Feb 18, 2004 last year, over 4,500 businesses completed the bsa s software audit return. Software piracy is big business and bad for it as a whole, so someone has to police it. Assist in the development of the risk assessment for the audit universe and development of the audit plan that correlates with the risk assessment. Bsa is the leading advocate for the global software industry before governments and in the international marketplace. We are driven to excellence in all areas of our business by focusing 100% of our efforts on solving customers problems, creating deep and lasting customer.
Firms around the world have increased their resources to protect against money laundering and terrorist financing. Audit program bank secrecy act and antimoney laundering 5. It is common practice for the bsa to unbundle software suites and account for each program individually. Responding to software audits by the bsa, siia and other. Software license compliance audit fort worth, texas. No two institutions face the same set of aml risks, and your program. Prepare an audit engagement letter and distribute to appropriate management. How to respond to a bsa or siia software audit letter. Audit program bank secrecy act and antimoney laundering. Last year, over 4,500 businesses completed the bsas software audit return. Decades later, we are the leading municipal software. The bsa dedicates a substantial portion of its revenue marketing on radio stations and the. Although it may read like a bad joke or a scam, infact it is a frequent practice by software vendors or their agents such as the bsa or siia software and information industry. Yes, independent testing of bank secrecy act compliance is required by each of the bank regulatory agencies.
Bsa licensing audits following on from my post about microsoft licensing options, i thought it prudent to cover what may happen if your licensing isnt in order and you end up getting audited. Lucivero, cisa the federal financial institutions examination councils ffiec bank secrecy act bsaantimoney laundering. If your company is facing a software audit, you need experienced counsel to protect your business. Financial institutions are required to be compliant with bsa rules and regulations. Whatever the source, audit software programs should remain under the strict control of the audit department. Have you received an audit letter from bsa business. Determine that the bank provides periodic training for appropriate personnel regarding their responsibilities under bsa aml.
The alliance which includes adobe, cisco, dell, hp, ibm. The bsa s enforcement practices against small to mediumsized businesses have been the subject of numerous articles. A bank must have a bsaaml compliance program commensurate with its respective bsa aml risk profile. Baseline talked to the experts whove directly dealt with the business software alliance, and weve compiled an 8 step guideline process for handling the aftermath of receiving an intimidating.
The audit software covers servers, desktops, notebooks and also can be used via servers. This course will provide information to help individuals determine if the bsa audit functions are being performed adequately and effectively. Lowdermilk, phd abd, cams, crms is a highly experienced and educated bsaaml and financial regulatory compliance professional with extensive policy and procedure. When you buy software to use on the computer it comes with a license. Roland chan, senior director, compliance programs, asiapacific, bsa, said. When you receive a bsa audit letter it is important to understand that the bsa business software alliance is acting on behalf of its member companies. For the last ten years, i have been representing enduser companies nationally in software audit matters initiated by major software publishers including microsoft, adobe, autodesk, ibm and their trade groups. How to handle business software alliance audit demand letters. This time well be a bit more specific as we consider that which ms or the business software alliance bsa, or whoever will expect to see in the event of an audit. The bsa business software alliance represent many vendors, not just microsoft so are the most likely ones to be involved with an audit. Training should include, but not be limited to, tellers, platform, lending personnel, trust personnel, wire room, and bookkeeping personnel. We received a form letter from the business software alliance bsa telling us to. A sound software asset management sam program with regular it audits will.
Tips for handling a microsoft software audit storagecraft blog. Sep 30, 20 once an informant provides a tip, the bsa sends a cease and desist letter andor a letter requesting an audit. All of our cases begin with somebody who comes to us to report. Auditnet, the global resource for auditors provides audit tools, audit templates, audit programs, audit guides, working papers for professional auditors cpa, cia, cfe, cisa to leverage technology and the internet.
The type of audit depends on the circumstances and can be done by the business or conducted by an outside party. Apr 07, 2017 audit plan is defined as the scheme or design prepared by the auditor for conducting an audit, in an effective manner. Protecting your business from a bsa audit and software piracy claims. Bsa software audit will not trigger legal action the register.
We received a form letter from the business software alliance bsa telling us to do a self audit and if we find any unlicensed software to report it during our grace period because if you organizations software is not licensed, it could become to focus of a bsa investigation. With a growing global terrorist and organized crime threat, regulators are focused on aml and related topics such as usa patriot act, bank secrecy act and ofac office of foreign assets. The bsas typical approach is to, at the first instance, demand businessowners to complete a voluntary selfaudit, where business owners must produce a full index of all bsamember. The position requires an extensive knowledge of bsa aml and ofac banking laws and regulations and background in controls or audit best practices. Its not always the bsa that requests or seems to request an audit, though. Keyaudit is a free software audit tool that determines the status of software license compliance. We strategically select each case and carefully oversee our programs to optimize results, minimize risk, and drive revenue. Ffiec bsaaml compliance program bsaaml compliance program.
The bsa unbundles the software suites and attempts to recover up to three times the msrp of each of the components for each installation of allegedly unlicensed software. Mar 12, 2016 here are the top 20 things to think about when you are thinking about how to respond to a software audit letter from the bsa, siia, microsoft, autodesk, adobe or other software publisher. The business software alliance maintains telephone hotlines and a web site to encourage disgruntled employees and vendors to make anonymous reports against companies of all sizes. In installations using advanced software library control systems. Bsa microsoft audit shakedown survivor thought people might find this useful, as when i got our letter informing us of the audit, i couldnt find much in the way of detail. About 2006, the bsa came under fire for offering reward money. For this reason, all documentation, test material, source listings, source and object program modules, and all changes to such programs, should be strictly controlled.
Protecting your business from a bsa audit and software piracy. Assess whether the board of directors and senior management receive adequate reports on bsa aml compliance. Audit library auditnet software compliance and auditing. Lowdermilk, phd abd, cams, crms is a qualified bsaaml and financial regulatory compliance professional with extensive policy and procedure. For this reason, all documentation, test material, source listings, source and object. Its members are among the worlds most innovative companies. Feb 27, 2014 unbundling software suites microsoft office and adobe creative suite are two compilations that are frequently involved in bsa audit matters.
Bsa the software alliance the bsa is an organization that acts on behalf of software publishers to enforce s. We identify, contact, and convert thousands of unlicensed software users into customers every year, strategically leveraging the bsa brand to increase your revenue. Key steps to a successful bsa validation written by. I am an intellectual property attorney in southlake, texas who has handled more than 230 business software alliance audit matters for small to mediumsized companies. A business software alliance team member will provide you with the latest information. Ffiec it examination handbook infobase internal audit program. Bsa audit program audit best practice grc consulting. Having a comprehensive and compliant bsa aml program helps a financial institution to conduct periodic bsa and aml audits. Frequently asked audit questions some typical questions auditors wish to know about. Frequently asked audit questions some typical questions auditors wish to know about software licensing. With a growing global terrorist and organized crime threat, regulators are focused on aml and related topics such as usa patriot act, bank secrecy act and ofac office of foreign assets control. How to respond to a bsa or siia software audit letter without. The position requires an extensive knowledge of bsaaml and ofac banking laws and regulations and background in controls or audit best practices. Here are the top 20 things to think about when you are thinking about how to respond to a software audit letter from the bsa, siia, microsoft, autodesk, adobe or other.
Determine that the bank provides periodic training for appropriate personnel regarding their responsibilities under bsaaml. Baseline shows you how to avoid them altogether in 8 easy steps the fear of a business software alliance bsa audit has caused many a sleepless night among senior executives and it professionals over the past two decades. Update the work program based on changes to the regulation or prior audit recommendations. I work at a small nonprofit that has 18 employees plus a seat computer lab. In addition, a cip must be included as part of the bsaaml compliance program. Bsa software audit will not trigger legal action the. Bsa licensing audits following on from my post about microsoft licensing options, i thought it prudent to cover what may happen if your licensing isnt in order and you end up getting. Baseline shows you how to avoid them altogether in 8 easy steps the fear of a. Decades later, we are the leading municipal software provider in michigan, and are branching out across the u.
