BRSA (Banking Regulation and Supervision Agency), the primary regulatory body of Financial Sector in Turkey, has developed a promising system named BADES for the reporting of the findings which are determined by the external auditors during the course of application controls and general IT controls audit engagements. The BADES system has also capable of importing and exporting XML files which have detailed information about the findings and remediation plans.

Thanks for the openness of BADES system, I decided to write a desktop application, which is roughly a specifically formatted XML editor, to accelerate the inputting process of findings and automate the most of the work. You can see the full feature list below.

This tool is designed to be used for the XML files which are downloaded from BADES system. You can edit and filter the records, then upload back to official BADES system. As you might guess, the application interface is in Turkish.

You can download this tool using following link:

If you would like to look at the source code, it is also here:


  1. It creates the relevant Management Letter Annex with a single click.
  2. You can use this tool to manage your audit findings. You can assign the findings to relevant departments in your organization and monitor the progress of remediation actions.
  3. You can make a health check for your action plans before reporting them to BRSA for inconsistencies. For example, the findings which have no response, the findings that are not marked as “remedied” even though the deadline has already been reached, the findings that have a remediation deadline even though they are marked as “Risk Accepted” etc.
  4. You can keep the XML file and update only the required findings in the future reporting periods. Thus, you will not need to re-input all the data again and again.
  5. You can see and edit all the details of findings (business risk, dates, auditee’s response, etc.) and the responses (action plan, action type etc.) on one single page, which saves lots of time.
  6. You can group and edit the findings based on the subject, audit area, priority, relevant departments etc.
  7. Works off-line, therefore increases the speed and responsiveness.
  8. And of course, it is most importantly free and open source under the license of GPL. You can adopt it as you like for the needs of your corporation.