[Owasp-board] PROPOSAL: Quarterly Updates by ED on Progress Towards Strategic Goals

Tom Brennan - proactiveRISK tomb at proactiverisk.com
Wed May 7 17:14:23 UTC 2014


Tom Brennan | 973-298-1160 x799 | tomb at proactiverisk.com

> On May 7, 2014, at 12:58 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> I think that the schedule (doing it in correlation with the quarterly meetings) is a good thing.  I guess what I'm really asking is more for a focus on how our activities relate to our strategic goals, rather than just a list of things that staff has done.  The problem that I'm seeing is that the Board set a direction, but we left it up to the operations team to determine how to execute on that vision.  We have Board members sponsoring these goals that have not been engaged on the ongoing activities and when we review, we review as tasks rather than milestones.  I'd like to see the overall plan.  Here's an example:
> For goal X we took the Board's direction and broke it down into the following deliverable milestones.  Employee Y completed this milestone on this date.  We expect to have the following milestones complete by this other date.  We are on target to meet this goal by the specified completion date.
> To summarize, think of the goals as projects with the metrics of success as the milestones.  Think of the Board sponsor as a part of the core project team with the other Board members as key stakeholders.  Develop a communication plan and keep us in the loop.
> Michael, I think a simple "yes, I think I would like quarterly updates on strategic goals" or "no, I think it would be a waste of our time" would be fine here.  No need to formalize anything.  I'd like more visibility into our operations (my fiduciary responsibility) and I feel like this gets us there without being overly intrusive.  I'm not asking for a formal Board vote.  I'm asking if others feel the same way.
> ~josh
>> On Wed, May 7, 2014 at 11:28 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>> Josh -
>> I am not sure if this is for me or the rest of the board or both - but i would be happy to put together a status update for you and ensure it is included in future updates.
>> One piece of clarification regarding reporting that would be helpful - I currently have been preparing reports (and collecting roll up reports from the staff) based on when the board meetings are scheduled.  Is this what you (and everyone else is expecting) or would you like them on a more frequent/different schedule.
>> Thanks,
>> Sarah
>>> On Wed, May 7, 2014 at 8:54 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>> Back in January, we went through and defined the Board Strategic Goals for 2014 including metrics of success and Board member sponsors.  Here we are now, in May (4 months later), and I haven't been engaged by our operations team on my sponsored goal (Strengthening OWASP Chapters), nor have I heard an update from our Executive Director on progress that our staff is making towards these goals.  Rather than finding out what we did after the year is up, I would personally like to see a progress report for each of the strategic goals as part of our quarterly Board meetings.  I believe that updating the Board should be the responsibility of our Executive Director, but it is the Board's responsibility to ensure that our staff is in alignment (and progressing towards) these goals and a quarterly touch point would likely help in doing so.  I'd be interested in your thoughts on this.
>>> ~josh
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> -- 
>> Executive Director
>> OWASP Foundation
>> sarah.baso at owasp.org
>> +1.312.869.2779
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

WARNING: E-mail transmission cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender therefore does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. No employee or 
agent is authorized to conclude any binding agreement on behalf of 
proactiveRISK with another party by email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140507/04c6435c/attachment.html>

More information about the Owasp-board mailing list