Rules of Procedure

Expense Policy (Draft WIP)

Members are invited to provide feedback on this draft policy until September 02, 2020. The Policy Review Team will respond to comments mailed from your email address to this address.


In the course of fulfilling the mission and business interests of the OWASP Foundation, members, staff, and partners will incur expenses that may be reimbursable. Generally, the policy of the Foundation is that all expenses should be “fair and reasonable” as measured by leadership, the community, and the standards for non-profit foundations. Expense categories are defined by the annual budget process and funds are approved and disbursed within those budgetary limits.

Fair and Reasonable Expenses

Generally, the policy of the Foundation is that all expenses should be “fair and reasonable” as measured by leadership, the community, and the standards for non-profit foundations. Historical approval of expenses does not obligate the Foundation to approval like expenses in the future. Those items which are considered fair and reasonable include:

  • Chapter Specific
    • Event Services, Catering, and Space for Chapter Meetings
  • Project Specific
    • Graphic Design
    • Technical Contractor
    • Software Licenses
  • Applicable to Chapters, Projects and Committees
    • Annual Celebratory Leader Gatherings
    • Printing
    • Domain Names

Provided sufficient Chapter or Project balances, there are no pre-set limits for most expense beyond the “fair and reasonable” test; however, it is the responsibility of those incurring an expense to:

  • No later than 30 days prior to the expense, obtain pre-approval of any planned expense likely to exceed $2,500
  • When an expense is expected to be more than $5,000, an invoice is required from the vendor for direct remittance.

The OWASP Foundation does not promote the consumption of alcohol and expects its staff, members, and partners to use good judgment when entertaining. Alcohol expenses are reimbursable when part of a food bill provided the alcohol costs are no more than 50% of the total expenses for that event.


Good business judgment is always expected when determining the need to travel on behalf of the Foundation where reimbursement is expected. The OWASP Foundation will reimburse travel expenses incurred on behalf of the Foundation for:

  • Board members when traveling to Board Meetings and OWASP Global AppSec conferences
  • Keynote speakers for approved OWASP conference at their respective speaking opportunity
  • Guest speakers, when pre-approved by the Executive Director
  • Staff on general business for the Foundation

Travel which is explicitly not reimbursable includes leaders or members attending OWASP Conferences unless as a keynote speaker or in an official capacity as a Director of the Foundation.

Travel expenses include but are not limited to economy airfare, or premium economy if the flight is greater than seven hours, ground transportation, parking, food & beverage, lodging, and other daily business-related expenses. Travel bookings, whenever possible, should be made no later than 21 days prior to departure to reduce costs.

In cases where lodging is pre-arranged and direct billed by the Foundation as part of a room block, reimbursement requests for alternative lodging will be denied. Travel benefits are not transferable.

Reimbursement Process

Expenses, along with receipts for reimbursement, shall be submitted through the OWASP Foundation ticketing system for processing and payment. Please note ALL reimbursement request information, except payment instructions, will be shared publicly in various accounting reports and by submitting an expense reimbursment, you agree to that disclosure.

  • Reimbursement requests must be submitted within 60 days of the expense.
  • Requests must include itemized receipts, payment instructions, and supporting documentation.
  • Wire transfer reimbursements are net banking fees.
  • Reimbursements will be made within 30 days provided the information submitted is approved, complete, and accurate.
  • Bundling complete trip expenses into one submission is preferred.
  • When submitting expenses for travel, please subtotal amounts for Transit (Air/train/taxi), Lodging, and Meals.

Approvals for reimbursments shall follow the Signatory Guidelines of the OWASP Foundation. Exception process for denied reimbursments shall be:

  • Email with narrative and expense information sent to the Treasurer
  • Proper compliance to policy and extenuating circumstances will be considered.
  • In consultation with the Executive Director, Treasurer will make final determination

It is a very serious matter if you record false or misleading information on expense reimbursements. You may not request reimbursement for expenses that you did not have or that were not business-related.

Travel Assistance Programs

From time to time, the OWASP Foundation will budget funds for Leaders and Members to travel while furthering the mission of the Foundation. All travel reimbursed through the Travel Assistance Program must be pre-approved. The Executive Director along with staff will define the requirements and limits, along with the process for participating in these programs.


Capital asset purchases for chapters and projects are strongly discouraged and if over $250 requires pre-approval by the Executive Director. The primary reason for this policy is the complexity of warehousing and asset tracking. Capital assets under $2,000 purchased by the Foundation will be expensed and not amortized, additionally capital assets under $1,000, when purchased for staff or contractor business use, are removed from Foundation inventory after 12 months of use.

OWASP Project Contracting

All OWASP Projects are started with the understanding that they will be volunteer run, and they must remain volunteer run.

In the event that a Project’s Leaders decide they would like to hire a contractor to work on a particular aspect of the project, for instance user interface design, then the Project Leaders must manage the recruitment, contracting, and payment on a task/work assignment basis. Contractors must be paid upon satisfactory completion of the task/work assignment and execute a completed OWASP Foundation Consulting Agreement.

Failure to comply with any of the above policies may result in expenses, and in particular you reimbursement request, being denied.