Insights: Article

InTREx IT Examination Program

November 04, 2016

Cybersecurity threats within the financial institutions industry are persistent, adaptive and continue to escalate. Cybersecurity awareness, threat mitigation and incident response are necessary to maintaining security. In response, an overhaul to the FDIC Information Technology Risk Examination program was announced June 30, 2016. Announced through FDIC FIL 43-2016, the InTREx examination program places focus on inherent risk identification, assessment and evaluation of IT control procedures.

What’s Changing
Changes include the Uniform Rating System for Information Technology (URSIT) system that guides the risk-based approach to exam questions. A pre-examination process helps the examiner identify risks specific to the size and complexity of the financial institution, as well as assign proper resources to the onsite examination. Separate frameworks address audit, management, development and acquisition, and support/delivery. Questions are included to help identify and control risks, specifically, what an IT auditor looks for in evaluating and controlling risk.

Auditor’s Perspective
The FFIEC Cybersecurity Self-Assessment Tool and InTREx IT Examination program offer similar control perspectives. Both are essentially based on the FFIEC IT Handbook from July 2006.  However, the InTREx program provides more direct focus and, based on inherent risk identification, provides better guidance toward recommended risk mitigation. Of particular interest is how InTREx specifies “cybersecurity” controls within each framework. At a minimum, these sections could serve as an initial gap analysis, where the IT department and/or IT Committee could check potential security gaps. Overall, the InTREx program is well-focused and straight-forward, which helps in the evaluation and maintenance of an effective cybersecurity program. 

Latest Insights

October 19, 2018
Article
While the focus of your practice will always be providing exceptional care for your patients, there is no way to get around the demands of running the business of the practice.
October 19, 2018
Article
Is it time to review your policy? Life insurance is hard. It’s hard to know if you have the right kind. It’s hard to know if you have enough. And it’s hard to know if you need any at all. The insurance companies have made it even…
October 18, 2018
Article
Cash basis producers have an opportunity to make contributions of raised commodities directly to a charitable organization. The fair market value of the gifted commodity is excluded from taxable income of the donor, resulting in the potential for…
October 17, 2018
Article
If you finance a car, house, education or vacation, or if you borrow money for an investment, you probably pay or accrue interest for the use of the money you borrowed. The question then becomes, “is that interest deductible for tax purposes?”
October 17, 2018
Article
In today’s world, every household decision raises issues about money. Whether you are paying holiday credit card bills, selecting employer benefits for 2019 or determining what amount you should be saving for retirement, they all have an effect on…
October 15, 2018
Article
The IRS released clarification on the deductibility of meal and entertainment expenses for business purposes.
October 12, 2018
Article
The Tax Cuts and Jobs Act affects all taxpayers. Eide Bailly has created a list of the top ten considerations to help you paint a clearer picture of tax reform.
October 10, 2018
Article
The following is a summary of some of the changes made in addition to the widely-reported adjustments to individual income tax.
October 10, 2018
Article
As anticipated, the Tax Cuts and Jobs Act of 2017 (Public Law 115-97) made significant changes to individual and business tax provisions.