[Owasp-leaders] Accounting Error - IRS

Karen Staley karen.staley at owasp.org
Wed Sep 19 11:44:38 UTC 2018

Dear Tom,
Thank you for your in depth review of the 2016 990.    We are currently in
the process of finalizing the 2017 990 which needs to be submitted by mid

I will give your comments immediate attention with the accounting team and
those preparing the 2017 990 and will come back to you,  the board, and the
community with a response and explanation or correction of the stated
"errors" on the 990 as soon as possible.

Thank you and I look forward to seeing you in San Jose.

Best Regards,

On Wed, Sep 19, 2018 at 7:11 AM Tom Brennan - OWASP <tomb at owasp.org> wrote:

> Board, Executive Director, Members,
> In comparison of OWASP Foundation’s IRS 990 to a similar organization that
> I am doing work for, I have identified a flaw in the IRS 990’s of OWASP
> Foundation that needs to be remedied. This has also been confirmed
> independently with a CPA.
> Example
> https://www.owasp.org/images/4/49/THE_OWASP_FOUNDATION_INC._2016_FORM_990_-_CLIENT_COPY.pdf
> See page 22 (contributing organizations aka: member/donators)
> See page 24 on this one same
> https://www.owasp.org/images/8/8a/THE_OWASP_FOUNDATION_INC._2015_FORM_990_-_CLIENT_COPY.pdf
> Alert to the board as a new business topic for appsecusa f2f board meeting
> and leader meeting.
> The 2017 and then future reports can only be accurate when ANYONE spending
> 5,000usd + as a charitable undirected donation more must be listed on the
> 990 explicitly.
> As the OWASP Secretary in 2017 please share with me the draft ASAP so I
> can review prior to approval/signatures if my name will be associated with
> it. As it is not yet filed or copy published online at
> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Form_990_Documents the
> filing extension is coming due
> Corporate members that will need to be listed include
> https://www.owasp.org/index.php/Acknowledgements
> Details of member allocation (no date of last update so not clear how
> accurate this is anymore)
> https://docs.google.com/a/owasp.org/spreadsheets/d/1z0CCshqrBrfSOxuqR6xOGzKHRKslSXTLL4-slD5RtS0/edit?usp=sharing
> Finally, if OWASP continues the practice of purchases of conference space
> for exhibiting as “donations” then these also must be listed if exceeding
> the threshold and reported accurately to the IRS.
> After identification of this, I was surprised that this was not called out
> at the past audit but perhaps it was and is already been reviewed by the
> now current board?  The last audit findings appears to be published from
> 2013
> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Audited_Financial_Statements
> Please post subsequent documents for the benefit of members and
> organizational faith/transparency
> Finally it is useful to ensure the House is in order to update Charity
> Navigator accordingly. This demonstrates due care for an organization of
> our OWASP Foundations size
> https://www.charitynavigator.org/index.cfm?bay=search.profile&ein=200963503
> Regards.
> --
> Tom Brennan
> OWASP Foundation, NYC Metro Chapter
> https://www.owasp.org/index.php/User:Brennan

*OWASP Foundation*
Karen Staley
Executive Director

karen.staley at owasp.org <kelly.santalucia at owasp.org>
Direct: +1 240.446.2951

*Consider giving back, and supporting the open source community by becoming
a member <https://www.owasp.org/index.php/Membership> or making a donation
<https://www.owasp.org/index.php/Donate> today! *

*Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
San Jose, CA!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180919/a679fae7/attachment.html>

More information about the OWASP-Leaders mailing list