[Owasp-leaders] Project money

Eoin Keary eoin.keary at owasp.org
Thu Jul 17 12:27:01 UTC 2014


My view is keep it simple. 

Funds should be allocated to a large shared owasp projects fund. Project leaders should be able to propose a drawdown of funds where required. Small amounts should not need board approval (up to $3k). 

All funding requests need to be followed by receipts and invoices such that we can keep track of funds and what the spend was on.

If this is abused we may need to tighten up but I don't feel it will from past experience.

-ek



Eoin Keary
Owasp Global Board
+353 87 977 2988


On 17 Jul 2014, at 11:59, Tobias <tobias.gondrom at owasp.org> wrote:

> Hi Larry, 
> 
> thank you very much for your idea and I agree with you. Proper spending and management of our funds is essential for our organisation. So this would be a general "up" from me. 
> 
> Maybe some additional thoughts on your points: 
> 
> "I am proposing the following change. Purpose here is to create a two-person authorization to pay expenses and to create transparency of project expenses."
> 
> A: In my understanding the current procedure is a two-person authorization: the project leader and the OWASP Projects Manager being the two person to authorise the spending. (note: in general project leaders can not spend funds on themselves.) Do you think we need more controls? 
> 
> Regarding your specific suggestions: 
> 
> "Monies to be paid must meet the following criteria: 
> 1. A description of the expenses on how this relates to the project.
> 2. Expense must be published on OWASP wiki project page prior to being paid.
> 3. OWASP staff member and a project leader/project support person or a designated OWASP project person must validate and prove the expense."
> 
> #1: I believe, when you submit requests for reimbursements today you already have to fill in the description in the reimbursement form. 
> #2: I am a bit concerned with administrative overhead for the project leads to do that. As they already filled out the reimbursement form with all that information, maybe we could try to use automated reports that document all expenses (instead of manually adding content to the wiki). And considering that our staff is currently over-busy, I would not want to put the admin burden on staff to verify for each transaction that the expenses have been published on the project wiki page. 
> #3: I agree with that. And my understanding is that that is already the case in practice. Project Lead submitting the request (first authorisation step) and project manager (which was staff) validating request (2nd authorisation step) 
> 
> As I have the feeling, that we are already doing #1 and #3, I am not quite sure where to go from here. I would see the benefit of looking into how we can produce automatic spending reports and publishing them to the projects. 
> 
> Am I missing something? 
> 
> All the best, Tobias
> 
> 
> Ps.: small question: may I ask, why you would want to exclude OWASP broad member or elect OWASP board member from being a project designate? Do you see a conflict of interest here? (Just fyi: today, individual board members do not have any special authority to sign-off in this chain, except for Michael who has been designated as interim ED for a while for the time after Sarah's departure, so only in his executive function, but not his role as board member.). Equally board members are not forbidden to take part in normal OWASP activities or lead projects or chapters as any other OWASP leader. E.g. I am for example helping out on the London chapter board, and as in any other chapter with such co-leader roles, I sometimes review and agree with my chapter leaders requests for funding for chapter expenses for local events.... (two-person review and authorization). Do you see this as a problem? 
> 
> 
> 
> On 13/07/14 03:37, Larry Conklin wrote:
>> Because of previous email(s) the subject of project money has come up. I want to let everyone know to the best of my knowledge the money for the Code Review project has been spent correctly and nothing is amiss.
>> 
>> I do believe there is an opportunity to improve the expense payment process of project expenses. Please feel free to change to text(add, delete, change). A discussion on actual policy is much better then a useless email(s) discussion that does not make any change(s) to improve OWASP. Our mission is to important.
>> 
>> The current URL for OWASP policy grant spending: https://docs.google.com/a/owasp.org/document/d/1yX68nS20qj7QNTcDkKCD3hSfFEbJaBKjoWjc2wF_aLA/edit
>> 
>>  
>> 
>> I would like to see the board make an up or down vote to on the following change to the policy and have this change be made part of the actual policy instead of being a guideline.
>> 
>>  
>> 
>> Here is the guideline I want to be made as actual policy….
>> 
>> 3. All expenses to be made using grant awarded funds must be pre-approved by the OWASP Projects Manager. 
>> 
>>  
>> 
>> I am proposing the following change. Purpose here is to create a two-person authorization to pay expenses and to create transparency               of project expenses.
>> 
>>  
>> 
>> Item 3: Expenses to be paid out of project funds (grant and non-grant funds) should be submitted to OWASP staff to be paid. The submitter will be the  project designate with a complete description of the expenses (project designate cannot be a OWASP broad member or elect OWASP board member).  Prior to submitting the expense to be paid the expense must be published on the project wiki page. Monies to be paid must meet the following criteria.
>> 
>> 
>> 
>> A description of the expenses on how this relates to the project.
>> Expense must be published on OWASP wiki project page prior to being paid.
>> OWASP staff member and a project leader/project support person or a designated OWSP project person must validate and prove the expense.
>> 
>>       Larry Conklin, CISSP (Co-Leader for Code Review Project)
>> 
>> L
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140717/b6eb0d06/attachment.html>


More information about the OWASP-Leaders mailing list