CFO Playbook / Credit Control

Customer Credit Policy: Control Bad Debts

CA Nikhil Gupta·June 2026·3 min readCFO Playbook / Credit Control

Credit is an investment in the customer. The company should decide how much risk it is willing to finance.

Quick View

Owner

CFO and sales leadership

Cadence

At onboarding, monthly review

First control

Create customer risk tiers.

Core evidence

Customer KYC and credit assessment.

Why It Matters

Customer credit should consider legal identity, financial capacity, payment history, concentration, dispute risk and strategic importance. A high sales target is not a credit assessment.

Limits and terms should be approved before order acceptance. Exceptions need expiry dates and named senior approval.

Receivable ageing should distinguish not due, overdue, disputed, promised, secured and doubtful amounts. Collection responsibility should involve sales and delivery, not finance alone.

Control Framework

ControlWhat it coversOperating rule
OnboardingIdentity and credit risk are assessed.Set initial limit and terms.
Order controlExposure is checked before new supply.Block excess orders automatically where possible.
MonitoringAgeing, disputes and concentration are reviewed.Use customer-level action plans.
Loss recognitionProvision and write-off follow policy and evidence.Preserve recovery rights.

Action Checklist

  1. Create customer risk tiers.
  2. Set limits and payment terms.
  3. Require approval for exceptions.
  4. Monitor exposure before dispatch.
  5. Run weekly collection meetings.
  6. Review provisions and legal action.

Practical Example

A sales team accepts a large repeat order from a customer already 120 days overdue. Revenue rises, but the company increases unsecured exposure without a recovery plan.

Evidence to Keep

  • Customer KYC and credit assessment.
  • Approved limit and terms.
  • Orders and delivery evidence.
  • Ageing and dispute notes.
  • Security and guarantee documents.
  • Provision and write-off approvals.

Warning Signs

  • Rewarding sales without collection quality.
  • Extending credit before KYC.
  • Using one limit across group entities.
  • Ignoring disputed invoices.
  • Writing off debt without tax and legal review.

Management Decision

Link sales incentives partly to collection or quality measures where appropriate. Otherwise teams can create revenue that consumes cash.

Set board escalation for large single-customer exposure, repeated exceptions and deterioration in payment behaviour.

Record the decision, owner, due date and evidence expected. A verbal explanation should become an approved working, board note, contract amendment, statutory filing or reconciliation before the item is treated as closed.

Rules, forms, thresholds and procedures can change. Use the latest official source and the actual company facts rather than copying a prior-year control or another entity’s legal position.

Exception Review

Classify every exception as a timing difference, data error, missing document, legal non-compliance, control-design gap or control-operating failure. This prevents management from treating fundamentally different problems as one ageing list.

The exception file should show amount or exposure, root cause, immediate correction, preventive action, owner and board-escalation threshold. Repeated low-value issues can become material when they reveal weak systems or management override.

Close the item only after the evidence agrees across source documents, books, portal data and management reporting. A screenshot or email promise is not equivalent to a completed filing, lender waiver, signed contract or reconciled ledger.

Board Escalation

The control should operate across the full transaction population, not only the samples management expects a reviewer to inspect. For this topic, the key stages are onboarding, order control, monitoring, loss recognition. Each stage should identify the source system, preparer, reviewer, deadline and evidence retained.

A useful management review asks whether the legal document, accounting entry, bank movement, tax treatment and public filing describe the same event. Differences may be valid, but they should be reconciled through a dated working rather than explained from memory during audit or diligence.

Materiality should determine escalation, not whether the company keeps a record. Repeated small exceptions can show weak master data, unclear authority, system bypass or management override. Root cause and preventive action should therefore be documented separately from the immediate correction.

The commercial owner should remain accountable after finance or legal approval. Controls cannot work when business teams treat documentation, collection, contract obligations or vendor verification as back-office responsibilities.

Report both the current exception and its cash consequence. A technically small error can delay collection, block a financing, create tax interest or undermine investor confidence well beyond its ledger value.

Frequently Asked Questions

Should every customer receive credit? â–¼
No. Prepayment, deposits or security may be appropriate for higher-risk customers.
Who can override a limit? â–¼
Only authorised senior management under a documented exception process.
Is ageing enough for provisioning? â–¼
No. Age is important, but dispute, security, history and forward information also matter.
Can finance collect alone? â–¼
Sales and delivery teams often control the relationship and must participate.