March 1, 2023

Expectations for 2023 NCUA IT Exams

Earlier this year, BTG shared exam preparation insights following the release of NCUA’s 2023 Supervisory Priorities.  One of the priorities included an update to the Information Security Examination (ISE) procedures.  The ISE procedures outline exam statements grouped within three levels, which are based on the size and complexity of the credit union.  The exam statements detail the required policies, processes, and controls that will be reviewed for each level: 

  • ISE Small Credit Union Examination Program (SCUEP) will be used for credit unions with less than $50 million in assets.
  • ISE Core program is a risk-focused exam for credit unions greater than $50 million in assets. 
  • ISE Core+ program will be used for credit unions in which additional review of operational areas and security controls is required based on risk.

BTG recommends credit unions review the ISE program levels and related exam statements in preparation for upcoming exams. The ISE procedures can be found here

How can BTG help?

Our IT and Cybersecurity audit and assurance services are designed in alignment with regulatory requirements and expectations, ensuring our clients manage risk appropriately and are prepared for exams.  For more information on our consulting and audit services, please contact Elisabeth Esposito, VP Professional Services directly at (203) 745-3176 or