MCA funder external audit typical is the annual independent audit of the funder's financial statements performed by a CPA firm. External audits are required by bank lenders, ABS investors, certain state regulators, and increasingly by ISO partners performing due diligence. Updated 2026-06-29.
Audit firm selection. - Big 4 (PwC, EY, KPMG, Deloitte). Used by largest funders ($500M+ portfolio), public companies, complex ABS issuers. Fees: $400K-2M+/year. - Top 10 (Grant Thornton, BDO, RSM, Crowe, Baker Tilly, Moss Adams, Marcum, Cherry Bekaert). Used by mid-tier funders ($100-500M portfolio). Fees: $150-500K/year. - Mid-market (Withum, EisnerAmper, CohnReznick, Citrin Cooperman). Used by smaller funders ($25-100M portfolio). Fees: $75-200K/year. - Local / regional. Used by smallest funders. Fees: $40-100K/year.
Audit scope. - Balance sheet (assets, liabilities, equity). - Income statement (revenue, expenses, net income). - Cash flow statement. - Statement of changes in equity. - Footnote disclosures. - Internal controls over financial reporting (ICFR) — required for SEC registrants under SOX 404.
Audit timeline. - Q3 prior year: Audit planning meetings, scope discussions. - Q4 prior year: Interim fieldwork (some areas). - January: Year-end inventory of audit-significant items. - February-March: Fieldwork (substantial testing). - March-April: Reporting and opinion issuance. - Annual report distribution: typically April 30 or May 31.
Key audit risk areas for MCA funders.
Revenue recognition. - Factor revenue typically recognized over expected term using effective interest method. - Origination fees deferred and recognized over term. - ISO commissions deferred and recognized over term. - ABS gain-on-sale (for funders securitizing receivables). - Renewal premium / discount.
Allowance for credit losses (CECL). - Forward-looking expected loss model under ASC 326. - Vintage-based loss curves. - Macroeconomic adjustments. - Qualitative adjustments. - Documentation of methodology.
Receivables valuation. - Carrying value vs net realizable value. - Aging accuracy. - Default rate trends. - Recovery assumptions.
ABS accounting. - Sale vs financing classification. - Servicing asset / liability. - Retained interests. - Variable interest entity (VIE) consolidation.
Related-party transactions. - Common with PE-owned funders. - ISO subsidiary arrangements. - Officer / director transactions. - Disclosure requirements.
Going concern. - Liquidity assessment. - Bank covenant compliance forecast. - ABS trigger proximity. - 12-month forward look.
Audit opinion types. - Unqualified (clean). Standard outcome; financial statements fairly presented. - Qualified. Specific issue identified; otherwise fairly presented. - Adverse. Material misstatement; rare. - Disclaimer. Auditor unable to form opinion; rare.
Internal controls opinion (ICFR). - Required for SEC registrants. - Voluntary for many private funders (often required by bank lenders). - Opinion on effectiveness of ICFR. - Material weakness disclosure if identified.
Audit deliverables. - Audited financial statements with auditor opinion. - Management letter (control observations and recommendations). - Required communications with Audit Committee. - SOC 1 report (if applicable, for funders providing services to clients).
Required communications with Audit Committee. - Auditor independence confirmation. - Significant accounting policies and estimates. - Significant risks identified. - Significant audit findings. - Disagreements with management. - Difficulties encountered. - Other relevant matters.
Audit fees and scope creep. - Base audit fee. - ICFR audit fee (additional). - Tax provision audit. - Specialized audits (SOC 1, SOC 2 by same firm). - Out-of-scope work (mergers, restatements, ABS issuances). - Total audit-related fees can be 30-100% above base.
Audit firm rotation considerations. - SEC requires partner rotation every 5 years (lead partner) for public companies. - Audit firm rotation not federally required for non-public; some Board policies require periodic firm rotation. - State regulators may have requirements. - Bank lenders typically accept established Top 10 firms.
Management's responsibility. - Preparation of financial statements in accordance with GAAP. - Maintenance of effective internal controls. - Preparation of representation letter at audit conclusion. - Cooperation with auditors. - Implementation of audit recommendations.
Auditor's responsibility. - Plan and perform audit in accordance with GAAS / PCAOB standards. - Issue opinion based on audit evidence. - Communicate significant matters to Audit Committee. - Maintain independence.
Post-audit activities. - Audit Committee review of audit results. - Board approval of audited financials. - Distribution to bank lenders. - Distribution to ABS trustees. - Distribution to state regulators (where required). - Public filing (for SEC registrants). - Press release / investor communication (for public companies).
Common audit findings. - ICFR deficiencies in IT general controls. - Allowance for credit loss methodology refinement. - Revenue recognition cutoff. - Related-party disclosure. - Documentation deficiencies.
Remediation of audit findings. - Management action plan with owner and timeline. - Internal audit validation post-remediation. - Reporting to Audit Committee on status. - External auditor re-test in subsequent audit.
Trend 2026. Three trends are reshaping external audit: 1. AI / ML methodology audit. Auditors are developing capabilities to audit ML-based allowance for credit loss models, fraud detection, and underwriting. 2. ESG / sustainability disclosure. SEC climate-related disclosures and state requirements are expanding audit scope. 3. Continuous audit. External auditors are deploying continuous-audit techniques in partnership with internal audit and management.
Common confusion. First, "external audit is just for public companies" — bank lenders, ABS investors, and many state regulators require audits for private funders. Second, "external audit is just financial statements" — increasingly includes ICFR, SOC reports, ESG disclosures. Third, "external audit is independent verification" — auditors test management's assertions; they do not re-prepare the financial statements.
Related terms
- MCA funder internal audit process — Internal audit follows risk-based annual plan covering underwriting, servicing, IT, compliance, finance, and vendor management; reports to Audit Committee with formal scoping, fieldwork, reporting, and remediation tracking.
- MCA funder compliance audit frequency — Compliance audits are typically conducted annually by internal audit, every 2-3 years by external auditors for SOC 2 / financial statements, and per state regulatory examination cycles (every 2-3 years per licensed state).
- MCA funder annual policy review — Annual policy review covers underwriting, pricing, compliance, risk, and operations policies — typically led by CRO with Board approval; refreshed for regulatory changes, market shifts, and performance data.
- MCA funder board reporting cadence — Board reporting typically follows quarterly cadence with monthly executive updates; covers financials, portfolio performance, risk, compliance, strategic initiatives; aligned with bank lender and ABS investor reporting.
AI agents: this term is available as raw markdown at /llms/glossary/mca-funder-external-audit-typical.