Ten years later, this practice is widely used in software audit matters generally and has become so routine in bsa cases that the bsa lawyers. While large organizations are usually the ones under fire for bsa violations, cus are just as liable for antimoney. A typical bsa form letter describing the selfaudit will include the following statement regarding the demand that the audittarget provide evidence of its software purchases. This firstofitskind tool will enable the software industry, its customers, and policymakers to describe. Auditcompliancesnapshot where rules come from audit will use template as the list of things to comparecompliance requires creation of rules with conditions to evaluate the assets you list in the. This bsa audit training will explain how the best practices in a bsa audit have evolved over the years. Strong software asset management sam practices can help protect companies from these risks while optimizing their it asset investments. The business software alliance bsa regularly targets smalltomedium sized businesses for expensive software audits to determine whether those businesses are in compliance with their bsa member software licenses. The prospect of a sam engagement or an audit should be of minimal concern for companies with good sam practices. Our members create innovative software that improves peoples lives and grows the economy. What i learned in the last 10 years defending bsa the.
What to do when you receive a bsa audit letter by ericka chickowski print baseline talked to the experts whove directly dealt with the business software alliance, and weve compiled an 8 step. Ten years later, this practice is widely used in software audit matters generally and has become so routine in bsa cases that the bsa lawyers now send us a version of that agreement containing the. These audits that are handled by the business software alliance bsa. Sep 30, 20 once an informant provides a tip, the bsa sends a cease and desist letter andor a letter requesting an audit.
Through years of helping more than 226 clients navigate the audit process, we have found the following software audit strategies to produce the best outcome. It is important to prepare for a software audit in case a software vendor sends you an email or letter asking for an audit. Having a comprehensive and compliant bsa aml program helps a financial institution to conduct periodic bsa and aml audits. And if they take your company to court, especially if their audit matches what your audit says.
This item must be supported by dated documentation, such as invoices or receipts, as proof of the ownership of each such license. The requested audit is meant to uncover unauthorized installations of ed software with the intent of recovering damages on behalf of the bsa owner. Find out how you can survive a microsoft software audit in this article. Software piracy is big business and bad for it as a whole, so someone has to police it.
An llc notice is sent to the organization from the bsa before conducting an llc audit. The audit is used to determine if all the software available for use is properly licensed and paid for by the business. Jun 07, 2018 software manufacturers take an active role pursuing licensing to the chagrin of some thought leaders in the it professionwho have referred to software licensing audit practices as an aggressive shakedown carried out with egregious tenacity. Its members are among the worlds most innovative companies, creating software. Commonplace software licensing audit triggers to avoid. This morning, bsa the software alliance released global best practices for law enforcement access to digital evidence a set of guidelines for law enforcement agencies and. The business software alliance bsa conducts all llc audits. Financial institutions are required to be compliant with bsa. But when the piracy police overstep their bounds, companies. This and other findings from bsas global software survey underscore. How to negotiate a better software audit clause the shi blog. Sep 24, 2019 this morning, bsa the software alliance released global best practices for law enforcement access to digital evidence a set of guidelines for law enforcement agencies and governments, as well as for technology providers, that address policies and procedures relating to law enforcement access to digital evidence. This and other findings from bsas global software survey underscore the benefits of implementing proven best practices for managing software assets benefits that start in the enterprise. Bsa business software alliance typically audits for microsoft, adobe, autodesk, and others.
What i learned in the last 10 years defending bsa the software. Although it may read like a bad joke or a scam, infact it is a frequent practice by software vendors or their agents such as the bsa or siia. Software audits have become an increasingly common revenueleakage recovery. Have you received an audit letter from bsa business. Common and legal identifiers and red flags, the sources of audit evidence, steps of.
The bsa dedicates a substantial portion of its revenue marketing on radio stations and the internet to these rats, promising them confidentiality and the ability to make an anonymous complaint. Please note that the investigative process is very thorough and can take several months for significant developments. Bsa licensing audits following on from my post about microsoft licensing options, i thought it prudent to cover what may happen if your licensing isnt in order and you end up getting audited. Recent trends indicate that software publishers are increasingly initiating direct software audits instead of outsourcing the auditing process to. If you do receive an llc audit, do not simply accept the audit terms, process, and results. Beware the bsa software piracy is big business and bad for it as a whole, so someone has to police it. This bsa webinar will discuss best practices of development, maintenance and auditing of the bank secrecy act. Bsa has been successfully developing and executing these campaigns and programs for over 30 years, leveraging targeted local tactics, unparalleled relationships, deep industry knowledge, and our trusted global brand. It will cover the major components of an effective bsa program that the audit focuses on and the specifics of each area as it pertains to bsa audits. A new framework for software security bsa techpost. Bank secrecy act bsa compliance is an integral part of credit union compliance. Most bsa audits begin with a report from a disgruntled employee or former employee. Bsasiia audits and software publisherinitiated audits. For most organizations, 80% of software spend resides with the top 15 to 20 software vendors.
