This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "September 19, 2017"

From OWASP
Jump to: navigation, search
(Changed to point person from Tom to Martin)
(AppSecUSA)
 
(5 intermediate revisions by 3 users not shown)
Line 20: Line 20:
 
OWASP Foundation is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.]  A link to the monthly operational report can be found here:  [http://owasp.blogspot.com/2017/01/owasp-operations-update-for-january-2017.html REPORT]
 
OWASP Foundation is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.]  A link to the monthly operational report can be found here:  [http://owasp.blogspot.com/2017/01/owasp-operations-update-for-january-2017.html REPORT]
  
Finance Report
+
=== Finance Report ===
 
 
 
From Tom Pappas:
 
From Tom Pappas:
  
"Attached please find the preliminary (due to Dev Summit 2017 not completely closed out yet) OWASP Combined (Converted to USD for all reports) financial pkg for July 2017 which represents financial performance through seven months of 2017.  I have used the approved version of the Budget for a comparison.  Matt T for the Board call I have attached a pdf of the Board summary and the Balance Sheet Summary which you can put up on the wiki, as the full fin pkg have quite a few tabs that are used for internal tracking only.
+
"Attached please find the preliminary (due to Dev Summit 2017 not completely closed out yet) OWASP Combined (Converted to USD for all reports) financial pkg for July 2017 which represents financial performance through seven months of 2017.  I have used the approved version of the Budget for a comparison.   
  
 
Here is a summary of the Activity YTD. All amounts are combined with the EU and converted to USD in these reports:   
 
Here is a summary of the Activity YTD. All amounts are combined with the EU and converted to USD in these reports:   
Line 30: Line 29:
 
'''Income Statement:''' 
 
'''Income Statement:''' 
  
'''Revenue:'''  On an accrual basis, total revenue YTD through Jul 2017 was $1.423.8 million as compared to a plan of $1,196 million.  The results are a $227.7K ahead of plan as of 7.31.17, due primarily to AppSec Cali being over vs AppSec EU being under budget. 
+
'''Revenue:'''  On an accrual basis, total revenue YTD through Jul 2017 was $1.423.8 million as compared to a plan of $1,196 million.  The results are a $227.7K ahead of plan as of 7.31.17, due primarily to APSEC Cali being over vs APSEC EU being under budget. 
  
'''Expenses:'''   Total spending YTD was over plan by $50.1K due the Over Spending on Conference and Chapters offset by underspending in Community outreach (Marketing), Professional services (No Wiki proj spending) and Grant expense.
+
'''Expenses:'''   Total spending YTD was over plan by $50.1Kk due the Over Spending on Conference and Chapters offset by underspending in Community outreach (Marketing), Professional services (No Wiki proj spending) and Grant expense.
  
'''Net Income/Loss:'''  YTD on a combined Accrual basis we are at a loss of $252.9K vs a budgeted '''LOSS''' of $430.6K for a net gain to the budget of $177.6K.  I want to add some caution here as AppSec EU 2017 was about $57K under budget.  We also, more than ever need AppSec 2017 US to be a success (meet or exceed Bud of $585K net income or the total 2017 budgeted loss of $235K will be more, though it is not looking like we will achieve this) and we just agreed to $45K for the ED search so we need to continue to monitor revenue and spending VERY closely as we move throughout the rest of 2017.  
+
'''Net Income/Loss:'''  YTD on a combined Accrual basis we are at a loss of $252.9K vs a budgeted '''LOSS''' of $430.6K for a net gain to the budget of $177.6K.  I want to add some caution here as Apsec EU 2017 was about $57K underbudget.  We also, more than ever need Apsec 2017 US to be a success (meet or exceed Bud of $585K net income or the total 2017 budgeted loss of $235K will be more, though it is not looking like we will achieve this) and we just agreed to $45K for the ED search so we need to continue to monitor revenue and spending VERY closely as we move throughout the rest of 2017.  
  
