A detailed sam plan helps identify the hardware and software needed to achieve organizational goals. No two institutions face the same set of aml risks, and your program. One of the things we make clear right from the start is that this is a serious matter, jenny blank, programs manager for the bsa said in a. In installations using advanced software library control systems.
Risk assessment is a pillar of aml compliance and represents a crucial first step in building an effective program. Determine that the bank provides periodic training for appropriate personnel regarding their responsibilities under bsa aml. Financial institutions are required to be compliant with bsa rules and regulations. Therefore, consider a bsa audit letter to be directly from its members. The alliance which includes adobe, cisco, dell, hp, ibm. The position requires an extensive knowledge of bsaaml and ofac banking laws and regulations and background in controls or audit best practices. The membership of the organization may undergo changes, which can impact an existing software audit if a member leaves during the course of the audit and the bsa no longer has power of attorney to enforce the s. Bsa software audit will not trigger legal action the. Lucivero, cisa the federal financial institutions examination councils ffiec bank secrecy act bsaantimoney laundering. What i learned in the last 10 years defending bsa the.
Frequently asked audit questions some typical questions auditors wish to know about. We strategically select each case and carefully oversee our programs to optimize results, minimize risk, and drive revenue. Baseline talked to the experts whove directly dealt with the business software alliance, and weve compiled an 8 step guideline process for handling the aftermath of receiving an intimidating. The bsas typical approach is to, at the first instance, demand businessowners to complete a voluntary selfaudit, where business owners must produce a full index of all bsamember. The type of audit depends on the circumstances and can be done by the business or conducted by an outside party. A sound software asset management sam program with regular it audits will. The bsas enforcement practices against small to mediumsized businesses have been the subject of numerous articles. I work at a small nonprofit that has 18 employees plus a seat computer lab.
Audit program bank secrecy act and antimoney laundering. For this reason, all documentation, test material, source listings, source and object program modules, and all changes to such programs, should be strictly controlled. Bsa is the leading advocate for the global software industry before governments and in the international marketplace. Protecting your business from a bsa audit and software piracy claims. Tips for handling a microsoft software audit storagecraft blog. Decades later, we are the leading municipal software provider in michigan, and are branching out across the u.
Independent testing for compliance with the bsa and 31 c. Bsa audit program audit best practice grc consulting. The position requires an extensive knowledge of bsa aml and ofac banking laws and regulations and background in controls or audit best practices. If your company is facing a software audit, you need experienced counsel to protect your business. The audit software covers servers, desktops, notebooks and also can be used via servers. Bank secrecy act auditbsa audit best practicesbank. Tax administration and property assessment cama software 97% of michigan municipalities use at least one of our property applications. Ffiec it examination handbook infobase internal audit program. Audit program bank secrecy act and antimoney laundering 5. Risk assessment link to the bsaaml compliance program. Software policy warning message is a simple way of getting the message to the desktop. Firms around the world have increased their resources to protect against money laundering and terrorist financing.
In addition, a cip must be included as part of the bsaaml compliance program. Decades later, we are the leading municipal software. When you buy software to use on the computer it comes with a license. It is common practice for the bsa to unbundle software suites and account for each program individually. The bsa unbundles the software suites and attempts to recover up to three times the msrp of each of the components for each installation of allegedly unlicensed software. This time well be a bit more specific as we consider that which ms or the business software alliance bsa, or whoever will expect to see in the event of an audit. What to do when you receive a bsa audit letter by ericka chickowski print baseline talked to the experts whove directly dealt with the business software alliance, and weve compiled an 8 step guideline process for handling the aftermath of receiving an intimidating audit letter.
For this reason, all documentation, test material, source listings, source and object. According to bsa, the global annual cost of software piracy. I am an intellectual property attorney in southlake, texas who has handled more than 230 business software alliance audit matters for small to mediumsized companies. Key steps to a successful bsa validation written by. Protecting your business from a bsa audit and software piracy.
