On July 1, 2016, the Federal Deposit Insurance Corporation (FDIC) implemented the Information Technology Risk Examination (InTREx) Program for conducting information technology and operations risk examinations of FDIC-supervised financial institutions.
The FDIC has indicated that banks will now receive ratings in various areas of risk that will then be combined for an overall composite IT rating. This will change the way that FDIC examinations take place.
Specifically, the FDIC created a new InTREx Information Technology Profile questionnaire for financial institutions to fill out 90 days before the examination. Surveys are to be returned to the examiner before an IT examination to help determine the scope and resources needed for the IT exam. At least 45 days before the exam, the FDIC in-charge examiner will send the institution an IT request letter listing additional items and documents needed. This will allow the institution to provide information in advance of the examination as opposed to ASAP when the examiners come onsite.
InTREx revises the FDIC’s Information Technology Risk Management Program (IT-RMP) questionnaire to include fewer questions and to focus on:
The Information Technology Profile questionnaire within InTREx includes 26 questions that cover the following categories:
The InTREx Core Analysis Modules cover the following sections:
The new InTREx process will give auditors more freedom to customize and expand their examination processes and materials in order to focus on high-risk areas.
Financial institutions should prepare for InTREx by doing the following:
Luis Silva | Posted: Sept. 12, 2016
Excellent and interesting publication
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2017 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.
The personnel of SDGblue have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides SDGblue clients access to a broader range of products, services, and solutions, while expanding the Crowe cybersecurity risk management capabilities with a deeply specialized team.
Looking for the Client Login?
Access the SDGblue Client Portal