Insights: Article

InTREx IT Examination Program

November 04, 2016

Cybersecurity threats within the financial institutions industry are persistent, adaptive and continue to escalate. Cybersecurity awareness, threat mitigation and incident response are necessary to maintaining security. In response, an overhaul to the FDIC Information Technology Risk Examination program was announced June 30, 2016. Announced through FDIC FIL 43-2016, the InTREx examination program places focus on inherent risk identification, assessment and evaluation of IT control procedures.

What’s Changing
Changes include the Uniform Rating System for Information Technology (URSIT) system that guides the risk-based approach to exam questions. A pre-examination process helps the examiner identify risks specific to the size and complexity of the financial institution, as well as assign proper resources to the onsite examination. Separate frameworks address audit, management, development and acquisition, and support/delivery. Questions are included to help identify and control risks, specifically, what an IT auditor looks for in evaluating and controlling risk.

Auditor’s Perspective
The FFIEC Cybersecurity Self-Assessment Tool and InTREx IT Examination program offer similar control perspectives. Both are essentially based on the FFIEC IT Handbook from July 2006.  However, the InTREx program provides more direct focus and, based on inherent risk identification, provides better guidance toward recommended risk mitigation. Of particular interest is how InTREx specifies “cybersecurity” controls within each framework. At a minimum, these sections could serve as an initial gap analysis, where the IT department and/or IT Committee could check potential security gaps. Overall, the InTREx program is well-focused and straight-forward, which helps in the evaluation and maintenance of an effective cybersecurity program. 

Latest Insights

July 13, 2018
Article
Here are some idea for giving your new hire a smooth start into your business and alleviating stress for you.
July 13, 2018
Article
The impact of the recent SCOTUS Wayfair decision will continue to have a ripple effect on businesses and state sales tax compliance.
July 9, 2018
Article
The revenue cycle is a complex system and we have historically given much attention to the front-end and back-end while oftentimes leaving the middle functions of the cycle neglected.
July 3, 2018
Article
FASB Accounting Standards Codification Topic 606, Revenue from Contracts with Customers, provides a 5-step framework for determining revenue recognition.
July 2, 2018
Article
As part of the Tax Reform Act of 1986, the “Kiddie tax,” a taxing regime designed to make the transfer of income items by wealthy parents to lower tax paying children less attractive, was implemented.
July 2, 2018
Article
When it comes to your employees, you likely conducted interviews on them when you first hired them.
July 2, 2018
Article
Nearly ten years after the release of the initial exposure draft, FASB issued ASU 2016-02, Leases - The standard may have been issued, but the conversation about this re-write of legacy guidance has not slowed.
June 29, 2018
Article
Banks look at three broad categories when considering small business financing: business cash flow, personal financial strength, and collateral value.
June 28, 2018
Article
You need to be cautious when entering into a bartering relationship and remember to track everything and the key to accounting for bartering is making sure you still record the income earned and expenses incurred.