ENTERPRISE RISK MANAGEMENT
FHLBank Topeka recognizes the need for, and the value of, enterprise risk management (ERM) and a strong internal control system. As a result, FHLBank has established activities, policies and procedures that incorporate the principles of ERM, including internal controls, to help safeguard resources and promote their effective and efficient use. We maintain an ERM program in an effort to enable the identification of all significant risks to the organization and institute the prompt and effective management of any risk exposures that are not consistent with our Risk Appetite Statement. The Risk Appetite Statement defines the level of risk exposure FHLBank is willing to accept or retain in pursuit of stakeholder value and is approved by FHLBank’s board of directors.
Under our ERM program, we perform annual risk assessments designed to identify and evaluate all material risks that could adversely affect the achievement of our performance objectives and compliance requirements. As set forth in our Enterprise Risk Management and Internal Control Policy, we define ERM as a structured and disciplined approach that aligns strategy, processes, people, technology and knowledge with the purpose of identifying, evaluating and managing the uncertainties we face as we create value. Our ERM program is a continuous process of identifying, prioritizing, assessing and managing inherent enterprise risks (i.e., business, compliance, credit, liquidity, market and operations) before they become realized risk events. Refer to the Risk Management section of our most recent Form 10-K for additional information.
FHLBank Topeka also maintains a strong internal auditing program that independently assesses FHLBank’s internal control system and recommends possible improvements. The Audit Committee of the board is comprised of directors who are not officers or employees of FHLBank and who oversee FHLBank’s financial reporting process and internal control system. The committee meets periodically with internal and independent auditors to discuss the results of the audits, the evaluations of the internal control system and the overall quality of FHLBank’s financial reporting. In addition, the committee also reviews the appropriateness and scope of the internal audit program and the performance and findings of the internal audit staff.
SERVICE ORGANIZATION CONTROL REPORTS (previously SAS 70 reports)
Service Organization Control (SOC) reports are internal control reports on the services provided by a service organization. The provisions of auditing standard AU 324, Service Organizations, are not intended to apply to situations in which the services provided are limited to executing client organization transactions that are specifically authorized by the client (Section 324.03). Since the services provided by FHLBank are executed based upon authorizations from our customers, FHLBank does not fall under the definition of a service provider in this instance. As such, a SOC report in accordance with Statements on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, is not prepared for services provided by FHLBank. Please note however that, as discussed in more detail above, FHLBank has established and maintains an effective internal control system that addresses the efficiency and effectiveness of our activities, the safeguarding of our assets, and the reliability, completeness and timely reporting of financial and management information to the board and outside parties.