A focused course, tailored for you
The Consumer Credit Internal Audit Playbook
Build the audit methodology that closes consumer credit findings once, with committee-ready evidence and repeatable testing procedures.
The finding was documented. The remediation action was tracked. Six months later the same control failed the walkthrough again. For internal auditors in consumer credit, recurring findings are the audit committee's most uncomfortable question, and the root cause is almost never what the management comment said it was.
$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.
Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.
Why this course
Internal audit in consumer credit sits at an intersection of high-frequency customer touchpoints, regulatory scrutiny from both prudential and market-conduct regulators, and group-level requirements that often don't map cleanly to local operations. The SARB prudential requirements, NCR compliance obligations, POPIA data handling controls, and IFRS 9 provisioning methodology each require different evidence, different testing frequency, and different remediation governance. Auditors who use a single testing template across all these areas produce findings that close on paper but recur in practice. The gap is not effort. It is the design of the test procedures and the standard of the evidence collected.
The 12 modules
Module 1. Risk Assessment for Consumer Credit Audits
The audit universe in consumer credit is broader than the risk register suggests. This module maps the key risk domains: origination controls, credit scoring model governance, collections processes, provisioning methodology, regulatory compliance across NCR, POPIA, and SARB, and operational risk. You build a risk-ranked audit universe that justifies resource allocation to the audit committee and doesn't miss the category where the next significant finding is likely to emerge. Includes a template risk-ranking matrix calibrated to consumer finance.
Module 2. Designing Test Procedures That Catch Root Causes
Most recurring findings survive because the test procedure confirmed a control operated, not whether its design was adequate for the actual risk. This module shows how to layer design adequacy testing with operating effectiveness testing for consumer credit controls. You build test procedures for four common control types: transaction approvals, system access, data reconciliations, and management review controls. The output is a test procedure template that distinguishes the failure mode and changes the remediation recommendation accordingly.
Module 3. Audit Evidence Standards for Financial Services Regulators
The SARB, NCR, and any group-level second-line function will each look at the same audit workpaper and ask a different question. This module teaches the evidence standard that satisfies all three without producing a separate workpaper set for each audience. You build a standard audit evidence file structure that captures the population, sample selection rationale, exception documentation, and conclusion linkage in one coherent workpaper. Covers the difference between evidence sufficient for internal closure and evidence that survives a regulatory examination.
Module 4. Testing Credit Origination Controls
Loan origination in consumer credit involves automated decisioning, manual override processes, affordability assessment documentation, and credit bureau integration, each creating a different audit challenge. This module covers how to select and test a statistically credible sample from an automated origination flow, how to evaluate override populations for policy compliance, and how to document the conclusion in a way the credit risk committee will find credible. Includes a sample selection template designed for high-volume digital origination environments.
Module 5. Provisioning and IFRS 9 Audit Procedures
The expected credit loss calculation under IFRS 9 involves model inputs, staging criteria, and management overlays that each require different testing approaches. This module gives you the procedures for each: validating staging criteria against contractual terms, checking model inputs against source data, and evaluating management overlays against documented economic assumptions. Includes a workpaper template that links the testing conclusion to the financial statement assertion, structured so the external auditor can follow it without additional explanation.
Module 6. NCR Compliance Audit: What the Regulator Actually Checks
The National Credit Regulator's examination priorities are not always what the compliance checklist covers. This module maps the NCR's published guidance and enforcement actions to the internal controls that actually matter in an examination. You build a regulatory audit program for consumer credit origination, collections, and reckless lending assessment aligned to what the NCR has cited in recent enforcement actions. Includes a gap assessment template designed to be used before an external examination cycle begins.
Module 7. Collections and Recoveries Audit
Collections processes involve direct customer contact at high frequency and are subject to both NCR regulations and POPIA data handling requirements. This module covers how to design the audit sample for collections call monitoring, how to test the escalation path from arrears to legal handover, and how to document findings in a way that separates the regulatory compliance issue from the operational process failure. That distinction matters for remediation ownership and for how you report to the audit committee.
Module 8. Data Governance and POPIA Audit in Consumer Credit
Consumer credit operations handle high volumes of personal information used in both origination decisioning and collections follow-up. POPIA creates specific audit obligations around data subject consent, purpose limitation, and third-party data sharing with credit bureaus and collection agencies. This module gives you the audit program for the data governance controls POPIA requires, including how to evaluate the compliance framework against actual data flows in origination and collections, and how to document findings for the Information Regulator's likely questions.
Module 9. Audit Finding Documentation and Rating
A finding that a control committee cannot act on is a finding that will recur. This module covers how to write a finding with a clear observation, root cause, impact statement, and a management comment committing to a specific, measurable remediation action by a specific date. Covers rating methodology for financial services: what distinguishes a significant finding from a moderate one in consumer credit, and how to defend the rating to the audit committee when management disputes it.
Module 10. Remediation Tracking and Control Re-testing
Most remediation trackers tell you whether an action was completed, not whether the control is working. This module shows how to design a re-testing protocol that validates effectiveness, not just closure. Covers when to re-test relative to the audit cycle, the evidence standard for re-testing versus original testing, and how to close a finding so the audit committee and external auditor are both satisfied. Includes a remediation tracker template with a built-in re-testing evidence field.
Module 11. Audit Committee Reporting in Financial Services
The audit committee paper needs to communicate both what was found and what it means for the risk appetite. This module covers how to structure the update: the executive summary that names key risks without burying them, the finding heat map, the remediation status showing whether the business is ahead of or behind the curve, and language that flags an emerging issue before it escalates. Includes a template report structure for listed financial services entities.
Module 12. Building the Annual Audit Plan for Consumer Credit
The annual internal audit plan needs to cover regulatory-required areas, risk-ranked business areas, and continuous audit activities, and fit within the resource budget. This module shows how to build a plan the audit committee will approve, aligned to SARB and NCR regulatory expectations for internal audit coverage in consumer credit, with enough flexibility to respond to emerging issues. Includes a planning template and a worked example showing how to allocate audit days across the consumer credit audit universe.
How this addresses your situation
Specific modules that map to what you said you are dealing with.
Modules 1-3: Build the audit universe, design test procedures that surface root causes, and collect evidence to the standard regulators and external auditors require.
Modules 4-8: Execute testing across the core consumer credit risk domains: origination, provisioning, NCR compliance, collections, and POPIA data governance.
Modules 9-10: Document findings with closure conditions the business can actually meet, and manage remediation tracking to genuine control effectiveness.
Modules 11-12: Report to the audit committee in a way that communicates risk, not just status, and build an annual plan that covers what regulators are actually examining.
Who it is for
Internal auditors in financial services, particularly consumer credit and retail banking, who are responsible for planning and executing audit cycles across regulatory and operational risk domains, writing audit findings that withstand committee scrutiny, and tracking remediation until genuine control closure. Typically operating within a group-level internal audit function while managing relationships with local regulators and the business units being audited.
Who this is NOT for. Compliance managers who own the controls being audited. External auditors conducting statutory audits. Risk officers building the control framework rather than testing it. Auditors whose work is entirely focused on IT general controls with no consumer credit or retail banking exposure.
How it arrives
Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.
Time investment. Twelve modules, each designed for a single 60-90 minute session. Templates are built to be used during your next audit cycle alongside the course material, not after completing all twelve modules.
FAQ
Is this specific to South African consumer credit regulations?
The course is built around consumer credit audit methodology with specific modules on NCR compliance, SARB prudential requirements, POPIA data handling, and IFRS 9 provisioning. The methodology transfers to any financial services environment, but the regulatory examples are calibrated to the South African market and its specific regulators.
How long does the course take to complete?
Twelve modules, each designed for a single sitting of about 60-90 minutes. The implementation playbook is delivered alongside course access and is designed to be used during your next audit cycle, not after completing all twelve modules.
What does the hand-built implementation playbook include?
The playbook is built for your specific role and context. It includes the templates referenced in each module: the risk-ranking matrix, test procedure templates, evidence file structure, finding documentation format, remediation tracker, and audit committee report template, adapted for consumer credit internal audit in a financial services environment.
Does the course cover IIA standards?
The course is built on IIA-aligned methodology. The audit planning, fieldwork, reporting, and follow-up structure follows the International Standards for the Professional Practice of Internal Auditing, applied specifically to the consumer credit context.