The fdic last described its expectations in fil 2996. Key steps to a successful bsa validation accounting, tax. A detailed sam plan helps identify the hardware and software needed to achieve organizational goals. The membership of the organization may undergo changes, which can impact an existing software audit if a member leaves during the course of the audit and the bsa no longer has power of attorney to enforce the s. In 2008, the business software alliance received more than 2,500 reports of illicit use of software by companies in the u. The bsas enforcement practices against small to mediumsized businesses have been the subject of numerous articles.
Audit plan is defined as the scheme or design prepared by the auditor for conducting an audit, in an effective manner. The cfw uses software applications developed by known software companies such as well microsoft, adobe, mcafee and oracle who are members of the bsa global advocacy team. Please note that the investigative process is very thorough and can take several months for significant developments. Ffiec it examination handbook infobase internal audit. What i learned in the last 10 years defending bsa the. Tax administration and property assessment cama software 97% of michigan municipalities use at least one of our property applications. Unbundling software suites microsoft office and adobe creative suite are two compilations that are frequently involved in bsa audit matters. According to bsa, the global annual cost of software piracy. I work for a smallmidsized enterprise shop, under users, and we just finished a bsa audit.
Independent testing should be mandated to take place every 1218 months, although institutions working in particularly high risk areas might consider a more frequent schedule than that. Nov 21, 2014 although it may read like a bad joke or a scam, infact it is a frequent practice by software vendors or their agents such as the bsa or siia software and information industry association to demand that you perform an audit of the software used at your business, report the results, and payup if there is any alleged deficiency in your. Its members are among the worlds most innovative companies, creating software solutions that spark the economy and improve modern life. What to do when you receive a bsa audit letter by ericka chickowski print baseline talked to the experts whove directly dealt with the business software alliance, and weve compiled an 8 step guideline process for handling the aftermath of receiving an intimidating audit letter. Risk assessment link to the bsaaml compliance program. On the other hand, audit programme refers to an exhaustive plan which comprises of a list of verification steps, to be implemented, to the final accounts of the organization, to collect sufficient facts and evidence, so as to. Software policy warning message is a simple way of getting the message to the desktop. It is very important to respond to the bsa audit letter, preferably through your legal counsel. Risk assessment is a pillar of aml compliance and represents a crucial first step in building an effective program.
Jenny blank, north american enforcement programs manager for the business software alliance bsa, explains the bsa s audit process. Here, redmond explores the most harrowing tales of software audits and. Therefore, consider a bsa audit letter to be directly from its members. Recent trends indicate that software publishers are increasingly initiating direct software audits instead of outsourcing the auditing process to. Independent testing for compliance with the bsa and 31 c. The bsa global software survey found that organizations can achieve as much as 30 percent savings in annual software costs by implementing a good sam program. Difference between audit plan and audit programme with. The business software alliance is not afraid to audit your companys software assets and make you pay. Bank secrecy act auditbsa audit best practicesbank. News microsoft has started a program recently in uk that has wide. One of the things we make clear right from the start is that this is a serious matter, jenny blank, programs manager for the bsa said in a. The results of the audit should be reported to and discussed by the board of directors, and duly recorded in the minutes. The bsas typical approach is to, at the first instance, demand businessowners to complete a voluntary selfaudit, where business owners must produce a full index of all bsamember software running on that business network, and provide receipts or other proof of licensed ownership of such software. The audit is used to determine if all the software available for use is properly licensed and paid for by the business.
85 1374 135 1472 460 1222 526 1282 227 879 1249 1595 476 783 550 1316 109 4 1262 536 1117 25 374 435 1202 1466 344 1256 1112 716 206