[Owasp-board] [Governance] "Ring Fenced Funds" Discussion and Proposal
Andrew van der Stock
vanderaj at owasp.org
Thu Aug 27 07:10:21 UTC 2015
Wow, this has seriously got off the rails. Let's take this to the F2F as
we're not getting anywhere.
thanks,
Andrew
On Thu, Aug 27, 2015 at 4:24 PM, Jim Manico <jim.manico at owasp.org> wrote:
> I think this is an important proposal from Josh, but I'm a little
> concerned of the pressure put on him to have to even build this proposal.
>
> *I frankly think ring-fenced funds for chapters and the savings that each
> chapter has is a very good thing.*
>
> Please take a moment to read this article about spending money at the "end
> of the year" for non profits.
>
> http://www.forpurposelaw.com/uh-oh-end-year-money-left/
>
> Here area few takeaways:
>
> 1) Spending Down All Income Each Year is Fiscally Irresponsible
> 2) Maintaining a financial cushion (even at the chapter level) is good
> money-management and it’s legal.
> 3) A nonprofit can safely make a profit, as long as its primary purpose is
> to carry on and advance its tax-exempt goals and activities.
>
> I think we should celebrate the fact that chapters have been responsible
> and hard working enough to build savings, even if those savings persist
> over a few years. We can always encourage chapters to spend those funds in
> certain ways, but to pressure them seems unjust.
>
> Another thing, we made a very clear promise to chapters about ring fencing
> funds for each chapter. If we raid that coffer we will be 100% out of
> integrity and will be betraying some of the most active members of our
> community.
>
> Please proceed with caution for those of you who want to raid the current
> chapter fund coffers.
>
> - Jim
>
>
>
>
> On 8/23/15 3:58 PM, Josh Sokol wrote:
>
> Board,
>
> *Problem Statement*
> There is no reason why we cannot tackle this issue in parallel with the
> conversation around the Board Member Confidence discussion as, at least to
> me, they appear to be unrelated. The underlying issue here is that we have
> $499,003.33 in funds that are allocated to chapters, and $43,227.29 in
> funds that are allocated to projects, and at least some portion of these
> funds are not getting spent. When funds aren't getting spent, then they
> aren't benefiting our mission. And, when they aren't benefiting our
> mission, then OWASP isn't living up to it's fullest potential.
>
> *Background*
> I realize that this is a highly volatile conversation to have since many
> people are passionate about the topic, myself being one of them. And I
> will qualify my bias in this discussion since my roots with OWASP came from
> being involved with OWASP Austin which has roughly $16k of that funding and
> most would probably consider it one of these "rich chapters". But, it
> wasn't always that way. In fact, when I first got involved with OWASP
> Austin, we didn't have much (if any) money in our account at all. We were
> clearly lagging behind other local organizations, such as ISSA, who
> provided lunch to members, speaker gifts, attendee giveaways, and more.
> And when I took over the chapter a few years later, I set out to change
> things to make OWASP Austin more competitive. Initially, that meant asking
> for funds from the OWASP Foundation for every meeting that we had. Lunch
> ranged from $300-500 per meeting. Throw in speaker gifts and a book
> giveaway and we were probably averaging right around $500 per meeting.
> With monthly meetings, that number added up to a pretty hefty $6000 per
> year for OWASP Austin alone. If you do the math, if every chapter at OWASP
> had these same needs, that's easily over half-a-million dollars a year in
> expenses for chapter meetings alone. Those kinds of numbers may be more
> sustainable with today's revenue, but back then, they would have bankrupted
> OWASP. So, rather than be a part of the problem, we decided that OWASP
> Austin needed to find a way to be a self-sustaining chapter, and decided
> that hosting a conference would be an ideal way to do that, while also
> accomplishing OWASP's mission of education. The Lonestar Application
> Security Conference (LASCON) was born.
>
> The irony here is that OWASP Austin started LASCON as a means to raise
> money so that we wouldn't have to take Foundation funds away from others
> and now others are talking about taking the money away from us. All along
> the way, we have done the community-conscious thing and split part of the
> money we raised with the Foundation. We even donated $10k of funds that we
> didn't think we would need to the Africa Chapters for their conference and
> additional funds to the Cornucopia project. So, yes, we have $16k in the
> bank, but we are spending a significant amount of money every month, and
> that number will go down over the course of the year, and back up after
> LASCON in October. The money is not stagnant. It is being spent, and then
> being refreshed. I realize that the discussion here isn't focused on OWASP
> Austin, but I use it as an example because it is one that I know very well,
> and I think that many of our "rich chapters" fall into a similar boat.
> They have some events that raise money, some events that cost money, and
> the result is that from the outside it looks like these funds are stagnant,
> while in reality these funds are being used in more ways than almost
> anywhere else in our organization.
>
> One of the best things about having money is that it allows you to
> experiment with things that you wouldn't normally be able to using
> Foundation funding sources. For example, for years now the OWASP Austin
> chapter has been recording it's chapter meetings and putting the content
> online (https://vimeo.com/channels/owaspaustin). This started as an
> experiment where we used some of our funds raised by LASCON in order to
> purchase some audio-visual recording equipment. It was a bit rough at
> first, but we started developing best practices and eventually put out a
> document guiding others on the equipment to purchase, how to connect it,
> how to record, and how to put it online. Now, between OWASP Austin and
> LASCON, we have a video library that rivals what is in the OWASP Media
> Project as a whole. Every time I hear this "Ring Fenced Funds" discussion
> come up, what it really comes down to, to me, is that somebody else thinks
> that they will be able to put those funds to better use than we do. They
> put in none of the effort to raise the funds, but want to share in the
> reward of spending them. That just doesn't sit right with me.
>
> As I said in my first paragraph, I agree that there is an issue here, but
> let's not confuse ourselves. The issue has NOTHING to do with revenue
> sources for chapters or projects. We should be encouraging our chapters
> and projects to explore as many different revenue sources as possible as
> long as they do not compromise our core values. Every dollar that a
> chapter or project goes out and gets on their own is another dollar that
> the Foundation has available for another chapter or project to spend
> elsewhere. Even at the current 90/10 split on a chapter conference such as
> LASCON, the Foundation gets 10% of the profit for an event that they
> provided minimal support for (contracts, billing, payments, etc, all
> required by our guidelines). Revenue is a good thing, regardless of the
> account that it falls into.
>
> *Proposal*
> The real issue here that we are trying to address is not "ring fenced
> funds", but rather, "stagnant funds". We shouldn't care that chapters or
> projects HAVE money allocated to them. We should care that they are
> SPENDING it to further our mission. We need a system in place that INFORMS
> our leaders about how much money they have, that ENCOURAGES them to spend
> their money, and that RECLAIMS money that becomes stagnant. Thus, I would
> like to propose the following changes to our policies regarding funds that
> have been allocated to a specific chapter or project.
>
>
> - *Profit sharing splits will remain at their current levels.* As I
> described above, the issue is not how money comes in, it is how it goes
> out. We should be rewarding those chapters and projects who undertake
> fundraising initiatives by empowering them to spend the money that they
> raise. This encourages them to continue with future initiatives and
> creates repeatable formulas that others can use to do the same.
> - *Leaders will regularly be made aware of their account balances.*
> One of the big problems that we have had in the past is that our leaders
> didn't even know that they had money in their account to spend. How can we
> ever expect to get stagnant funds moving in that situation? The OWASP
> staff will be responsible for sending out monthly e-mails to chapter and
> project leaders letting them know how much money they have in their
> account. I would imagine that we could script this so that it happens
> automatically. Regardless, awareness of funds is key to the spending of
> funds.
> - *OWASP will maintain a list of things to spend money on.* OK, so a
> leader now knows that they have money, what next? In the past, we have had
> a list of pre-approved expenses, but it was basic things like room rental,
> meeting food, speakers gifts, etc. We need to get a little bit unorthodox
> here and start maintaining a list of all expenses that were approved in the
> past. I mentioned before that OWASP Austin purchased AV recording
> equipment; let's put that on the list. One of our chapters was talking
> about building a library; sounds great, let's put it on the list. This
> list should grow bigger and bigger as we experiment and innovate and will
> serve to show leaders examples of what others are doing with their funds.
> - *Initiatives, not donations, are key.* Every time I hear someone
> say "We want a chapter to donate funds to project X", I cringe. Not
> because I don't think that it is a worthwhile project, but because moving
> money from one account to another only changes the account balance, it
> doesn't make stagnant funds move. Instead, I would like for us to think of
> things in terms of "initiatives". An initiative is an idea that someone
> has that needs funding to make it happen. It is a specific goal with a
> pre-identified budget needed to make it a reality. We should never have a
> call for "Donate to Project X". The call should be "Project X needs $Y to
> print 1000 copies to give away at conference Z." An initiative gets funds
> moving by giving our leaders a reason to spend them.
> - *Highlight those who are making funds move.* When OWASP Austin
> decided to donate $10k of it's chapter account balance back to the OWASP
> Foundation a year or so ago, it was a very sterile transaction. The money
> was deducted from the LASCON profits before it even touched the chapter
> account and was included as part of the 10% profit share for the
> Foundation. That was it. There was literally no record that the
> transaction ever took place other than an accounting transaction that
> reflected $10k more than what was supposed to be. When someone does
> something like this in our organization, we need to highlight it, because
> others will see it as a positive example and potentially follow suit. Blog
> it, tweet it, put it in the connector, and make it a big deal. If a
> chapter comes up with a creative way to spend their funds, highlight that
> to show others. I cannot understate the importance of this as it sets the
> example that all others will follow.
