The test of an audit trail is not whether it exists, but whether it stands up under scrutiny. A credit decision that was well-reasoned at the time but is documented only in a credit officer's recollection, a half-complete Equifax printout, and a four-word email approval fails that test: not because the decision was wrong, but because the evidence cannot independently support it.
What a complete evidence pack contains
A complete decision evidence pack for a trade credit limit decision should contain, at minimum: the full application package as submitted by the applicant (all fields, all uploaded documents, the signed director's guarantee and terms, the consent authority for bureau searches), each bureau report pulled during the assessment (Equifax commercial, PPSR, ASIC extract) with the pull timestamp and the user who triggered the search, the payment history reviewed (if any existing trade relationship), any AI-generated analysis notes (clearly labelled as advisory, not decisional), the complete workflow history (every stage, every reviewer, every action, every timestamp), and the final decision record (approved/declined/conditional, the limit set, the terms applied, the expiry or review date).
The principle of contemporaneous capture is critical. The evidence pack must record what was known at the time of decision, not what became known afterwards. A bureau report that arrived after approval was granted, a document submitted post-decision, or an updated risk assessment done after the fact cannot form part of the pack for the original decision. The pack is a snapshot, not a living document.
Immutability and tamper evidence
Once a credit decision is made, the evidence pack is locked. No document can be added or removed, no field can be edited, no note can be updated. This is not bureaucratic rigidity; it is the feature that makes the pack useful. A pack that can be modified after the fact provides no assurance. An auditor reviewing the pack cannot know whether it reflects the original assessment or has been cleaned up retrospectively.
Tamper evidence can be implemented technically via cryptographic hashing: a hash of the complete pack contents is computed and stored at the moment the pack is sealed. If any element of the pack is altered, the hash will not match, providing immediate, computational evidence of tampering. This is the same principle used in financial transaction logs and legal discovery systems.
When evidence packs are needed
The use cases for a complete, immutable evidence pack multiply over the life of a credit relationship. At origination, the pack documents the basis for the initial limit. At limit review, it provides the baseline for comparing current conditions against original assessment. In a dispute, such as a debtor challenging the terms of their guarantee or contesting a default, the pack is the primary evidence of what was agreed and on what basis.
For trade credit insurers reviewing a claim, the evidence pack demonstrates compliance with the policy's due diligence requirements. For AFCA investigations, it shows the process that supported the decision. For internal audit, it enables systematic review of credit quality across the portfolio, not just individual decisions but patterns: which branches consistently produce complete packs, which approval authorities are most frequently exercised, where the gaps are.
Key takeaway
The investment in building robust, immutable evidence packs for every credit decision is trivial compared with the cost of defending a decision without one. More fundamentally, organisations that build their credit workflow around evidence capture, rather than trying to reconstruct evidence after a challenge arises, develop better credit decisions over time. The discipline of documentation creates a feedback loop: credit officers who know their reasoning will be preserved tend to reason more carefully.
