Decades later, we are the leading municipal software provider in michigan, and are branching out across the u. Frequently asked audit questions some typical questions auditors wish to know about software licensing. Risk assessment is a pillar of aml compliance and represents a crucial first step in building an effective program. The audit software covers servers, desktops, notebooks and also can be used via servers.
I work for a smallmidsized enterprise shop, under users, and we just finished a bsa audit. We identify, contact, and convert thousands of unlicensed software users into customers every year, strategically leveraging the bsa brand to increase your revenue. Frequently asked audit questions some typical questions auditors wish to know about. The type of audit depends on the circumstances and can be done by the business or conducted by an outside party. An effective aml compliance program should build in a schedule of independent testing and auditing by thirdparty organizations. Keyaudit is a free software audit tool that determines the status of software license compliance. A bank must have a bsaaml compliance program commensurate with its respective bsa aml risk profile. Bsa the software alliance the bsa is an organization that acts on behalf of software publishers to enforce s. Software policy warning message is a simple way of getting the message to the desktop. Audit plan is defined as the scheme or design prepared by the auditor for conducting an audit, in an effective manner. We are driven to excellence in all areas of our business by focusing 100% of our efforts on solving customers problems, creating deep and lasting customer. Difference between audit plan and audit programme with.
This time well be a bit more specific as we consider that which ms or the business software alliance bsa, or whoever will expect to see in the event of an audit. Mar 12, 2016 here are the top 20 things to think about when you are thinking about how to respond to a software audit letter from the bsa, siia, microsoft, autodesk, adobe or other software publisher. Bank secrecy act auditbsa audit best practicesbank. Firms around the world have increased their resources to protect against money laundering and terrorist financing. In 2008, the business software alliance received more than 2,500 reports of illicit use of software by companies in the u. Bsa software audit will not trigger legal action the register. It is common practice for the bsa to unbundle software suites and account for each program individually.
Audit program bank secrecy act and antimoney laundering. With a growing global terrorist and organized crime threat, regulators are focused on aml and related topics such as usa patriot act, bank secrecy act and ofac office of foreign assets. Although it may read like a bad joke or a scam, infact it is a frequent practice by software vendors or their agents such as the bsa or siia software and information industry. The alliance which includes adobe, cisco, dell, hp, ibm. A business software alliance team member will provide you with the latest information. Lowdermilk, phd abd, cams, crms is a qualified bsaaml and financial regulatory compliance professional with extensive policy and procedure. The business software alliance maintains telephone hotlines and a web site to encourage disgruntled employees and vendors to make anonymous reports against companies of all sizes. Determine that the bank provides periodic training for appropriate personnel regarding their responsibilities under bsaaml. One of the things we make clear right from the start is that this is a serious matter, jenny blank, programs manager for the bsa said in a. Yes, independent testing of bank secrecy act compliance is required by each of the bank regulatory agencies. A detailed sam plan helps identify the hardware and software needed to achieve organizational goals. How to respond to a bsa or siia software audit letter without. This course will provide information to help individuals determine if the bsa audit functions are being performed adequately and effectively. Whatever the source, audit software programs should remain under the strict control of the audit department.
A sound software asset management sam program with regular it audits will. Apr 07, 2017 audit plan is defined as the scheme or design prepared by the auditor for conducting an audit, in an effective manner. The position requires an extensive knowledge of bsaaml and ofac banking laws and regulations and background in controls or audit best practices. Feb 18, 2004 last year, over 4,500 businesses completed the bsa s software audit return. Bsa microsoft audit shakedown survivor thought people might find this useful, as when i got our letter informing us of the audit, i couldnt find much in the way of detail. Auditnet, the global resource for auditors provides audit tools, audit templates, audit programs, audit guides, working papers for professional auditors cpa, cia, cfe, cisa to leverage technology and the internet. Please note that the investigative process is very thorough and can take several months for significant developments. Protecting your business from a bsa audit and software piracy. The business software alliance is not afraid to audit your companys software assets and make you pay. The fdic last described its expectations in fil 2996. The bsas typical approach is to, at the first instance, demand businessowners to complete a voluntary selfaudit, where business owners must produce a full index of all bsamember. The results of the audit should be reported to and discussed by the board of directors, and duly recorded in the minutes. Lucivero, cisa the federal financial institutions examination councils ffiec bank secrecy act bsaantimoney laundering. Risk assessment link to the bsaaml compliance program.