> - *Budgeting at the micro level is a necessity.* I really hate saying
> this because it makes me sound like an old man, but budgeting is
> important. We do it at the macro level for the Foundation already. It's a
> necessity to ensure that our funds are being spent in a responsible fashion
> in order to further our mission. I'm open to suggestions on this one, but
> my initial thought is that any account (project, chapter, or otherwise)
> with more than $5,000 in it needs to have a plan for how to spend that
> money, and that plan comes in the form of a budget. This move would affect
> 20 chapters which hold a total of $355,847.21, or to put it another way,
> just over 71% of the total chapter "ring-fenced funds". It would affect
> two projects which hold a total of $17,653.52, or just under under 41% of
> the project "ring-fenced funds". Budgeting should happen in Q4 of each
> calendar year with the goal of each of these groups identifying how they
> plan to spend the money over the course of the next year. If there were
> some sort of event or longer-term goal that needs to be considered, a
> future projection budget could be included as well. We can tweak the
> $5,000 bar in the future if we find that it is too high or too low, but it
> seems like a good target to me, at least to start with.
> - *Money with no plan for spending needs to be re-purposed.* The net
> result of the budgeting process is that we identify money being spent or
> saved with a plan vs money that is just sitting there stagnant with no plan
> for spending. Money with no plan for spending, should go back into the
> community engagement funds pool for others to spend as needed.
> - *Negative account balances need to be wiped clean.* I'm not sure
> how it happened, but I see a number of chapters and projects who have
> negative account balances. I find myself wondering how it would make me
> feel as a leader to look at the scoreboard or get an e-mail and see that
> I'm actually in the red. How humiliating. And what a huge barrier for a
> new leader to overcome. However this practice got started, nobody should
> ever be able to go below 0. We need to wipe these deficits clean and give
> them a fresh start. We're talking less than $750. We can figure out a way
> to make this happen. In the future, any amounts over what a chapter has
> available needs to come from the Foundation.
> - *Account balances should be the start of all funding efforts.*
> Let's be clear, there is no shortage of money at OWASP for those who need
> it. The community engagement funds pool has plenty of money in it that
> hasn't been used up in years past. That said, the intent of this pool of
> funds should be to provide money to those who don't have it, not to
> supplement those who do. I've seen at least one initiative recently where
> the proposal ignored the fact that the projects involved all had positive
> account balances, and effectively gifted them the money for the initiative,
> rather than having them spend their funds first. With the underlying issue
> here being one of stagnant funds, how can we possibly justify gifting this
> money, when they all had their own money that could have been used? I
> heard the excuse in this particular situation that they likely would not
> have participated if they had to spend their own money, but in that case,
> what does that say about how much those projects valued the initiative? No
> leader should be able to receive Foundation funding unless they no longer
> have "ring-fenced funds" to spend. Otherwise, we are just further
> perpetuating this problem.
> - *Spending money needs to be easy.* There is plenty of money
> available at OWASP for those who need it. Between the chapters, projects,
> and community funding, we're looking at over $600k. So, when people tell
> me that they have a hard time spending money at OWASP, I wonder why that
> is. I suggest that if a chapter or project has a desire to do something
> that is either on the approved list, or that any other chapter or project
> has done in the past (ie. is on that list of things we are spending money
> on), and they have the funds in their account, they can do it, no questions
> asked. With every approval, we need to be conscious that we are setting
> the precedent that this is an approved expense for everyone. For those
> without money in their account, they can follow the community engagement
> process, or see my proposal below.
> - *Anyone can budget for the future.* I talked above about the idea
> of micro-budgets for anyone with over $5000 in their account. This helps
> to recoup the money that isn't getting spent, but it doesn't do anything
> for those who don't have any money, but have things that they want to spend
> it on. Thus, I propose the idea that any chapter, project, committee, etc
> can create a budget in Q4 for an initiative, or other spending needs, that
> they would like to cover the following year, but do not have the funds to
> do so. The budget would be reviewed by the Executive Director and Board,
> and, if approved, incorporated into the overall OWASP Foundation budget for
> the following year. This would effectively set aside the funds to use at
> the appropriate period of time, in the future, with no further approvals
> necessary. It creates empowerment for use of funds and allows the
> Foundation to approve them and plan for them in a responsible manner.
> Funds are allocated in a "Use them or lose them" fashion, however, and go
> back to the Foundation pool for other initiatives if they are not spent
> when planned.
>
> I did my best here to outline each of the problems that I see with respect
> to how OWASP funds are spent today and to come up with reasonable solutions
> to each. I don't claim for this to be a comprehensive solution, and I hope
> that you all will help me to further flush out these ideas in order to
> create a long-term vision that will empower our leaders and get our money
> moving for our mission while still maintaining a sense of fiscal
> responsibility. I am very interested in hearing your thoughts and feedback
> on it. Thanks.
> ~josh
>
>
> _______________________________________________
> Governance mailing listGovernance at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/governance
>
>
> --
> Jim Manico
> Global Board Member
> OWASP Foundationhttps://www.owasp.org
> Join me at AppSecUSA 2015!
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150827/3d9ab461/attachment-0001.html>
More information about the Owasp-board
mailing list