and
an Executive Director on board did they start growing again. SAGE-AU now has
over 2000 financial members today. 

We should really start converting more chapters into mostly individual
members. Having a steady stream of income pays for these sorts of things. At
all of the meetings I've been to so far, there's been no pressure to join.
Think about what we can do with chapters like NY/NJ with over 100 members if
they were all financial to the tune of $100 or so? That's $10k and one
chapter. But there has to be a reason for folks to pay. Let's work up a
schedule of things that are member-only. 


On 6/7/07 7:53 AM, "Dinis Cruz" <dinis at ddplus.net> wrote:

I agree that this will pay itself  easily, and we need to look at it as a
OWASP operational expense.

And btw, we also need to have the numbers of what are the monthly OWASP
operation expenses. So that we can plan our budgets. 


On 6/7/07, Jeff Williams <jeff.williams at owasp.org> wrote:

I really hate to waste OWASP's precious funds, but I think Dinis is right -
this will probably pay for itself many times over.


From: owasp-board-bounces at lists.owasp.org
<mailto:owasp-board-bounces at lists.owasp.org>
<mailto:owasp-board-bounces at lists.owasp.org>
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Thursday, June 07, 2007 5:36 AM
To: OWASP Board
Subject: Re: [Owasp-board] FW: Audit of OWASP


I think we should go for the 5k option. In things like finance we need to be
as transparent and clear as possible. And since the simple review is 3,500
we might as well go a bit further and do the 5,000.

I do think that this is money very well spent, and something that our
existing and potential members will really appreciate. 

And once this is completed, I would like to issue a Press Release about it
since we are starting to be a very good success story. And the more
visibility we have in issues like this, the easier will be for certain
companies to become OWASP members. 


On 6/7/07, Dave Wichers <dave.wichers at owasp.org> wrote:


I haven't looked at the 990 yet as we just got it, but what do you think
about doing this instead of spending $5K-$10K on some kind of formal audit.
I'd really rather spend that $ on something else.

This company is the company that has been doing the OWASP Tax Returns for
the past two years.


From: Andi McDowell 
Sent: Wednesday, June 06, 2007 11:44 AM
To: Dave Wichers; Jeff Williams
Subject: Audit of OWASP


I talked with Carol Malstrom at TR Klien (They prepare the OWASP 990).  Her
original thought was that we could post the 990 (which is what OWASP files
for taxes) on the OWASP site.  For a full audit of 2006, the cost would be
around $5,000.  For an audit back to when OWASP started with us, it would
run about $10k.  She felt an audit of 2006 should be sufficient as they
would review all of the beginning balances for the year.   Her feeling was
that if no one is forcing an audit, it seems an unnecessary expense.

The final option would be to do a simple review, which would cost $3500 for
2006, $6k for 2005 and 2006.  They simply send a letter saying "we've
reviewed the books and everything appears to be in order".  

Let me know what you would prefer doing.






Owasp-board mailing list
Owasp-board at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070607/1e6ab3ec/attachment-0002.html>

More information about the Owasp-board mailing list