[Owasp-board] [Governance] "Ring Fenced Funds" Discussion and Proposal

Andrew van der Stock vanderaj at owasp.org
Thu Aug 27 07:10:21 UTC 2015

Wow, this has seriously got off the rails. Let's take this to the F2F as
we're not getting anywhere.


On Thu, Aug 27, 2015 at 4:24 PM, Jim Manico <jim.manico at owasp.org> wrote:

> I think this is an important proposal from Josh, but I'm a little
> concerned of the pressure put on him to have to even build this proposal.
> *I frankly think ring-fenced funds for chapters and the savings that each
> chapter has is a very good thing.*
> Please take a moment to read this article about spending money at the "end
> of the year" for non profits.
> http://www.forpurposelaw.com/uh-oh-end-year-money-left/
> Here area few takeaways:
> 1) Spending Down All Income Each Year is Fiscally Irresponsible
> 2) Maintaining a financial cushion (even at the chapter level) is good
> money-management and it’s legal.
> 3) A nonprofit can safely make a profit, as long as its primary purpose is
> to carry on and advance its tax-exempt goals and activities.
> I think we should celebrate the fact that chapters have been responsible
> and hard working enough to build savings, even if those savings persist
> over a few years. We can always encourage chapters to spend those funds in
> certain ways, but to pressure them seems unjust.
> Another thing, we made a very clear promise to chapters about ring fencing
> funds for each chapter. If we raid that coffer we will be 100% out of
> integrity and will be betraying some of the most active members of our
> community.
> Please proceed with caution for those of you who want to raid the current
> chapter fund coffers.
> - Jim
> On 8/23/15 3:58 PM, Josh Sokol wrote:
> Board,
> *Problem Statement*
> There is no reason why we cannot tackle this issue in parallel with the
> conversation around the Board Member Confidence discussion as, at least to
> me, they appear to be unrelated.  The underlying issue here is that we have
> $499,003.33 in funds that are allocated to chapters, and $43,227.29 in
> funds that are allocated to projects, and at least some portion of these
> funds are not getting spent.  When funds aren't getting spent, then they
> aren't benefiting our mission.  And, when they aren't benefiting our
> mission, then OWASP isn't living up to it's fullest potential.
> *Background*
> I realize that this is a highly volatile conversation to have since many
> people are passionate about the topic, myself being one of them.  And I
> will qualify my bias in this discussion since my roots with OWASP came from
> being involved with OWASP Austin which has roughly $16k of that funding and
> most would probably consider it one of these "rich chapters".  But, it
> wasn't always that way.  In fact, when I first got involved with OWASP
> Austin, we didn't have much (if any) money in our account at all.  We were
> clearly lagging behind other local organizations, such as ISSA, who
> provided lunch to members, speaker gifts, attendee giveaways, and more.
> And when I took over the chapter a few years later, I set out to change
> things to make OWASP Austin more competitive.  Initially, that meant asking
> for funds from the OWASP Foundation for every meeting that we had.  Lunch
> ranged from $300-500 per meeting.  Throw in speaker gifts and a book
> giveaway and we were probably averaging right around $500 per meeting.
> With monthly meetings, that number added up to a pretty hefty $6000 per
> year for OWASP Austin alone.  If you do the math, if every chapter at OWASP
> had these same needs, that's easily over half-a-million dollars a year in
> expenses for chapter meetings alone.  Those kinds of numbers may be more
> sustainable with today's revenue, but back then, they would have bankrupted
> OWASP.  So, rather than be a part of the problem, we decided that OWASP
> Austin needed to find a way to be a self-sustaining chapter, and decided
> that hosting a conference would be an ideal way to do that, while also
> accomplishing OWASP's mission of education.  The Lonestar Application
> Security Conference (LASCON) was born.
> The irony here is that OWASP Austin started LASCON as a means to raise
> money so that we wouldn't have to take Foundation funds away from others
> and now others are talking about taking the money away from us.  All along
> the way, we have done the community-conscious thing and split part of the
> money we raised with the Foundation.  We even donated $10k of funds that we
> didn't think we would need to the Africa Chapters for their conference and
> additional funds to the Cornucopia project.  So, yes, we have $16k in the
> bank, but we are spending a significant amount of money every month, and
> that number will go down over the course of the year, and back up after
> LASCON in October.  The money is not stagnant.  It is being spent, and then
> being refreshed.  I realize that the discussion here isn't focused on OWASP
> Austin, but I use it as an example because it is one that I know very well,
> and I think that many of our "rich chapters" fall into a similar boat.
> They have some events that raise money, some events that cost money, and
> the result is that from the outside it looks like these funds are stagnant,
> while in reality these funds are being used in more ways than almost
> anywhere else in our organization.
> One of the best things about having money is that it allows you to
> experiment with things that you wouldn't normally be able to using
> Foundation funding sources.  For example, for years now the OWASP Austin
> chapter has been recording it's chapter meetings and putting the content
> online (https://vimeo.com/channels/owaspaustin).  This started as an
> experiment where we used some of our funds raised by LASCON in order to
> purchase some audio-visual recording equipment.  It was a bit rough at
> first, but we started developing best practices and eventually put out a
> document guiding others on the equipment to purchase, how to connect it,
> how to record, and how to put it online.  Now, between OWASP Austin and
> LASCON, we have a video library that rivals what is in the OWASP Media
