Credit is an investment in the customer. The company should decide how much risk it is willing to finance.
CFO and sales leadership
At onboarding, monthly review
Create customer risk tiers.
Customer KYC and credit assessment.
Customer credit should consider legal identity, financial capacity, payment history, concentration, dispute risk and strategic importance. A high sales target is not a credit assessment.
Limits and terms should be approved before order acceptance. Exceptions need expiry dates and named senior approval.
Receivable ageing should distinguish not due, overdue, disputed, promised, secured and doubtful amounts. Collection responsibility should involve sales and delivery, not finance alone.
| Control | What it covers | Operating rule |
|---|---|---|
| Onboarding | Identity and credit risk are assessed. | Set initial limit and terms. |
| Order control | Exposure is checked before new supply. | Block excess orders automatically where possible. |
| Monitoring | Ageing, disputes and concentration are reviewed. | Use customer-level action plans. |
| Loss recognition | Provision and write-off follow policy and evidence. | Preserve recovery rights. |
Link sales incentives partly to collection or quality measures where appropriate. Otherwise teams can create revenue that consumes cash.
Set board escalation for large single-customer exposure, repeated exceptions and deterioration in payment behaviour.
Record the decision, owner, due date and evidence expected. A verbal explanation should become an approved working, board note, contract amendment, statutory filing or reconciliation before the item is treated as closed.
Rules, forms, thresholds and procedures can change. Use the latest official source and the actual company facts rather than copying a prior-year control or another entity’s legal position.
Classify every exception as a timing difference, data error, missing document, legal non-compliance, control-design gap or control-operating failure. This prevents management from treating fundamentally different problems as one ageing list.
The exception file should show amount or exposure, root cause, immediate correction, preventive action, owner and board-escalation threshold. Repeated low-value issues can become material when they reveal weak systems or management override.
Close the item only after the evidence agrees across source documents, books, portal data and management reporting. A screenshot or email promise is not equivalent to a completed filing, lender waiver, signed contract or reconciled ledger.
The control should operate across the full transaction population, not only the samples management expects a reviewer to inspect. For this topic, the key stages are onboarding, order control, monitoring, loss recognition. Each stage should identify the source system, preparer, reviewer, deadline and evidence retained.
A useful management review asks whether the legal document, accounting entry, bank movement, tax treatment and public filing describe the same event. Differences may be valid, but they should be reconciled through a dated working rather than explained from memory during audit or diligence.
Materiality should determine escalation, not whether the company keeps a record. Repeated small exceptions can show weak master data, unclear authority, system bypass or management override. Root cause and preventive action should therefore be documented separately from the immediate correction.
The commercial owner should remain accountable after finance or legal approval. Controls cannot work when business teams treat documentation, collection, contract obligations or vendor verification as back-office responsibilities.
Report both the current exception and its cash consequence. A technically small error can delay collection, block a financing, create tax interest or undermine investor confidence well beyond its ledger value.