Independent testing for compliance with the bsa and 31 c. Key steps to a successful bsa validation accounting, tax. On the other hand, audit programme refers to an exhaustive plan which comprises of a list of verification steps, to be implemented, to the final accounts of the organization, to collect sufficient facts and evidence, so as to. Most bsa audits begin with a report from a disgruntled employee or former employee. Its not always the bsa that requests or seems to request an audit, though. About 2006, the bsa came under fire for offering reward money. How to handle business software alliance audit demand letters. The bsa unbundles the software suites and attempts to recover up to three times the msrp of each of the components for each installation of allegedly unlicensed software. Unbundling software suites microsoft office and adobe creative suite are two compilations that are frequently involved in bsa audit matters. Independent testing should be mandated to take place every 1218 months, although institutions working in particularly high risk areas might consider a more frequent schedule than that. All of our cases begin with somebody who comes to us to report. With a growing global terrorist and organized crime threat, regulators are focused on aml and related topics such as usa patriot act, bank secrecy act and ofac office of foreign assets control. Software piracy is big business and bad for it as a whole, so someone has to police it. Therefore, consider a bsa audit letter to be directly from its members.
Ffiec it examination handbook infobase internal audit. The bsa business software alliance represent many vendors, not just microsoft so are the most likely ones to be involved with an audit. I am an intellectual property attorney in southlake, texas who has handled more than 230 business software alliance audit matters for small to mediumsized companies. The bsa global software survey found that organizations can achieve as much as 30 percent savings in annual software costs by implementing a good sam program. What i learned in the last 10 years defending bsa the. When you receive a bsa audit letter it is important to understand that the bsa business software alliance is acting on behalf of its member companies. Baseline shows you how to avoid them altogether in 8 easy steps the fear of a. We received a form letter from the business software alliance bsa telling us to do a self audit and if we find any unlicensed software to report it during our grace period because if you organizations software is not licensed, it could become to focus of a bsa investigation. It is very important to respond to the bsa audit letter, preferably through your legal counsel. Jenny blank, north american enforcement programs manager for the business software alliance bsa, explains the bsa s audit process. Lowdermilk, phd abd, cams, crms is a highly experienced and educated bsaaml and financial regulatory compliance professional with extensive policy and procedure.
Decades later, we are the leading municipal software. How to respond to a bsa or siia software audit letter. Ffiec bsaaml compliance program bsaaml compliance program. If your company is facing a software audit, you need experienced counsel to protect your business. We strategically select each case and carefully oversee our programs to optimize results, minimize risk, and drive revenue. Ffiec it examination handbook infobase internal audit program. Training should include, but not be limited to, tellers, platform, lending personnel, trust personnel, wire room, and bookkeeping personnel. Recent trends indicate that software publishers are increasingly initiating direct software audits instead of outsourcing the auditing process to.
According to bsa, the global annual cost of software piracy. Key steps to a successful bsa validation written by. Having a comprehensive and compliant bsa aml program helps a financial institution to conduct periodic bsa and aml audits. Update the work program based on changes to the regulation or prior audit recommendations. Prepare an audit engagement letter and distribute to appropriate management. I work at a small nonprofit that has 18 employees plus a seat computer lab. We received a form letter from the business software alliance bsa telling us to. Bsa licensing audits following on from my post about microsoft licensing options, i thought it prudent to cover what may happen if your licensing isnt in order and you end up getting audited. The bsa dedicates a substantial portion of its revenue marketing on radio stations and the. The cfw uses software applications developed by known software companies such as well microsoft, adobe, mcafee and oracle who are members of the bsa global advocacy team. No two institutions face the same set of aml risks, and your program.
