Transforming organizations through skillful alignment of people, process and technology.
The Hilltop Companies


Audit Services

The Hilltop Companies performs audit services for our clients, with an emphasis on specialty or compliance audit activities.  Our audit services and professionals’ skills are targeted to performing:

  • Regulatory compliance audits (any type, any financial services agency requirements, any GSE required audit, etc.),
  • Contract compliance audits (bank required is the most typical audit, however, other contract compliance audits are performed in the real estate development arena, lease/rent calculations, acquisition audits, etc.),
  • Loan sale audits (first or early payment defaults, document or other repurchase audit issues),
  • Servicing sale audits (investor reporting, escrow accounting and reporting, delinquency audits, foreclosure advance audits, etc.),
  • Transaction required audits i.e. specifically required as a result of a transaction such as an “earn out price” calculation,
  • Internal control audits (SOX and other required assessments of internal controls),
  • Fraud audits and investigations, and
  • Information technology controls audits (general and application controls have been reviewed, as well as, System Development Life Cycle (SDLC) process testing).

Hilltop Accounting can perform financial statement audits as needed.  We are approved as government audit subcontractors for two of the Big 4 accounting firms.

We understand the regulations, know what the regulators are going to look for in their audits and understand how auditors view various situations.  Why is this – because we are auditors, “we have been in regulators’ shoes before”, and we think like they do!  We have been at the forefront of regulatory audits as demonstrated by the following:

  • Communicate often with regulatory auditors (during or after their audit processes),
  • Teach the regulators – teaching FFIEC courses regarding bank/mortgage accounting and controls to regulatory examiners
  • Help write regulations and/or the guidance provided– RESPA for FHA, the MBA’s Uniform Single Audit Attestation Program re: loan servicing controls, the GSEs’ lender/servicer guides, etc.
  • Conduct major regulatory audits – most recently the OCC Consent Order foreclosure reviews
  • Conduct pre-audits involving BSA, AML, OFAC, HAMP, HARP, RESPA, Fair Lending, HMDA, TIL, GFE and other regulations with the result being that the regulators accepted our findings and substantially reduced their own efforts.

We are respected by the regulatory auditors for our knowledge of the regulations, our independence, our understanding of the business and the risks associated with such.

Contract compliance audits are performed as a result of a contract requirement.  Most contract audits are required by banks, counter parties, or as a result of a particular type of transaction (acquisition, asset securitization, lease term, cost audit requirement for construction,  valuation update, purchase price calculation, etc.).   We perform all of these types of contract compliance audits.  A partial summary of the contract audits that we have conducted follows:

  • Bank net worth requirement tested
  • Bank lending base tested
  • Qualified assets test for borrowing base tested
  • Counter party financial or risk profile audits
  • Purchase price or acquisition audits
  • Securitized asset diligence audits (do the assets qualify or meet the specifications per the offering documents)
  • Cost of common area per lease payment calculation tested
  • Construction cost audit requirements
  • Valuation of loan portfolios as required by loan or acquisition terms
  • Valuation of assets purchased and/or profit results for final “earn out” payments by acquirer
  • Calculation of indemnification to be made by seller for warrantied asset performance
  • Calculation of first or early payment defaults and impact on indemnifications to be made
  • Calculation of prepayment experience and repayment of loan sale premiums as a result

Contract compliance audits are usually performed using the requirements set forth in the contract and audited to assess whether the terms of the contract are being met by the applicable parties.

Our audit professionals are involved with many clients concerning their internal controls assessments, SOX compliance and auditor disputes on control reliance.  Our goal is to provide practical advice to our clients where the implemented controls provide more than just compliance with regulatory and auditing standards.  We understand the importance of internal controls and compliance with financial, regulatory and contractual required controls.  Our audit professionals have been involved in many aspects of internal controls including:

  • Assisting clients with identifying significant/key controls that senior management and auditors can rely on
  • Mapping accounting policy to actual processes and controls in place to ensure that your Company’s accounting policies are being maintained as described,
  • Documenting controls (most clients’ policies, manuals, process and controls documentation is not in sync or current)
  • Testing controls as documented
  • Assessing controls that have been specifically required under various securitization pooling and loan servicing agreements, REMIC or CMO structure agreements, warehouse bank agreements, bank or mortgage regulatory agreements (including Memorandums of Understanding and Cease and Desist Orders).

Internal controls assessments should be considered under any of the following scenarios:

  • Significant issues/errors have arisen with financial or operational reporting
  • Significant fraud occurrences
  • Major personnel changes in key financial, operational and/or control point responsibilities
  • Problems noted by external auditors in the financial statement audit process and non-reliance
  • Problems noted by bank examiners during any of their exams
  • Major new system applications are under development or about to be implemented
  • Internal audit has not reviewed internal controls in the recent past
  • Other control weakness indicators have been identified

The Hilltop Companies has unique industry based controls knowledge, not just general SOX controls requirements that apply to all industries!

Since we are auditors, clients often hire us to assist in the discussions between your Company and your Auditors.   Whether as a result of accounting application or controls issues, we have been able to resolve many auditor disputes by providing facts and information that allows the auditor to resolve its concerns.

Our audit teams have assisted in the assessment and immediate remediation of internal controls failures, fraud or other financial improprieties  and misrepresentations.  Our typical process is to help in the assessment of the “severity” of the internal control problem, determination of its impact (financial, volume of failures, reporting requirements) to Senior management, the Board and the public (including regulatory bodies), and recommending the specific remediation steps/process changes needed to prevent/detect in such issues in the future.

Further, assessing controls and their effectiveness to prevent, detect and mitigate specific risks of fraud and other improprieties is also a key component to our audit practice.  See Fraud Investigation and Controls Assessments & Implementation for a detailed description of the services we provide.

Our IT controls assessments focus on the IT general and application controls.  Our lead IT controls professionals are usually CISA certified and follow the approach used by certified IT standards.  We also understand the importance of monitoring IT software development or application implementation controls for system development life cycle projects.   See IT Risks & Controls Assessments for a more detailed explanation of our services in this area.