Rules of Procedure

Expense Policy

Adopted by the Board August 24, 2021

Overview

In fulfilling the mission and business interests of the OWASP Foundation, leaders of Projects, Chapters, Events, Committees, or Foundation staff or the Global Board might incur expenses that may be reimbursable. This policy defines expenses as “petty” cash levels and not significant disbursements or program funding mechanisms.

Generally, the Foundation’s policy is that all community expenses should be “fair and reasonable” as measured by leadership, the community, and non-profit foundations’ standards.

The annual budget process defines the expense categories, and funds are approved and disbursed within those budgetary limits. Projects, Chapters, Events, Committees, Foundation staff, or the Global Board expenses should adhere to this policy wherever possible. In some instances, Chapters, Projects, Events, staff, or the Global Board may have additional discretion depending on pre-approvals or approved budgets and other policies or procedures.

Establishment

Expenses will no longer be tied to chapter or project balances. When this policy is approved, all previous chapter and project balances - positive and negative - will be zeroed out, and the net amount returned to general revenue. Expenses will then be funded solely from the expense pool unless otherwise noted.

Reimbursement Process

Expense reimbursement requests, along with receipts or invoices for each expense, shall be submitted through the OWASP Foundation ticketing system for processing and payment.

  • Leaders must submit reimbursement requests within 60 days of the expense.
  • Fair and reasonable expenses under USD $250 do not require pre-approval and may be submitted by a single leader for any valid chapter, project, committee, or event expense with a valid receipt.
  • Fair and reasonable expenses above USD $250 require pre-approval, dual leader approval (or leader + relevant committee if only one leader), and a valid receipt or invoice. The Foundation will not pay unapproved expenses above USD $250
  • When an expense is expected to be more than $2,500, an invoice is required from the vendor for direct remittance.
  • Expenses must have a short explanation of why the expenses are relevant to a Chapter, Project, Committee, or Event. Expenses must include the Chapter, Project, Committee, Event, or Board name to ensure that your expenses are correctly categorized. Good: “Food & beverage for February 2021 OWASP Sunnydale chapter meeting.” Bad: “Catering.”
  • Requests must include itemized receipts, payment instructions, and supporting documentation.
  • Reimbursements are net banking fees and any applicable taxes.
  • Reimbursements will be made within 30 days, provided the information submitted is approved, complete, and accurate.

Approvals for reimbursements shall follow the signatory limits of the OWASP Foundation.

Please note all reimbursement request information, except payment instructions, will be shared publicly in various accounting reports, and by submitting an expense reimbursement, you agree to that disclosure.

All leaders, chapters, projects, and committees are encouraged to fundraise and seek sponsorships in kind (bartering), donations, or sponsorship to offset higher costs and further our mission.

Exception process

Exception process for denied reimbursements or pre-approvals shall be:

  • Email with narrative and expense information sent to the Treasurer.
  • Proper compliance to policy and extenuating circumstances will be considered.
  • In consultation with the Executive Director, Treasurer will make the final determination.

In some cases, pre-approval that contravenes bylaws, policy, or spending limits may require a Board vote, so allow up to 60 days for this to occur.

Funding

Expenses are available to all Chapters, Projects, Committees, Foundation staff, and the Global Board paid from the expense pool.

The Board funds the expense pool via the annual budget at their sole discretion, topped up by donations, event profit shares, and directed sponsorships. The OWASP Corporate Membership program may in the future include the ability to help fund the expenses pool by directing a portion of the membership fee to selected or all chapters, projects, and committees.

The expense pool has a monthly spend limit. If the monthly limit is exceeded, the Executive Director, Treasurer, or Global Board may choose to bring forward future months or top up the expense pool at their discretion per signatory limits.

Awards and Scholarships will be funded per the Awards and Scholarships Policy via specific sponsorships, donations, or grants and not from the expense pool. Unfunded Awards or Scholarships with no balance cannot reimburse expenses. Awards and Scholarships are not transferrable, and if not used for the nominated purpose, funds are returned to the Expenses pool to further our mission in other ways.