Bsa audit program audit best practice grc consulting. Protecting your business from a bsa audit and software piracy claims. Audit library auditnet software compliance and auditing. Roland chan, senior director, compliance programs, asiapacific, bsa, said. Determine that the bank provides periodic training for appropriate personnel regarding their responsibilities under bsa aml. Bsa software audit will not trigger legal action the. News microsoft has started a program recently in uk that has wide. Tips for handling a microsoft software audit storagecraft blog. Nov 21, 2014 although it may read like a bad joke or a scam, infact it is a frequent practice by software vendors or their agents such as the bsa or siia software and information industry association to demand that you perform an audit of the software used at your business, report the results, and payup if there is any alleged deficiency in your. Baseline shows you how to avoid them altogether in 8 easy steps the fear of a business software alliance bsa audit has caused many a sleepless night among senior executives and it professionals over the past two decades. The position requires an extensive knowledge of bsa aml and ofac banking laws and regulations and background in controls or audit best practices.
For this reason, all documentation, test material, source listings, source and object program modules, and all changes to such programs, should be strictly controlled. For this reason, all documentation, test material, source listings, source and object. Software license compliance audit fort worth, texas. In installations using advanced software library control systems. Its members are among the worlds most innovative companies, creating software solutions that spark the economy and improve modern life. The bsas enforcement practices against small to mediumsized businesses have been the subject of numerous articles.
Last year, over 4,500 businesses completed the bsas software audit return. In addition, a cip must be included as part of the bsaaml compliance program. When you buy software to use on the computer it comes with a license. Responding to software audits by the bsa, siia and other. For the last ten years, i have been representing enduser companies nationally in software audit matters initiated by major software publishers including microsoft, adobe, autodesk, ibm and their trade groups. Tax administration and property assessment cama software 97% of michigan municipalities use at least one of our property applications. Audit program bank secrecy act and antimoney laundering 5. The bsas typical approach is to, at the first instance, demand businessowners to complete a voluntary selfaudit, where business owners must produce a full index of all bsamember software running on that business network, and provide receipts or other proof of licensed ownership of such software. The bsa s enforcement practices against small to mediumsized businesses have been the subject of numerous articles. Here, redmond explores the most harrowing tales of software audits and.
Bsa licensing audits following on from my post about microsoft licensing options, i thought it prudent to cover what may happen if your licensing isnt in order and you end up getting. Baseline talked to the experts whove directly dealt with the business software alliance, and weve compiled an 8 step guideline process for handling the aftermath of receiving an intimidating. Bsa is the leading advocate for the global software industry before governments and in the international marketplace. Have you received an audit letter from bsa business. Assist in the development of the risk assessment for the audit universe and development of the audit plan that correlates with the risk assessment. What to do when you receive a bsa audit letter by ericka chickowski print baseline talked to the experts whove directly dealt with the business software alliance, and weve compiled an 8 step guideline process for handling the aftermath of receiving an intimidating audit letter. Sep 30, 20 once an informant provides a tip, the bsa sends a cease and desist letter andor a letter requesting an audit. The audit is used to determine if all the software available for use is properly licensed and paid for by the business. Feb 27, 2014 unbundling software suites microsoft office and adobe creative suite are two compilations that are frequently involved in bsa audit matters. Assess whether the board of directors and senior management receive adequate reports on bsa aml compliance. The membership of the organization may undergo changes, which can impact an existing software audit if a member leaves during the course of the audit and the bsa no longer has power of attorney to enforce the s. Here are the top 20 things to think about when you are thinking about how to respond to a software audit letter from the bsa, siia, microsoft, autodesk, adobe or other. Financial institutions are required to be compliant with bsa rules and regulations. Its members are among the worlds most innovative companies.
308 57 715 1270 1301 619 996 428 822 899 354 1129 1489 265 1037 544 1136 160 105 890 689 1112 232 511 1547 46 560 979 882 166 1458 159 976 936 1121 838 1357 608 1114 528 1478 869 1215 570 382 846