Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

866.430.2595
Request a Consultation
banner

FDIC InTREx Program Examination Support
Get Started

As part of TRUE’s managed compliance services, our team can help you meet, maintain, and demonstrate FDIC compliance, providing support ahead of and throughout your InTREx examination.

 

Financial institutions depend on [Information Technology] to deliver services. Disruption, degradation, or unauthorized alteration of information and systems can affect the financial condition, core processes, and risk profile of an institution. Further, because of the increasing volume and sophistication of cyber threats, it is imperative that financial institutions and their critical third-party service providers maintain diligence in identifying, assessing, and mitigating cybersecurity risks.”  (Banker Resource Center, FDIC.gov)

FDIC’s Information Technology Risk Examination (InTREx) Program 

 

Evaluating your IT environment for risks and vulnerabilities that can leave you open to attack is an essential part of any financial institution’s information protection procedures. By nature, risk is not a static value, however, as IT environments constantly change every time you add or remove users, update information, upgrade or improve technology, and so on. Therefore, risk evaluation is an ongoing process that involves periodic, point-in-time assessments to identify your areas of risk.

What to Expect from TRUE’s FDIC Audit Support 

 

Using guidance provided in the Federal Financial Institutions Examination Council (FFIEC) Information Technology (IT) Examination Handbook, TRUE’s Risk Advisory team will identify your current risks, and evaluate the effectiveness of your risk mitigation strategies around each. Our report will provide you with a list of any identified gaps, as well as recommended strategies to address them.

 

90 Days Ahead of Your Audit:

When you are fully prepared for your examination, the TRUE Risk Advisory team will assist you with completing the Information Technology Profile (ITP), an FDIC questionnaire designed to provide an overview of your existing environment. This document allows FDIC-approved examiners to scope your upcoming assessment and assign their resources accordingly. 

Using your ITP and other available documentation (such as previous audit reports, changes or updates to your environment, etc.), your examiner-in-charge will design your upcoming audit to assess environment-specific risks and their corresponding security controls. Using TRUE for your audit preparation process allows you to be fully prepared for this examination, with documentation on-hand and 

At Least 45 Days Ahead of Your Audit:

You will receive an IT Request Letter through FDIConnect. This is essentially a more focused questionnaire that is based on your IT profile that will need to be completed and resubmitted within the requested timeframe. This step allows your examiner-in-charge to obtain as much additional information as possible before your audit date, minimizing the amount of time they will need to spend interviewing and gathering documentation from your team on-site.

During Your FDIC Audit:

 

TRUE’s Risk Advisory team will assist with the audit process, providing documentation to the FDIC’s assigned examiner and answering questions on your behalf. When engaged in an ongoing, managed compliance capacity with your team, we will be engaged alongside you throughout the process. In the event of additional questioning, having an information security professional as part of your team can be key to a successful examination.

Topics you can expect your audit to cover: