Hello Everyone,

We have an IT Audit kicking off next month and they are requesting an FDICIA IT Control Matrix.

Our bank is <$500M and not subject to the rule, as far as I can surmise. We do have audited financial statements, etc. already.

I am a compliance person and this falls way outside of my expertise.

Does anyone have an example of this type of matrix they would be willing to share? If so, please PM me!

Thank you as always.

Why are they asking for it? If you aren't subject to FDICIA?

Given your asset size you are not subject to FDICIA and there should be no such requirement to have the matrix you mention. If it's an IT audit, perhaps they mean something else, I would go back to them to clarify.

Maybe your IT risk assessment, which every bank should have?

Thank you everyone. I think it is just a general request list they give to all banks for an IT exam. Appreciate it PQ

Also it could be a canned request list. I just call your auditors and ask.