Events can use the reimbursement processes defined below but will be funded via their budget, profit, and loss, governed by the Events Policy. The event expenses will be drawn from the seed funds and income, not the general expense pool. Seeding for events may be funded by the Executive Director or Board at their discretion and within signatory limits per the Events Policy. Grants will be funded through donations, sponsorship, or Board seeding. Expenses from grants will be drawn from the grant until fully drawn down, per the Grants Policy. Unfunded grants or grants with no balance cannot reimburse expenses.

Treatment of donations

Donations to projects, chapters, committees, and events will be added to the expense pool with no administrative fee other than financial institution fees. Events can choose to fund the expense pool with no administrative fee from their net profit split. Restricted donations will be kept separate and are net the OWASP administration fee per the Donations policy.

Large Chapter meeting annual pre-approval

Instead of requiring pre-approvals for every meeting or large expense, chapters should instead submit a yearly Chapter budget to be pre-approved for up to 12 months in advance. A pre-approved Chapter budget eliminates constant pre-approvals, improves certainty, and reduces Leader and Foundation administrative overheads.

Large chapters requiring significant funds per meeting (defined as more than USD $250 per meeting) should submit a budget with all costs and income for pre-approval for up to 12 month’s worth of meetings.

During pre-approval, discussions around costs, value for money, assisting with obtaining bartering and local sponsorships, and more should be expected and discussed to help reduce or offset the costs of these large meetings.

If pre-approval is granted, Chapter leaders can submit each meeting’s expenses above USD $250 in aggregate with co-approval as long as the pre-approval budget has not been exceeded per meeting or in totality.

Chapters can choose to apply for individual pre-approvals per the Reimbursement process but should be aware of the timelines involved with pre-approval and the administrative overhead required.

OWASP Project Grants and Contracting

Projects expenses below USD $2500 must follow the reimbursement process above, with some additional requirements:

Between USD $250 and USD $2500, Projects should use the Grants Policy by preference to encourage accountability for deliverables and obtain sponsorship to assist with pre-approval. Above USD $2500, projects must use grants and not expenses for funding.

Event expenses

Events are required to adhere to the approved Event budget when submitting expenses. Event income from sponsors and registration must come through signed OWASP sponsorship agreements and the OWASP event ticketing/registration system.

Events with an approved budget can process budgeted expenses below USD $250 with a receipt and a single leader approval. For expenses above USD $250 and up to USD $2,500, requires invoices or receipts and leader co-approval. Above $2,500, Event leaders must submit invoices to be paid through OWASP’s invoicing process, again with co-approval. In all cases, the amount to be paid must be within the Event’s approved budget.

Events must follow the Events policy when choosing to out-source activities, contracting local logistics, or out-task activities, such as graphic designers. Travel and Awards and Scholarships Policies apply to Event expenses in these categories.

Variances above the budgeted amount require pre-approval. If an unexpected expense occurs, please submit pre-approval before committing OWASP to pay the expense. The Foundation will not pay unbudgeted or unapproved event expenses.

Fair and Reasonable Expenses

Generally, the Foundation’s policy is that all expenses should be “fair and reasonable” as measured by leadership, the community, and the standards for non-profit foundations. Historical approval of expenses does not obligate the Foundation to approve like expenses in the future.

Those items which are considered fair and reasonable include:

  • Chapter related expense within the defined geographic area of the Chapter
  • Project-specific expenses
  • Event Services, Catering, and Space for Chapter Meetings and Local Events
  • Graphic Design
  • Technical Contractor (i.e., Developer or Technical Editor)
  • Software Licenses
  • Celebratory Gatherings
  • Printing
  • Domain Names

For the items listed above and expenses under USD $250, there are no pre-set limits beyond the “fair and reasonable” test. Expenses not listed and exceeding USD $250 require approval from at least two leaders (or a leader + relevant committee if there is only one leader), and pre-approval by the Executive Director or their designate. When in doubt, individuals requesting expense reimbursement should apply for pre-approval.

The OWASP Foundation does not promote alcohol consumption and expects its staff, members, and partners to use good judgment when entertaining. Alcohol expenses are reimbursable when part of a food bill, provided the alcohol costs are no more than 50% of the total expenses for that Event.

Periodic or Subscription payments expense policy

Committing OWASP to expense periodic or subscription services, such as monthly meeting space subscriptions or annual software licenses, is not permitted without prior approval. Under no circumstances shall a recurring expense last more than 12 months. Pre-approval is more likely if a matching donation or sponsorship accompanies the request.

Shared service expense policy

The OWASP Foundation provides several shared services free of charge or at vastly reduced rates to OWASP projects, chapters, events, committees, and the Board. If someone pays for services already supplied by and paid for by the Foundation, this double payment erodes OWASP’s ability to fund our mission, and as such, these types of expenses are not permitted and will not be reimbursed.

Expenses for the following categories of service will not be reimbursed:

  • Email
  • Shared drive/data storage
  • Online training/classroom
  • Source code management
  • Event scheduling / RSVP
  • Ticket purchasing
  • Video conferencing and webinars
  • Cloud infrastructure and other services

If a project, committee, or Chapter requires a different service than those offered for free by the Foundation, please apply for a grant or pre-approval before committing OWASP to pay for the new shared service. Once we understand your requirements, we can often obtain a non-profit discount or an alternative at a lower cost. We encourage leaders to investigate our shared services before seeking out a new option.

Joining, partnering, sponsoring, funding, or donating to other organizations

Without pre-approval, expenses cannot be used to join, donate, fund, or sponsor any other organization, no matter how worthy or mission-related.

Joining, donating, funding, or sponsoring other organizations requires a partnership agreement approved via a successful grant application.

Travel and Travel Assistance

The Foundation will not process unapproved travel expenses claims under the expenses policy.

If Travel is pre-approved, travel expenses are subject to the reimbursement process laid out above, but in addition:

  • Bundling complete trip expenses into one submission is preferred.
  • When submitting expenses for Travel, please subtotal amounts for Transit (Air/train/taxi), Lodging, and Meals.

Hardware

Capital asset purchases are strongly discouraged, and if over USD $250 require pre-approval by the Executive Director. Grants can be created to buy necessary hardware but require significant justification or sponsorship.

Capital assets under $2,000 purchased by the Foundation will be expensed, not amortized, and shall be removed from Foundation inventory after 12 months of use.

Temporary restrictions take precedence

From time to time, in cases of budget or funding emergencies, or responding to natural disasters or pandemics, fraud, or other issues that pose an existential risk to the Foundation, the OWASP Foundation Executive Director may place temporary restrictions or allowances on permitted expenses, such as personal protective equipment being a fair and reasonable expense during a pandemic or disease outbreak.

Any such allowances or restrictions shall be published in the same place as this policy, publicized to OWASP Leaders.

Temporary restrictions shall be reviewed and updated by the Executive Director every 90 days to ensure that restrictions do not become permanent and bypass approved policies. Temporary restrictions that have not been reviewed within the last 90 days have no force.

Where a published temporary restriction is in place, it takes precedence over this policy until the temporary restriction is retracted or expires.

Sanctions for misuse, abuse, or fraud

It is a very serious matter if you record false or misleading information on expense reimbursements. You may not request reimbursement for expenses that you did not have or that were not business-related. For example, it is prohibited to claim a chapter expense where a Chapter leader can provide no evidence of a meeting or that the expense is required to run a chapter.

Failure to comply with any of the above policies may result in rejected expenses. Severe cases may lead to leadership revocation and future reimbursement requests denied. In the worst cases, fraudulent expense claims may be subject to legal action or referral to local law enforcement or tax authorities.

When in doubt, please request pre-approval.