Information Technology Risk Examination (InTREx) Program
July 05, 2016 / Source: FDIC
The FDIC updated its information technology and operations risk (IT) examination procedures to provide a more efficient, risk-focused approach. This enhanced program also provides a cybersecurity preparedness assessment and discloses more detailed examination results using component ratings.
- The InTREx Program is an enhanced, risk-based approach for conducting IT examinations. The Program helps to ensure that financial institution management promptly identifies and effectively addresses IT and cybersecurity risks.
- All Uniform Rating System for Information Technology (URSIT) component and composite ratings assigned at each IT examination will be included in the Risk Management Report of Examination.
- An assessment of the financial institution's cybersecurity preparedness will be included on the Information Technology and Operations Risk Assessment Page of every Risk Management Report of Examination.
- The InTREx Program includes a streamlined IT Profile that financial institutions will complete in advance of examinations that replaces the IT Officer's Questionnaire (ITOQ). The IT Profile is intended to provide examination staff with more focused insight on a financial institution's IT environment and includes 65 percent fewer questions than appeared on the FDIC's legacy ITOQ.
This Financial Institution Letter applies to all FDIC-supervised institutions.