 
'''Chapter Funds:''' On an accrual basis, as of 7.31.17 The US Bal is $758.5K, while down a couple of thousand dollars from last month is still a large draw on funds.  This is an issue that is only going to magnify as our events continue to be successful.  Chapter balances will continue to grow to a point where they exceed the amount of cash OWASP has on hand in its Bank accounts, which could happen as soon Aug 2017.  Also, the EU Ch was up a couple of thousand dollars at $74.8K balance.  I also ran the Proj balances and they are now Combined at $114.4K vs the $95K at the end of June.
 
'''Chapter Funds:''' On an accrual basis, as of 7.31.17 The US Bal is $758.5K, while down a couple of thousand dollars from last month is still a large draw on funds.  This is an issue that is only going to magnify as our events continue to be successful.  Chapter balances will continue to grow to a point where they exceed the amount of cash OWASP has on hand in its Bank accounts, which could happen as soon Aug 2017.  Also, the EU Ch was up a couple of thousand dollars at $74.8K balance.  I also ran the Proj balances and they are now Combined at $114.4K vs the $95K at the end of June.
Line 40: Line 39:
 
POINTS of NOTE:
 
POINTS of NOTE:
  
About AppSec EU 2017, I am told there are a few minor stragglers for minor bills to fully close it out in Aug 17 but as of now please review the AppSec EU 2017 tab, as we were about $84K under in revenue and $27K Under in expense (if no more come in) which takes us to <$57K> in Net income, which is being offset by other events such as AppSec Cali.  As noted in previous months not sure that will continue, so Spending should still be monitored and we need to have AppSec US in Sept meet or exceed the budget of $585K Net income.
+
About APSEC EU 2017, I am told there are a few minor stragglers for minor bills to fully close it out in Aug 17 but as of now please review the APSEC EU 2017 tab, as we were about $84K under in revenue and $27K Under in expense (if no more come in) which takes us to <$57K> in Net income, which is being offset by other events such as Apsec Cali.  As noted in previous months not sure that will continue, so Spending should still be monitored and we need to have Apsec US in Sept meet or exceed the budget of $585K Net income.
 
 
There are a couple of points I want to highlight.  The first is about cash while we had almost $1.7 million in the bank and if we add in half of the Open AR of $172K the Balance would be $1.872 million and to be conservative the balance would be and there are between accounts payable, Credit Card chgs and VAT payable for the Italian event in 2016 over $460K, which takes cash down to about $1.24 Million.  So while not a true cash flow issue, yet, if you take out the Ch balance of $833K and the Proj balance of $115K it leaves us with just about $292K of liquid cash and couple that with half the open AR of $172K we have $464K of operational reserves.  I just want to keep this on EVERYONE’s radar as we move forward.  This leaves our Operating cash reserve at 2.6 months and add in half the open AR it takes us to just over 4 months, again this need to continue to be monitored closely.
 
  
With regard to Accounts Receivable the US balance is $275K and the EU balance is another $69KWe have started and are seeing success in following up on the invoices we have created, however will need assistance as any invoices created prior to 6.30.17 do not seem to have contact info, specifically email addresses in Quickbooks so we are working on putting a list together.  Also in conversation with a Ch leader they are offering if we give them a list of open AR by Ch they will follow up as some of these invoices are funds earmarked for them."
+
There are a couple of points I want to highlight.  The first is about cash while we had $1.68 million in the bank (if we add in half of the Open AR of $172K the balance would be $1.872 million to be conservative). Factoring in accounts payable, Credit Card chgs and VAT payable for the Italian event in 2016 that is over $673K, it takes cash down to about $1.07 Million.  So while not a true cash flow issue, yet, if you take out the Ch balance of $833K and the Proj balance of $115K it leaves us with just about $60K of liquid Oper cashNow add that to half the open AR of $172K we have about $230K of Oper. reserves.  I just want to keep this on EVERONE’s radar as we move forward ad this leaves our Oper. cash reserve at .75 months and when we add in half the open AR it takes us to just about 3 months, again this needs to continue to be monitored closely."
 +
* July 2017 Balance Sheet https://drive.google.com/open?id=0B4xgbqJzimL4Ql93RVZVTGRzcVFqTXdrUnhSenMxNVJ0cU9J
 +
* July 2017 Board Summary https://drive.google.com/open?id=0B4xgbqJzimL4UFpGUzhyVVotcS04RUZWMWNjWEJhU3BMemZV
 +
* July 2017 Combined Financial Package https://drive.google.com/open?id=0B4xgbqJzimL4eEJqT0xKcFlha2RYWDlhYUt4a1h6WEh1YlUw
 
  OLD BUSINESS
 
  OLD BUSINESS
  
Line 55: Line 55:
 
3. Set aside 100.000 USD as seed fund for the OWASP Summit 2018 to cover travel for selected working-session organizers  
 
3. Set aside 100.000 USD as seed fund for the OWASP Summit 2018 to cover travel for selected working-session organizers  
  
 +
[Andrew] For discussion
 +
# Chapter and project balances - We can't put off finance reform any longer, we need to make changes to the way projects and chapters are funded
 +
# Operational reserves - How do we get back to six months of operational reserves
 +
# Accounts receivable - need to work on getting aged receivables fixed
 
[Matt T] For Vote:
 
[Matt T] For Vote:
  
Line 80: Line 84:
  
 
'''''{previous proposal end}'''''
 
'''''{previous proposal end}'''''
 +
 +
[Matt Konda]
 +
* [https://docs.google.com/document/d/1YZjyyinr1O2JYVj7pFszMZyngN1IrgayRuQxCRoUVNM/edit Proposal] to host 2018 AppSecUSA in San Jose.  (History [[OWASP Board Votes|OWASP Board Votes 9 May 17 | 14 Jan 15]])
 +
[Andrew and Tom Pappas] For Discussion
 +
* 2018 Budget Discussion
 +
[Andrew van der Stock] - AppSec AU Debrief
 +
 
  COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
 
  COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
  

Latest revision as of 22:18, 19 September 2017

Meeting Location:

VIRTUAL

https://www3.gotomeeting.com/join/861328838

International Toll Free Calling Information

AGENDA This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.

CALL TO ORDER
CHANGES TO THE AGENDA (Open to anyone including members of the public)
APPROVAL OF MINUTES

- Approval of prior Prior Meeting Minutes

REPORTS

OWASP Foundation is managed by the Operations Director who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the back office team. A link to the monthly operational report can be found here: REPORT

Finance Report

From Tom Pappas:

"Attached please find the preliminary (due to Dev Summit 2017 not completely closed out yet) OWASP Combined (Converted to USD for all reports) financial pkg for July 2017 which represents financial performance through seven months of 2017.  I have used the approved version of the Budget for a comparison. 

Here is a summary of the Activity YTD. All amounts are combined with the EU and converted to USD in these reports:   

Income Statement: 

Revenue:  On an accrual basis, total revenue YTD through Jul 2017 was $1.423.8 million as compared to a plan of $1,196 million.  The results are a $227.7K ahead of plan as of 7.31.17, due primarily to APSEC Cali being over vs APSEC EU being under budget. 

Expenses:   Total spending YTD was over plan by $50.1Kk due the Over Spending on Conference and Chapters offset by underspending in Community outreach (Marketing), Professional services (No Wiki proj spending) and Grant expense.

Net Income/Loss:  YTD on a combined Accrual basis we are at a loss of $252.9K vs a budgeted LOSS of $430.6K for a net gain to the budget of $177.6K.  I want to add some caution here as Apsec EU 2017 was about $57K underbudget.  We also, more than ever need Apsec 2017 US to be a success (meet or exceed Bud of $585K net income or the total 2017 budgeted loss of $235K will be more, though it is not looking like we will achieve this) and we just agreed to $45K for the ED search so we need to continue to monitor revenue and spending VERY closely as we move throughout the rest of 2017.  

Chapter Funds: On an accrual basis, as of 7.31.17 The US Bal is $758.5K, while down a couple of thousand dollars from last month is still a large draw on funds.  This is an issue that is only going to magnify as our events continue to be successful.  Chapter balances will continue to grow to a point where they exceed the amount of cash OWASP has on hand in its Bank accounts, which could happen as soon Aug 2017.  Also, the EU Ch was up a couple of thousand dollars at $74.8K balance.  I also ran the Proj balances and they are now Combined at $114.4K vs the $95K at the end of June.

POINTS of NOTE:

About APSEC EU 2017, I am told there are a few minor stragglers for minor bills to fully close it out in Aug 17 but as of now please review the APSEC EU 2017 tab, as we were about $84K under in revenue and $27K Under in expense (if no more come in) which takes us to <$57K> in Net income, which is being offset by other events such as Apsec Cali.  As noted in previous months not sure that will continue, so Spending should still be monitored and we need to have Apsec US in Sept meet or exceed the budget of $585K Net income.

There are a couple of points I want to highlight.  The first is about cash while we had $1.68 million in the bank (if we add in half of the Open AR of $172K the balance would be $1.872 million to be conservative). Factoring in accounts payable, Credit Card chgs and VAT payable for the Italian event in 2016 that is over $673K, it takes cash down to about $1.07 Million.  So while not a true cash flow issue, yet, if you take out the Ch balance of $833K and the Proj balance of $115K it leaves us with just about $60K of liquid Oper cash.  Now add that to half the open AR of $172K we have about $230K of Oper. reserves.  I just want to keep this on EVERONE’s radar as we move forward ad this leaves our Oper. cash reserve at .75 months and when we add in half the open AR it takes us to just about 3 months, again this needs to continue to be monitored closely."

OLD BUSINESS


NEW BUSINESS

[Martin] For Vote:
1. Approve the OWASP Summit 2018 venue contract (see email Seba http://lists.owasp.org/pipermail/owasp-board/2017-September/018332.html)
2. Recognize the OWASP Summit 2018 as a global event with equal staff support as for a Global AppSec conference
3. Set aside 100.000 USD as seed fund for the OWASP Summit 2018 to cover travel for selected working-session organizers

[Andrew] For discussion

  1. Chapter and project balances - We can't put off finance reform any longer, we need to make changes to the way projects and chapters are funded
  2. Operational reserves - How do we get back to six months of operational reserves
  3. Accounts receivable - need to work on getting aged receivables fixed

[Matt T] For Vote:

Clarification/modification of change approved in the August 9th Board Meeting to handle minor payables

Modification: The original proposal removed the board approval from specific types of reimbursements and payables. However, the intent of the change (streamlining payments) was blocked by the need for board members (Chairman or Treasurer) to "release" the funds from the US bank account. The proposed modification would allow for the release of funds from the US bank for any of the specific reimbursement categories below. As we are currently doing, the details of all payables will be sent to the board during the bi-monthly payment batches so the board is apprised of all payables regardless of the categories below.

Previous wording from the August meeting is below for reference. Changes to the original text are underlined.

{previous proposal start}

  • Proposed: Adjust approval processes to meet operational needs as outlined below. [Matt Tesauro] Also supported by Matt Konda.
    • Remove board approval and funds release for any expense that meets any one of the criteria below
      • Reimbursement from chapter/project funds which have a sufficient balance capped at $10k
      • Routine expenses who already have budget allocated e.x. mobile phone bill capped at $10k
      • Expenses under $10k which O&A Committee have approved and are already budgeted
      • Payroll expenses that
        • Are the same as the past month’s salary (e.g. same as always) since
          • For salaried staff, payroll expense is fixed
          • For hourly staff, hours will be approved by Matt Tesauro
        • Treasurer will review all salary payments on at least a quarterly basis
      • Board must approve any changes to payroll outside the above conditions

Since the board has already voted for budgeted, normal expenses and we WANT the community to spend down any chapter/project funds, I don't see benefit in the board re-approving the actual pend on the categories above.

Benefit: Allow payables to be handled more efficiently and in a stream-lined fashion for routine and already budgeted items so that the board is removed from day-to-day operational issues.

{previous proposal end}

[Matt Konda]

[Andrew and Tom Pappas] For Discussion

  • 2018 Budget Discussion

[Andrew van der Stock] - AppSec AU Debrief

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

2018 AppSecEU and AppSecUSA Locations

Board Votes vs. YTD Actions

ADJOURNMENT