Rules of Procedure

Expense Policy (Draft WIP)

This is a DRAFT or SUBSTANTIALLY MODIFIED existing policy currently in an open review period. Please respond with your comments and inputs regarding this page or directly submit a pull request.

Overview

In the course of fulfilling the mission and business interests of the OWASP Foundation, members, staff, and partners will incur expenses that may be reimbursable. Generally, the policy of the Foundation is that all expenses should be “fair and reasonable” as measured by leadership, the community, and the standards for non-profit foundations. Expense categories are defined by the annual budget process and funds are approved and disbursed within those budgetary limits.

Fair and Reasonable Expenses

Generally, the policy of the Foundation is that all expenses should be “fair and reasonable” as measured by leadership, the community, and the standards for non-profit foundations. Historical approval of expenses does not obligate the Foundation to appoval like expenses in the future. Those items which are considered fair and reasonable include:

  • Chapter Specific
    • Event Services, Catering, and Space for Chapter Meetings
  • Project Specific
    • Graphic Design
    • Technical Contractor
    • Software Licenses
  • Applicable to Chapters, Projects and Committees
    • Annual Celebratory Leader Gatherings
    • Printing
    • Domain Names

There are no pre-set limits for most expense beyond the “fair and reasonable” test; however, it is the responsibility of those incurring an expense to:

  • Obtain pre-approval of any planned expense likely to exceed $2,500
  • When an expense is expected to be more than $5,000, an invoice is required from the vendor for direct remittance.

The OWASP Foundation does not condone the consumption of alcohol and expects its staff, members, and partners to use good judgment when entertaining. Alcohol expenses are reimbursable when part of a food bill provided the alcohol costs are no more than 50% of the total expenses for that event.

Travel

Good business judgment is always expected when determining the need to travel on behalf of the Foundation where reimbursement is expected. The OWASP Foundation will reimburse travel expenses incurred on behalf of the Foundation for:

  • Board members when traveling to Board Meetings and OWASP Global AppSec conferences
  • Keynote speakers for approved OWASP conference at their respective speaking opportunity
  • Guest speakers, when pre-approved by the Executive Director, for Chapter Events.
  • Staff on general business for the Foundation

Travel which is explicitly not reimbursable includes leaders or members attending OWASP Conferences unless as a keynote speaker or in an official capacity as a Director of the Foundation.

Travel expenses include but are not limited to economy airfare, or premium economy if the flight is greater than seven hours, ground transportation, parking, food & beverage, lodging, and other daily business-related expenses. Travel bookings, whenever possible, should be made no later than 21 days prior to departure to reduce costs. When arranging airfare for extended trips, including a weekend night stay at the convenience of the Foundation may result in a cost savings. Extra lodging expenses in these particular extended trip cases may be reimbursable and require pre-approval with additional documentation.

In cases where lodging is pre-arranged and direct billed by the Foundation as part of a room block, reimbursement requests for alternative lodging will be denied. Travel benefits are not transferable.

Reimbursement Process

Expenses, along with receipts for reimbursement, shall be submitted through the OWASP Foundation ticketing system for processing and payment. Please note ALL reimbursement request information, except payment instructions, will be shared publicly in various accounting reports and by submitting an expense reimbursment, you agree to that disclosure.

  • Reimbursement requests must be submitted within 60 days of the expense.
  • Requests must include receipts, payment instructions, and supporting documentation.
  • Wire transfer reimbursements are net banking fees.
  • Service Level Agreement (SLA) for reimbursements is 22 days provided the information submitted is complete and accurate.
  • Bundling complete trip expenses into one submission is preferred.
  • When submitting expenses for travel, please subtotal amounts for Transit (Air/train/taxi), Lodging, and Meals.

Approvals for reimbursments shall follow the Signatory Guidelines of the OWASP Foundation. Exception process for denied reimbursments shall be:

  • Email with narrative and expense information sent to the Treasurer
  • Proper compliance to policy and extenduating circumstanced wll be considered.
  • In consultation with the Executive Directr, Treasurer will make final determination

Our policies explicitly prohibit expenses and reimbursement behavior that personally enrich its Board, leaders, members, staff, or partners. It is a very serious matter if you record false or misleading information on expense reimbursements. You may not request reimbursement for expenses that you did not have or that were not business-related.

Travel Assistance Programs

From time to time, the OWASP Foundation will budget funds for leaders and members to travel while furthering the mission of the Foundation. All travel reimbursed through the Travel Assistance Program must be pre-approved. The Executive Director along with the Treasurer will define the requirements and limits, along with the process for participating in these programs.

Hardware

Capital asset purchases for chapters and proejcts is strongly discouraged and if over $250 requires pre-approval. The primary reason for this policy is the complexity of warehousing and asset tracking. Capital assets under $2,000 purchased by the Foundation will be expensed and not amortized.

OWASP Project Contracting

All OWASP Projects are started with the understanding that they will be volunteer run, and they must remain volunteer run.

In the event that a project’s Leaders decide they would like to hire a contractor to work on a particular aspect of the project, for instance user interface design, then the Project Leaders must manage the recruitment, contracting, and payment on a task/work assignment basis. Contractors must be paid upon satisfactory completion of the task/work assignment and execute a completed OWASP Foundation Consulting Agreement.

Failure to comply with any of the above policies may result in expenses, and in particular you reimbursement request, being denied.