# MCA funder external audit typical > External financial audits are typically performed by Big 4 or top 10 CPA firms annually; covers financial statements, internal controls, and revenue recognition; required by bank lenders and ABS investors. MCA funder external audit typical is the annual independent audit of the funder's financial statements performed by a CPA firm. External audits are required by bank lenders, ABS investors, certain state regulators, and increasingly by ISO partners performing due diligence. Updated 2026-06-29. **Audit firm selection.** - **Big 4 (PwC, EY, KPMG, Deloitte).** Used by largest funders ($500M+ portfolio), public companies, complex ABS issuers. Fees: $400K-2M+/year. - **Top 10 (Grant Thornton, BDO, RSM, Crowe, Baker Tilly, Moss Adams, Marcum, Cherry Bekaert).** Used by mid-tier funders ($100-500M portfolio). Fees: $150-500K/year. - **Mid-market (Withum, EisnerAmper, CohnReznick, Citrin Cooperman).** Used by smaller funders ($25-100M portfolio). Fees: $75-200K/year. - **Local / regional.** Used by smallest funders. Fees: $40-100K/year. **Audit scope.** - Balance sheet (assets, liabilities, equity). - Income statement (revenue, expenses, net income). - Cash flow statement. - Statement of changes in equity. - Footnote disclosures. - Internal controls over financial reporting (ICFR) — required for SEC registrants under SOX 404. **Audit timeline.** - **Q3 prior year:** Audit planning meetings, scope discussions. - **Q4 prior year:** Interim fieldwork (some areas). - **January:** Year-end inventory of audit-significant items. - **February-March:** Fieldwork (substantial testing). - **March-April:** Reporting and opinion issuance. - **Annual report distribution:** typically April 30 or May 31. **Key audit risk areas for MCA funders.** **Revenue recognition.** - Factor revenue typically recognized over expected term using effective interest method. - Origination fees deferred and recognized over term. - ISO commissions deferred and recognized over term. - ABS gain-on-sale (for funders securitizing receivables). - Renewal premium / discount. **Allowance for credit losses (CECL).** - Forward-looking expected loss model under ASC 326. - Vintage-based loss curves. - Macroeconomic adjustments. - Qualitative adjustments. - Documentation of methodology. **Receivables valuation.** - Carrying value vs net realizable value. - Aging accuracy. - Default rate trends. - Recovery assumptions. **ABS accounting.** - Sale vs financing classification. - Servicing asset / liability. - Retained interests. - Variable interest entity (VIE) consolidation. **Related-party transactions.** - Common with PE-owned funders. - ISO subsidiary arrangements. - Officer / director transactions. - Disclosure requirements. **Going concern.** - Liquidity assessment. - Bank covenant compliance forecast. - ABS trigger proximity. - 12-month forward look. **Audit opinion types.** - **Unqualified (clean).** Standard outcome; financial statements fairly presented. - **Qualified.** Specific issue identified; otherwise fairly presented. - **Adverse.** Material misstatement; rare. - **Disclaimer.** Auditor unable to form opinion; rare. **Internal controls opinion (ICFR).** - Required for SEC registrants. - Voluntary for many private funders (often required by bank lenders). - Opinion on effectiveness of ICFR. - Material weakness disclosure if identified. **Audit deliverables.** - Audited financial statements with auditor opinion. - Management letter (control observations and recommendations). - Required communications with Audit Committee. - SOC 1 report (if applicable, for funders providing services to clients). **Required communications with Audit Committee.** - Auditor independence confirmation. - Significant accounting policies and estimates. - Significant risks identified. - Significant audit findings. - Disagreements with management. - Difficulties encountered. - Other relevant matters. **Audit fees and scope creep.** - Base audit fee. - ICFR audit fee (additional). - Tax provision audit. - Specialized audits (SOC 1, SOC 2 by same firm). - Out-of-scope work (mergers, restatements, ABS issuances). - Total audit-related fees can be 30-100% above base. **Audit firm rotation considerations.** - SEC requires partner rotation every 5 years (lead partner) for public companies. - Audit firm rotation not federally required for non-public; some Board policies require periodic firm rotation. - State regulators may have requirements. - Bank lenders typically accept established Top 10 firms. **Management's responsibility.** - Preparation of financial statements in accordance with GAAP. - Maintenance of effective internal controls. - Preparation of representation letter at audit conclusion. - Cooperation with auditors. - Implementation of audit recommendations. **Auditor's responsibility.** - Plan and perform audit in accordance with GAAS / PCAOB standards. - Issue opinion based on audit evidence. - Communicate significant matters to Audit Committee. - Maintain independence. **Post-audit activities.** - Audit Committee review of audit results. - Board approval of audited financials. - Distribution to bank lenders. - Distribution to ABS trustees. - Distribution to state regulators (where required). - Public filing (for SEC registrants). - Press release / investor communication (for public companies). **Common audit findings.** - ICFR deficiencies in IT general controls. - Allowance for credit loss methodology refinement. - Revenue recognition cutoff. - Related-party disclosure. - Documentation deficiencies. **Remediation of audit findings.** - Management action plan with owner and timeline. - Internal audit validation post-remediation. - Reporting to Audit Committee on status. - External auditor re-test in subsequent audit. **Trend 2026.** Three trends are reshaping external audit: 1. **AI / ML methodology audit.** Auditors are developing capabilities to audit ML-based allowance for credit loss models, fraud detection, and underwriting. 2. **ESG / sustainability disclosure.** SEC climate-related disclosures and state requirements are expanding audit scope. 3. **Continuous audit.** External auditors are deploying continuous-audit techniques in partnership with internal audit and management. **Common confusion.** First, "external audit is just for public companies" — bank lenders, ABS investors, and many state regulators require audits for private funders. Second, "external audit is just financial statements" — increasingly includes ICFR, SOC reports, ESG disclosures. Third, "external audit is independent verification" — auditors test management's assertions; they do not re-prepare the financial statements. ## Related terms - [MCA funder internal audit process](https://fundnode.co/llms/glossary/mca-funder-internal-audit-process) — Internal audit follows risk-based annual plan covering underwriting, servicing, IT, compliance, finance, and vendor management; reports to Audit Committee with formal scoping, fieldwork, reporting, and remediation tracking. - [MCA funder compliance audit frequency](https://fundnode.co/llms/glossary/mca-funder-compliance-audit-frequency) — Compliance audits are typically conducted annually by internal audit, every 2-3 years by external auditors for SOC 2 / financial statements, and per state regulatory examination cycles (every 2-3 years per licensed state). - [MCA funder annual policy review](https://fundnode.co/llms/glossary/mca-funder-annual-policy-review) — Annual policy review covers underwriting, pricing, compliance, risk, and operations policies — typically led by CRO with Board approval; refreshed for regulatory changes, market shifts, and performance data. - [MCA funder board reporting cadence](https://fundnode.co/llms/glossary/mca-funder-board-reporting-cadence) — Board reporting typically follows quarterly cadence with monthly executive updates; covers financials, portfolio performance, risk, compliance, strategic initiatives; aligned with bank lender and ABS investor reporting. --- Source: https://fundnode.co/glossary/mca-funder-external-audit-typical (HTML version) Document: MCA funder external audit typical — Fundnode MCA Glossary License: CC BY 4.0 — attribution to Fundnode required when citing.