In my opinion, the professional standards are clear on the expectations:
"The auditor should design procedures to test the appropriateness of journal entries recorded in the general ledger and other adjustments.”
More specifically, SAS no. 99 requires the auditor, in all audits, to a) obtain an understanding of the entity’s financial reporting process and controls over journal entries and other adjustments; (b) identify and select journal entries and other adjustments for testing; (c) determine the timing of the testing; and (d) inquire of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries or other adjustments
(Statement of Auditing Standard (SAS) no. 99, Consideration of Fraud in a Financial Statement Audit.
Now, the problem with all professional standards is the practical application of the standards in the real world. Keep in mind that SAS # 99 was the audit profession’s first real response to the massive frauds that were occurring in financial reporting. This blog is not about testing controls, but the search for intentional misstatement of financial statements through the journal entries.
I have not said this before in a blog, but one of the biggest mistakes you can make in the search for fraud is thinking “if I were going to perpetrate a fraud, this is how I would do it”. The inherent assumption is that you and the perpetrator are identical twins in the thought process.
In reality, misstating the financial statements via a journal entry may be the easiest fraud ever committed or detected. I say this because it is the job of accountants to record journal entries. There’s nothing unusual about it. Most significant journal entries are the result of senior financial management. Most journal entries at year's end are estimates. For these reasons and many more, journal entry fraud is treated as a presumed fraud risk. Meaning, you must search for it.
Now we will discuss how to plan and execute your audit to properly respond to the risk of fraud. In my way of thinking, our audit plan has three components.
1. Perform a fraud risk assessment
2. Select a sample of transactions through the use of data analytics
3. Perform an audit procedure to gather evidence that the journal entry lacks economic substance.
SAS# 99 created the concept of fraud risk factors, both internal and external, based on the fraud triangle. In my opinion, it is a great theory, but not practical in real life. Since management override is a presumed risk, you simply search for misstatement through intentional efforts.
I will provide seven approaches to analyzing the general ledger for fraudulent journal entries. What I can tell you is that each approach has detected fraudulent journal entries, but not each approach was relevant in every financial statement fraud.
1. Disaggregated analysis of the general ledger account balance
Analyze every general ledger account balance to determine by dollars and percentage the extent to which the balance was created by source journal or journal entries. Based on the materiality factor, if a misstatement is occurring through a journal entry you know where to start looking. Be careful, the journal entries may be spread through multiple accounts. Analyzing account balances should be your first step and should occur in the planning phase.
2. An anomaly general journal entry using a scoring sheet concept
An anomaly is a general term for an extreme deviation from the normal journal entry. Useful? Probably not. So, this is what I look for:
a. The first attribute is a single entry or a series of entries in the aggregate that would be material.
b. The second attribute should be a specific account. See step one.
c. Entries to accounts that should not occur.
d. Entries that shift a transaction from one section of the financials to another, i.e., from the income statement to the balance sheet.
e. One side of the entry is illogical
f. Reclass entries between different sections of the profit and loss. i.e., in a not-for-profit, shifting expenses from overhead to program.
g. An anomaly in the journal entry number, i.e., all entries are numbered, but this journal entry has an alpha component.
h. I refer to this step as code breaking. If someone is misstating the financial statements, it is your job to study the data and find the pattern.
3. Historical red flag of a fraudulent journal entry
One of the assumptions is that the auditor has familiarity and experience with the industry. So, a simple question: what financial statement fraud has occurred in your industry, and what were the attributes of the fraud? This can be a good place to look. You know that expression, “fool me once, shame on you, fool me twice, shame on me.”
4. The absence of a journal entry
The key to this analysis is to understand the business and the company’s financial plan. To provide an example, let’s assume disbursements are being properly recorded through the purchase journal to a balance sheet account. Then, mid-year, the business expansion is shelved. The disbursements in the balance sheet should be written off. But no journal entry is made. Yes, this really occurred. The easiest way to make a company look profitable is to hide the expenses in the balance sheet.
5. The timing of a journal entry
Let’s face it, many journal entries are recorded at year's end. It is the nature of financial reporting. One of the key audit procedures is called retrospective analysis. Simply stated, you search for reversal entries after the year-end. The reversal entry may occur through a journal entry or through a transactional journal. It may not help in the current year, but will certainly help in the next year.
6. The alpha description describes the purpose of the journal entry
Every journal entry has a description explaining the journal entry. The first step is to understand what the normal description is, then you search for the anomaly in the description. For example, what is the medium and average letter count in the description? Then we search for those descriptions that are less than the median or mean record count.
7. Concealing the theft of assets: journal entry
The theft of assets is an expense. If the theft is significant to the business entity, then the profit and loss statement will show a loss. This will alert management to investigate what is causing the loss. So, the perpetrator reclassifies, adjusts, or records the theft in a balance sheet account. Therefore, the business entity looks profitable. In one investigation, 75% of the account balances did not exist. The most infamous dairy company fraud in history is the Parmalat scandal. There was a fourteen billion dollar accounting hole.
The heading says it all. Audit procedure for journal entries is not about examining a spreadsheet, verifying the arithmetic accuracy of the spreadsheet, or searching for approvals. Yes, these are important from a compliance perspective. However, for me, the audit procedure should focus on the economic substance of the journal entry.
In one audit, the company recognized revenue based on the percentage of completion. The controller would use a real vendor account and record fictitious vendor invoices to inflate incurred costs. Then the next month, he would delete the invoice from accounts payable. So, here is the economic question. Did the company incur the expenses? If yes, when did the company incur the expenses? Do the vendor documents support the assertion made by the controller?
In my opinion, testing for the economic substance of a transaction cannot always be codified in an audit program. The auditor must be able to satisfy themselves based on the financial statement assertions that I highlighted in the February 2026 blog.<LINK> Fraud auditing in financial statements is definitely a thinking person’s game.
Donald Cressey up and personal.
complete high school. True or False