[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: questions about audit and budget processes



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 02/03/16 11:38, martin f krafft wrote:
> Daniel,
> 
> the points you bring up are hardly new. You are also mostly
> talking about keeping books, not auditing.
> 
> The biggest problem with keeping books seems to be that it's a
> merciless and boring job, but one that needs to be done without
> fail (or else it's about as useful as not doing it at all). This is
> why I've argued in the past that we should not rely on volunteers
> to do this, but instead outsource it to a third party, and
> establish procedures to require trusted organisations to send their
> reports there regularly or get their trust revoked.
> 

The idea of outsourcing it seems fine, many people would probably have
a preference for the data to be kept on Debian infrastructure though.

A book-keeper could be hired anywhere in the world, it doesn't have to
be done in a location with high wage costs.

SF Conservancy and SPI currently do some book-keeping for other
organizations don't they?  If they can work on a percentage of
revenue/donations then that doesn't create any long-term obligation
for Debian.


> Or would you be willing to invest all the time required to bring
> our books to status quo, such that it even makes sense for us to
> start keeping them properly?
> 

Ideally, it would be good to have developers/volunteers involved in
one-off efforts and the repetitive stuff outsourced.

For example, setting up a web-application for expense tracking is a
one-off project (hopefully).  Taking some existing solution and
generalizing it to the point where it meets the expectations of all
the trust organizations could be an interesting project for a GSoC
student.

> In my opinion, neither a balance sheet nor a P&L statement make
> any sense and would be far too difficult to create and maintain.
> We wouldn't even know what standard to us. IFRS? US-GAAP? Neither
> of those are particularly applicable to an organisation of our
> nature.
> 

Are you really sure that these statements are not useful?  Can you
give any example of organizations that don't find them useful?

> I think we should stick to a simple ledger and publish a
> simplified, categorised income&expenditures list at regular
> intervals. If done sensibly in hledger, then you get a useful
> balance sheet for free.
> 

Agreed - a ledger is typically the input for both the balance sheet
and the P&L.


>> e) just looking at the SPI balance sheet[4], the amount of money 
>> that appears to be held in trust appears to be far higher than 
>> actual expenditure.
> 
> Yes. See
> https://lists.debian.org/debian-project/2015/03/msg00020.html for
> my explanation. In short, I think we're too cautious to spend 
> "substance" and merely scrape by each year with minimum effort. If
> we had a dependable cash flow, we could easily and would spend more
> money on sprints etc..
> 

It is not just caution, I suspect that it requires people to make some
noise about it and put some process in place to encourage some spending.

E.g. if the DPL says "I want to spend $30,000 this year, give me all
your ideas" and people put them in a spreadsheet and then they get
prioritized.

This should also involve feedback and transparency to donors - "Look
at what we did, look at all the leftover ideas we have for things we
could spend money on if we receive more donations next year"


>> Should the DPL delegate a team to specifically look after long
>> term investment of money that Debian doesn't have any immediate
>> plans for?
> 
> IMHO no.
> 
>> Simply keeping such large amounts of money in a bank deposit at 
>> minimal interest rates appears comparable to using a default 
>> password but making decisions about such money should be
>> something that is separate from the audit team.
> 
> I disagree, especially given the low inflation levels. We also
> have nowhere near enough money to implement a sensibly balanced, 
> conservative asset strategy, nor do we have a liquidity plan or 
> long-term vision as to what to do with those funds.
> 
> Anyway, a reasonable investment strategy for Debian with enough 
> flexibility wouldn't get us more than 2–3% p.a. in interest. Even
> if you went ahead to invest 3/4 of our liquidity in such asset
> classes, we're talking about 7k p.a. in interest, minus the fees
> and time required for management. IMHO, that's not worth the
> effort, nor the discussions.

People are already willing to volunteer their efforts for just about
every other aspect of Debian, such as making software, running events,
list management, repository hosting and it could be argued that none
of that is necessary because we could just use Github, Sourceforge and
Twitter.  Why wouldn't people also potentially volunteer some time for
portfolio management?

> I'd much rather see marketing efforts increase and us building a
> cash flow, then learning how to spend it, and then slowly reducing
> our substance to a more reasonable level, e.g. through
> (interest-free) lending of a large fraction of it to the
> FSConservancy, or so…
> 

Personally I'd rather avoid seeing Debian become either a lender or
borrower, unless the transaction was very conservative or highly
strategic.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW2EehAAoJEGxlgOd711bESu0QAKsKzSKuLfYYdFCazzAC4+ei
Vh1CZI9Bbzjabuw8plSe/rP47dbzaj6paBEfjszqxXOREimJ5r5XUV8PB7g2NrmN
EexzkFVXUGiXuoRZJQygZuy/HD43rtImmJuY8nYhnZIIuB5RVzZsgZW9kBpoLeS5
bPnsHFJBsTprQRw22wv8rGaVJJR1q71bcsR9b8bC+0aT+u2xCYFu/tTiTH45/1N7
coUGtELkYzY30SqmTLe0sVGxlkiWbnVhso1TMUW4pxUCTTEqjkaUc95ilA7pA3ON
wxvQT89WZdKffYQGhLSDfFB9mb92emyGUn6xpaAOizlTdqIQLjRWvBl309Ijr+4U
XK6b3a1gYn6S3jRxsK/nwe/JCn0cgwqZWmETr+OzI6W+sjEeSPDoFwcWdcB6MjFa
cPgLrb7GOqcZJxFgzIPozZ9eu5G0ChxLR29X7kWG2BYZN+qpPZZimvbMjK+ZnALE
QBlDMNIGWHATaEZrMx/HnQnPAFYFYJzHGwo7pDoKrdbPvfxqSquWmsZkNLtODCUo
SWM3ojkJRlIIt/GSvzJh+dlhUsJFwfonQGdo5MJUxyvRKjgrlmeNaBvW7iNIFh3l
vQvCP2udznQ4ZxH3x+Ltwgpn/EFGgDxvWnmDk+4/xQKtE8XFpkzqqK08pbnBeWwG
Z0Bag/iYOnSh7vK4t0RL
=yP3W
-----END PGP SIGNATURE-----


Reply to: