IT Examiner School eBook May 2025

Internal Use Only

InTREx Program Overview

An enhanced, risk-based, approach for conducting IT examinations of depository institutions

Based on the (URSIT) and includes Core Modules for Audit, Management, Development and Acquisition, and Support and Delivery component ratings

Incorporates procedures for assessing cybersecurity preparedness and compliance with Interagency Guidelines Establishing Information Security Standards

Examiners complete the InTREx Core Modules, the Cybersecurity Workpaper, and the Information Security Standards Workpaper to assess risk and document examination procedures, findings, and recommendations. Updated in September 2023 (by FDIC) to improve Audit module‘s usability, add steps related to Computer Security Incident Notification Rule (Part 304 Subpart C), provide specificity regarding examiner review of service provider ROEs, and to update links to references.

Internal Use Only

Components of InTREx ITP

Work Program

Information Technology Profile

Core Modules

Risk Profile

Expanded Modules

Qualitative Adjustment

Supplemental Workprograms