> Project as a whole.  Every time I hear this "Ring Fenced Funds" discussion
> come up, what it really comes down to, to me, is that somebody else thinks
> that they will be able to put those funds to better use than we do.  They
> put in none of the effort to raise the funds, but want to share in the
> reward of spending them.  That just doesn't sit right with me.
> As I said in my first paragraph, I agree that there is an issue here, but
> let's not confuse ourselves.  The issue has NOTHING to do with revenue
> sources for chapters or projects.  We should be encouraging our chapters
> and projects to explore as many different revenue sources as possible as
> long as they do not compromise our core values.  Every dollar that a
> chapter or project goes out and gets on their own is another dollar that
> the Foundation has available for another chapter or project to spend
> elsewhere.  Even at the current 90/10 split on a chapter conference such as
> LASCON, the Foundation gets 10% of the profit for an event that they
> provided minimal support for (contracts, billing, payments, etc, all
> required by our guidelines).  Revenue is a good thing, regardless of the
> account that it falls into.
> *Proposal*
> The real issue here that we are trying to address is not "ring fenced
> funds", but rather, "stagnant funds".  We shouldn't care that chapters or
> projects HAVE money allocated to them.  We should care that they are
> SPENDING it to further our mission.  We need a system in place that INFORMS
> our leaders about how much money they have, that ENCOURAGES them to spend
> their money, and that RECLAIMS money that becomes stagnant.  Thus, I would
> like to propose the following changes to our policies regarding funds that
> have been allocated to a specific chapter or project.
>    - *Profit sharing splits will remain at their current levels.*  As I
>    described above, the issue is not how money comes in, it is how it goes
>    out.  We should be rewarding those chapters and projects who undertake
>    fundraising initiatives by empowering them to spend the money that they
>    raise.  This encourages them to continue with future initiatives and
>    creates repeatable formulas that others can use to do the same.
>    - *Leaders will regularly be made aware of their account balances.*
>    One of the big problems that we have had in the past is that our leaders
>    didn't even know that they had money in their account to spend.  How can we
>    ever expect to get stagnant funds moving in that situation?  The OWASP
>    staff will be responsible for sending out monthly e-mails to chapter and
>    project leaders letting them know how much money they have in their
>    account.  I would imagine that we could script this so that it happens
>    automatically.  Regardless, awareness of funds is key to the spending of
>    funds.
>    - *OWASP will maintain a list of things to spend money on.*  OK, so a
>    leader now knows that they have money, what next?  In the past, we have had
>    a list of pre-approved expenses, but it was basic things like room rental,
>    meeting food, speakers gifts, etc.  We need to get a little bit unorthodox
>    here and start maintaining a list of all expenses that were approved in the
>    past.  I mentioned before that OWASP Austin purchased AV recording
>    equipment; let's put that on the list.  One of our chapters was talking
>    about building a library; sounds great, let's put it on the list.  This
>    list should grow bigger and bigger as we experiment and innovate and will
>    serve to show leaders examples of what others are doing with their funds.
>    - *Initiatives, not donations, are key.*  Every time I hear someone
>    say "We want a chapter to donate funds to project X", I cringe.  Not
>    because I don't think that it is a worthwhile project, but because moving
>    money from one account to another only changes the account balance, it
>    doesn't make stagnant funds move.  Instead, I would like for us to think of
>    things in terms of "initiatives".  An initiative is an idea that someone
>    has that needs funding to make it happen.  It is a specific goal with a
>    pre-identified budget needed to make it a reality.  We should never have a
>    call for "Donate to Project X".  The call should be "Project X needs $Y to
>    print 1000 copies to give away at conference Z."  An initiative gets funds
>    moving by giving our leaders a reason to spend them.
>    - *Highlight those who are making funds move.*  When OWASP Austin
>    decided to donate $10k of it's chapter account balance back to the OWASP
>    Foundation a year or so ago, it was a very sterile transaction.  The money
>    was deducted from the LASCON profits before it even touched the chapter
>    account and was included as part of the 10% profit share for the
>    Foundation.  That was it.  There was literally no record that the
>    transaction ever took place other than an accounting transaction that
>    reflected $10k more than what was supposed to be.  When someone does
>    something like this in our organization, we need to highlight it, because
>    others will see it as a positive example and potentially follow suit.  Blog
>    it, tweet it, put it in the connector, and make it a big deal.  If a
>    chapter comes up with a creative way to spend their funds, highlight that
>    to show others.  I cannot understate the importance of this as it sets the
>    example that all others will follow.
>    - *Budgeting at the micro level is a necessity.*  I really hate saying
>    this because it makes me sound like an old man, but budgeting is
>    important.  We do it at the macro level for the Foundation already.  It's a
>    necessity to ensure that our funds are being spent in a responsible fashion
>    in order to further our mission.  I'm open to suggestions on this one, but
>    my initial thought is that any account (project, chapter, or otherwise)
>    with more than $5,000 in it needs to have a plan for how to spend that
>    money, and that plan comes in the form of a budget.  This move would affect
>    20 chapters which hold a total of $355,847.21, or to put it another way,
>    just over 71% of the total chapter "ring-fenced funds".   It would affect
>    two projects which hold a total of $17,653.52, or just under under 41% of
>    the project "ring-fenced funds".  Budgeting should happen in Q4 of each
>    calendar year with the goal of each of these groups identifying how they
>    plan to spend the money over the course of the next year.  If there were
>    some sort of event or longer-term goal that needs to be considered, a
>    future projection budget could be included as well.  We can tweak the
>    $5,000 bar in the future if we find that it is too high or too low, but it
>    seems like a good target to me, at least to start with.
>    - *Money with no plan for spending needs to be re-purposed.*  The net
>    result of the budgeting process is that we identify money being spent or
>    saved with a plan vs money that is just sitting there stagnant with no plan
>    for spending.  Money with no plan for spending, should go back into the
>    community engagement funds pool for others to spend as needed.
>    - *Negative account balances need to be wiped clean.*  I'm not sure
>    how it happened, but I see a number of chapters and projects who have
>    negative account balances.  I find myself wondering how it would make me
>    feel as a leader to look at the scoreboard or get an e-mail and see that
>    I'm actually in the red.  How humiliating.  And what a huge barrier for a
>    new leader to overcome.  However this practice got started, nobody should
>    ever be able to go below 0.  We need to wipe these deficits clean and give
>    them a fresh start.  We're talking less than $750.  We can figure out a way
>    to make this happen.  In the future, any amounts over what a chapter has
>    available needs to come from the Foundation.
>    - *Account balances should be the start of all funding efforts.*
>    Let's be clear, there is no shortage of money at OWASP for those who need
>    it.  The community engagement funds pool has plenty of money in it that
>    hasn't been used up in years past.  That said, the intent of this pool of
>    funds should be to provide money to those who don't have it, not to
>    supplement those who do.  I've seen at least one initiative recently where
>    the proposal ignored the fact that the projects involved all had positive
>    account balances, and effectively gifted them the money for the initiative,
>    rather than having them spend their funds first.  With the underlying issue
>    here being one of stagnant funds, how can we possibly justify gifting this
>    money, when they all had their own money that could have been used?  I
>    heard the excuse in this particular situation that they likely would not
>    have participated if they had to spend their own money, but in that case,
>    what does that say about how much those projects valued the initiative?  No
>    leader should be able to receive Foundation funding unless they no longer
>    have "ring-fenced funds" to spend.  Otherwise, we are just further
>    perpetuating this problem.
>    - *Spending money needs to be easy.*  There is plenty of money
>    available at OWASP for those who need it.  Between the chapters, projects,
>    and community funding, we're looking at over $600k.  So, when people tell
>    me that they have a hard time spending money at OWASP, I wonder why that
>    is.  I suggest that if a chapter or project has a desire to do something
>    that is either on the approved list, or that any other chapter or project
>    has done in the past (ie. is on that list of things we are spending money
>    on), and they have the funds in their account, they can do it, no questions
>    asked.  With every approval, we need to be conscious that we are setting
>    the precedent that this is an approved expense for everyone.  For those
>    without money in their account, they can follow the community engagement
>    process, or see my proposal below.
>    - *Anyone can budget for the future.*  I talked above about the idea
>    of micro-budgets for anyone with over $5000 in their account.  This helps
>    to recoup the money that isn't getting spent, but it doesn't do anything
>    for those who don't have any money, but have things that they want to spend
>    it on.  Thus, I propose the idea that any chapter, project, committee, etc
>    can create a budget in Q4 for an initiative, or other spending needs, that
>    they would like to cover the following year, but do not have the funds to
>    do so.  The budget would be reviewed by the Executive Director and Board,
>    and, if approved, incorporated into the overall OWASP Foundation budget for
>    the following year.  This would effectively set aside the funds to use at
>    the appropriate period of time, in the future, with no further approvals
>    necessary.  It creates empowerment for use of funds and allows the
>    Foundation to approve them and plan for them in a responsible manner.
>    Funds are allocated in a "Use them or lose them" fashion, however, and go
>    back to the Foundation pool for other initiatives if they are not spent
>    when planned.
> I did my best here to outline each of the problems that I see with respect
> to how OWASP funds are spent today and to come up with reasonable solutions
> to each.  I don't claim for this to be a comprehensive solution, and I hope
> that you all will help me to further flush out these ideas in order to
> create a long-term vision that will empower our leaders and get our money
> moving for our mission while still maintaining a sense of fiscal
> responsibility.  I am very interested in hearing your thoughts and feedback
> on it.  Thanks.
> ~josh
> _______________________________________________
> Governance mailing listGovernance at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/governance
> --
> Jim Manico
> Global Board Member
> OWASP Foundationhttps://www.owasp.org
> Join me at AppSecUSA 2015!
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150827/3d9ab461/attachment-0001.html>

More information about the Owasp-board mailing list