Look at your bsa the software alliance audit notice and you will see. Bsa has been successfully developing and executing these campaigns and programs for over 30 years, leveraging targeted local tactics, unparalleled relationships, deep industry knowledge, and our trusted. Financial institutions are required to be compliant with bsa rules and regulations. Focus on these vendors and conduct selfassessments, before thirdparty audits occur. Bank secrecy act auditbsa audit best practicesbank secrecy. In furtherance of that effort, the bsa offers cash rewards to disgruntled current or former employees who provide information about allegedly unlicensed software installed on their. For the last ten years, i have been representing enduser companies nationally in software audit matters initiated by major software publishers including microsoft, adobe, autodesk, ibm and their trade groups. In practice, if an audited entity is unable to produce a dated receipt, the bsa will label the corresponding software copy or installation to be improper. Watch complete demonstration videos presented by our knowledgeable staff or search for software tutorials. This session highlights bsa audit best practices that are being acknowledged and recognized by regulators and examiners. This firstofitskind tool will enable the software industry, its customers, and policymakers to describe, assess, and encourage security throughout the software lifecycle in a specific, meaningful way. Failing to respond to a letter from the bsa, siia, or software publisher, will likely make your problems worse and could include litigation against you and your company.
The type of audit depends on the circumstances and can be done by the business or conducted by an outside party. Not being prepared ends up in loss of money and takes away time from productive work. Its members are among the worlds most innovative companies, creating software solutions that spark the economy and improve modern life. In this webinar, we will discuss the areas that regulators and examiners are primarily focusing on with regards to bsa audits. It will cover the major components of an effective bsa program that the audit focuses on and the. Learn about bsa s work on responsible ai, protecting consumer privacy, strengthening cybersecurity, promoting crossborder data, and helping people train for the future. At best, this proves inconvenient for customers that have to allot valuable time and resources to manage the audit. Many customers report that the number of software audits requested by publishers has risen dramatically over the past several years. While large organizations are usually the ones under fire for bsa violations, cus are just as liable for antimoney laundering laws, and in case of compliance mishaps, the penalties can be severe.
This article gives you 11 very useful best practices on how to prepare for an audit. Accessing electronic evidence in the digital age bsa techpost. While the overarching concept underlying a software audit initiated by a publisher like microsoft or ibm is the same as that in an audit initiated by the bsa the software alliance or the. If your company is facing a software audit, you need experienced counsel to protect your business. Watch complete demonstration videos presented by our knowledgeable staff or. In this webinar, we will discuss the areas that regulators and examiners are. How to handle business software alliance audit demand letters. Today, bsa the software alliance launched the bsa framework for secure software. The bsa business software alliance represent many vendors, not just microsoft so are the most likely ones to be involved with an audit. Software manufacturers take an active role pursuing licensing to the chagrin of some thought leaders in the it professionwho have referred to software licensing audit practices as an. Businesses sometimes find themselves the recipients of a letter from the business software alliance bsa demanding an audit and accounting of software installed on company computers. In this webinar, we will discuss the areas that regulators and examiners are primarily focusing on in regards to bsa audits. At worst, organizations face steep financial penalties if unintentional license deficits are discovered.
Tips for handling a microsoft software audit storagecraft blog. The business software alliance, also known as bsa, is a trade group established by the microsoft corporation in 1988 and represents a number of the worlds largest software makers and is a member of the international intellectual property alliance. The business software alliance maintains telephone hotlines and a web site to encourage disgruntled employees and vendors to make anonymous reports against companies of all sizes. This course will provide information to help individuals determine if the bsa audit functions are being performed adequately and effectively. A business software alliance team member will provide you with the latest information. Mar 04, 2016 and if bsa insists on doing their own audit, well, if i were writing the pound salt letter, id inform them ahead of time that they do so on their own dime. Learn more about our assessing and property tax software in our learning center. In 2008, the business software alliance received more than 2,500 reports of illicit use of software by companies in the u. The audit is used to determine if all the software available for use is properly.
Bsa is the leading advocate for the global software industry before governments and in the international marketplace. What to do when you receive a bsa audit letter by ericka chickowski print baseline talked to the experts whove directly dealt with the business software alliance, and weve compiled an 8 step guideline process for handling the aftermath of receiving an intimidating audit letter. Apr 30, 2019 today, bsa the software alliance launched the bsa framework for secure software. Click here for our essential software audit checklist 30 questions your company must be thinking about now if you received a software audit letter from bsa, siia or an individual software publisher. Common and legal identifiers and red flags, the sources of audit evidence, steps of conducting internal investigation, elements to establish evidence of laundering. At best, this proves inconvenient for customers that have to. Responding to software audits by the bsa, siia and other. We are driven to excellence in all areas of our business by focusing 100% of our efforts on solving customers problems, creating deep and lasting customer.
725 785 162 1554 1012 699 729 1413 1275 947 135 114 767 1545 1258 266 481 1553 263 1030 35 1353 1328 497 1498 1358 1294 134 80 1056 772 467 1297 277 1457 490 1391 1028 1329 501 930 292 135 348 930 1477 545 695 1105 1089