Bsa microsoft audit shakedown survivor thought people might find this useful, as when i got our letter informing us of the audit, i couldnt find much in the way of detail. With a growing global terrorist and organized crime threat, regulators are focused on aml and related topics such as usa patriot act, bank secrecy act and ofac office of foreign assets control. Responding to software audits by the bsa, siia and other. Please note that the investigative process is very thorough and can take several months for significant developments. We received a form letter from the business software alliance bsa telling us to do a self audit and if we find any unlicensed software to report it during our grace period because if you organizations software is not licensed, it could become to focus of a bsa investigation. In 2008, the business software alliance received more than 2,500 reports of illicit use of software by companies in the u. Its members are among the worlds most innovative companies. About 2006, the bsa came under fire for offering reward money.
Whatever the source, audit software programs should remain under the strict control of the audit department. The business software alliance is not afraid to audit your companys software assets and make you pay. On the other hand, audit programme refers to an exhaustive plan which comprises of a list of verification steps, to be implemented, to the final accounts of the organization, to collect sufficient facts and evidence, so as to. Ffiec bsaaml compliance program bsaaml compliance program. Bsa the software alliance the bsa is an organization that acts on behalf of software publishers to enforce s. Its not always the bsa that requests or seems to request an audit, though. Recent trends indicate that software publishers are increasingly initiating direct software audits instead of outsourcing the auditing process to.
We are driven to excellence in all areas of our business by focusing 100% of our efforts on solving customers problems, creating deep and lasting customer. The results of the audit should be reported to and discussed by the board of directors, and duly recorded in the minutes. Although it may read like a bad joke or a scam, infact it is a frequent practice by software vendors or their agents such as the bsa or siia software and information industry. Having a comprehensive and compliant bsa aml program helps a financial institution to conduct periodic bsa and aml audits. Determine that the bank provides periodic training for appropriate personnel regarding their responsibilities under bsaaml. Roland chan, senior director, compliance programs, asiapacific, bsa, said. Lowdermilk, phd abd, cams, crms is a qualified bsaaml and financial regulatory compliance professional with extensive policy and procedure. Keyaudit is a free software audit tool that determines the status of software license compliance. Sep 30, 20 once an informant provides a tip, the bsa sends a cease and desist letter andor a letter requesting an audit. How to handle business software alliance audit demand letters. Frequently asked audit questions some typical questions auditors wish to know about software licensing. Feb 18, 2004 last year, over 4,500 businesses completed the bsa s software audit return. Software license compliance audit fort worth, texas. How to respond to a bsa or siia software audit letter without.
All of our cases begin with somebody who comes to us to report. News microsoft has started a program recently in uk that has wide. Ffiec it examination handbook infobase internal audit. Prepare an audit engagement letter and distribute to appropriate management. Audit plan is defined as the scheme or design prepared by the auditor for conducting an audit, in an effective manner. Update the work program based on changes to the regulation or prior audit recommendations. The bsa global software survey found that organizations can achieve as much as 30 percent savings in annual software costs by implementing a good sam program. Bsa software audit will not trigger legal action the register. Assess whether the board of directors and senior management receive adequate reports on bsa aml compliance. Its members are among the worlds most innovative companies, creating software solutions that spark the economy and improve modern life.
A bank must have a bsaaml compliance program commensurate with its respective bsa aml risk profile. Nov 21, 2014 although it may read like a bad joke or a scam, infact it is a frequent practice by software vendors or their agents such as the bsa or siia software and information industry association to demand that you perform an audit of the software used at your business, report the results, and payup if there is any alleged deficiency in your. I work for a smallmidsized enterprise shop, under users, and we just finished a bsa audit. Feb 27, 2014 unbundling software suites microsoft office and adobe creative suite are two compilations that are frequently involved in bsa audit matters. Yes, independent testing of bank secrecy act compliance is required by each of the bank regulatory agencies. Lowdermilk, phd abd, cams, crms is a highly experienced and educated bsaaml and financial regulatory compliance professional with extensive policy and procedure. Most bsa audits begin with a report from a disgruntled employee or former employee. Auditnet, the global resource for auditors provides audit tools, audit templates, audit programs, audit guides, working papers for professional auditors cpa, cia, cfe, cisa to leverage technology and the internet. Baseline shows you how to avoid them altogether in 8 easy steps the fear of a business software alliance bsa audit has caused many a sleepless night among senior executives and it professionals over the past two decades.
