Compensation Review Operational Policy (DRAFT WIP)

Draft v2024.07.25, for review by the Board of Directors and Executive Director

Operational Policies are adopted by the OWASP Foundation to ensure that the organization operates in a consistent and effective manner. This policy is intended to provide guidance to the organization’s staff and Board on how to implement the organization’s compensation review process. This policy is not intended to be exhaustive and may be supplemented by additional policies and procedures as needed.

Compensation Review Policy

This Compensation Review Policy applies to the Organization’s Chief Employed Executive, Officers, Key Employees, and Disqualified Persons. The purpose of this policy is to ensure the Organization does not engage in any “excess benefit transaction” as defined in Section 4958 of the Internal Revenue Code (“I.R.C.”) and regulations promulgated thereunder.

1. Definitions
   1. Chief Employed Executive – The chief executive officer, executive director, or top management official (i.e., the employee who has ultimate responsibility for implementing the decisions of the Organization’s governing body or for supervising the decisions of the Organization’s governing body or for the supervising the management, administration, or operations of the Organization).
   2. Officer – A person elected or appointed to manage the Organization’s daily operations, such as a president, vice president, secretary, or treasurer. The officers of the Organization are determined by reference to its organizing document, bylaws, or resolutions of its governing body, or as otherwise designated consistent with state law, but at a minimum include those officers required by applicable law. The Organization’s top management official and top financial official (the person who has ultimate responsibility for managing the Organization’s finances) are included as officers.
   3. Key Employee – An employee of the Organization who meets all three of the following tests: (a) $100,000 Test – receives reportable compensation from the Organization and all related organizations in excess of $100,000 for the year; (b) Responsibility Test – the employee (i) has responsibility, powers, or influence over the Organization as a whole that is similar to those of officers, directors, or trustees, (ii) manages a discrete segment or activity of the Organization that represents 10% or more of its activities, assets, income, or expenses of the Organization, as compared to the Organization as a whole, or (iii) has or shares authority to control or determine 10% or more of the Organization’s capital expenditures, operating budget, or compensation for employees; and (c) Top 20 Test – is one of the 20 employees (that satisfy the $100,000 Test and Responsibility Test) with the highest reportable compensation from the Organization and related organizations for the year.
   4. Disqualified Person – Any person (including any management company or entity acting as a consultant or independent contractor) in a position to exercise substantial influence over the affairs of the organization. To be a disqualified person, it is not necessary that the person actually exercise substantial influence, only that the person be in a position to exercise substantial influence. (See Treas. Reg. 53.4958-3T).
2. Compensation Review Process
   1. Review and Approval The compensation of the Chief Employed Executive and each Officer, Key Employee or Disqualified Person shall be reviewed and approved by the board of directors or compensation committee of the Organization, provided that directors or other persons with conflicts of interest with respect to the compensation arrangement at issue shall not be involved in this review and approval.
   2. Use of Comparable Compensation Data The compensation of the Chief Employed Executive and each Officer, Key Employee or Disqualified Person shall be reviewed and approved using data as to comparable compensation for similarly qualified persons in functionally comparable positions at similarly situation organizations.
   3. Contemporaneous Documentation and Recordkeeping There shall be contemporaneous documentation and recordkeeping with respect to the deliberations and decisions regarding the compensation arrangement. The board of directors or compensation committee evaluating such compensation arrangement may, but shall not be required, to use the “Rebuttable Presumption Checklist” or other tools set forth in the Introduction to I.R.C. 4958.