How to respond to a bsa or siia software audit letter. We identify, contact, and convert thousands of unlicensed software users into customers every year, strategically leveraging the bsa brand to increase your revenue. A business software alliance team member will provide you with the latest information. It is very important to respond to the bsa audit letter, preferably through your legal counsel. Independent testing should be mandated to take place every 1218 months, although institutions working in particularly high risk areas might consider a more frequent schedule than that. The business software alliance maintains telephone hotlines and a web site to encourage disgruntled employees and vendors to make anonymous reports against companies of all sizes. Bsa licensing audits following on from my post about microsoft licensing options, i thought it prudent to cover what may happen if your licensing isnt in order and you end up getting audited. When you receive a bsa audit letter it is important to understand that the bsa business software alliance is acting on behalf of its member companies. The cfw uses software applications developed by known software companies such as well microsoft, adobe, mcafee and oracle who are members of the bsa global advocacy team. Unbundling software suites microsoft office and adobe creative suite are two compilations that are frequently involved in bsa audit matters. Apr 07, 2017 audit plan is defined as the scheme or design prepared by the auditor for conducting an audit, in an effective manner. Jenny blank, north american enforcement programs manager for the business software alliance bsa, explains the bsa s audit process.
For the last ten years, i have been representing enduser companies nationally in software audit matters initiated by major software publishers including microsoft, adobe, autodesk, ibm and their trade groups. Mar 12, 2016 here are the top 20 things to think about when you are thinking about how to respond to a software audit letter from the bsa, siia, microsoft, autodesk, adobe or other software publisher. Audit library auditnet software compliance and auditing. We received a form letter from the business software alliance bsa telling us to. Here are the top 20 things to think about when you are thinking about how to respond to a software audit letter from the bsa, siia, microsoft, autodesk, adobe or other.
Bsa licensing audits following on from my post about microsoft licensing options, i thought it prudent to cover what may happen if your licensing isnt in order and you end up getting. The bsa business software alliance represent many vendors, not just microsoft so are the most likely ones to be involved with an audit. Assist in the development of the risk assessment for the audit universe and development of the audit plan that correlates with the risk assessment. The bsa dedicates a substantial portion of its revenue marketing on radio stations and the. The bsas typical approach is to, at the first instance, demand businessowners to complete a voluntary selfaudit, where business owners must produce a full index of all bsamember software running on that business network, and provide receipts or other proof of licensed ownership of such software. Training should include, but not be limited to, tellers, platform, lending personnel, trust personnel, wire room, and bookkeeping personnel. Have you received an audit letter from bsa business. An effective aml compliance program should build in a schedule of independent testing and auditing by thirdparty organizations. Here, redmond explores the most harrowing tales of software audits and. Key steps to a successful bsa validation accounting, tax.
Difference between audit plan and audit programme with. Last year, over 4,500 businesses completed the bsas software audit return. Baseline shows you how to avoid them altogether in 8 easy steps the fear of a. This course will provide information to help individuals determine if the bsa audit functions are being performed adequately and effectively. The audit is used to determine if all the software available for use is properly licensed and paid for by the business. With a growing global terrorist and organized crime threat, regulators are focused on aml and related topics such as usa patriot act, bank secrecy act and ofac office of foreign assets. The fdic last described its expectations in fil 2996.
1170 1395 232 420 1454 1245 488 170 1567 1367 494 1277 128 912 1407 1036 532 1559 1581 1504 426 227 1097 1361 523 58 1240 1376 158 316 1142 1055 452 1099 683 1003 239