< Back

Auditing Fraud Risk: Journal Entry Testing

Posted on November 24, 2025 by | Tags: AS 2401, AU-C 240, Fraud, Journal Entries,

Auditing fraud risk, specifically the required audit procedures to address management override of controls, is a hot topic. In fact, many of our audit firm clients have recently requested training on the topic. Specifically, they want to know more about the requirements for auditors related to testing journal entries. That’s not surprising due to recent frauds uncovered at Tricolor and First Brands Group. Plus, the examination of journal entries and other adjustments for evidence of possible misstatement due to fraud is a frequent area of audit deficiencies noted in recent PCAOB inspections. So, let’s dive into journal entry testing – the requirements, helpful tips and tricks, and where auditors are getting it wrong!

Is journal entry testing required by auditing standards?

Yes. Auditors are required to obtain sufficient appropriate audit evidence to obtain reasonable assurance about whether the financial statements are free from material misstatement. This requirement applies whether the misstatement was unintentional (error) or intentional (fraud). We discuss the auditor requirements for consideration of fraud in our CPE-eligible eLearning course on the topic!

According to a statement by the former SEC Chief Accountant, Paul Munter, titled The Auditor’s Responsibility for Fraud Detection (“SEC Statement on Fraud”), “auditors are gatekeepers and therefore the importance of their responsibilities with respect to the identification of risks of material misstatement due to fraud (i.e., fraud risks) and the detection of material misstatements in the financial statements due to fraud should not be underestimated.” He called it the auditor’s use of the “fraud lens” during performance of their audit procedures.

But detecting fraud is not easy. That’s because management, according to AS 2401 Consideration of Fraud in a Financial Statement Audit (AS 2401), “is in a unique position to perpetrate fraud because of its ability to directly or indirectly manipulate accounting records and prepare fraudulent financial statements by overriding established controls that otherwise appear to be operating effectively.” Therefore, auditor are required to perform certain procedures that specifically address the risk of management override of controls. These procedures are:

Note that these procedures, including the journal entry testing, are required under both PCAOB auditing standards and U.S. GAAS (AU-C 240, Consideration of Fraud in a Financial Statement Audit) when auditing fraud risk. Essentially, the two standards, AS 2401 and AU-C 240, are very similar. Therefore, we’ll cite the requirements of AS 2401 in this post.

Is fraud risk considered a significant risk?

Yes. AS 2110.71(b) states that a fraud risk is a significant risk. A significant risk requires “special audit consideration” because of the nature of the risk or the likelihood and potential magnitude of misstatement related to the risk. In other words, a significant risk requires a strong audit response in the form of extended audit procedures and obtaining more persuasive audit evidence. Certainly, journal entry testing, if done right, would qualify! In addition, auditors are required to identify the controls addressing significant risks and evaluate whether they have been designed effectively and are being implemented. Finally, you would expect increased partner involvement and a timely review of the audit documentation related to significant risks.

What are the requirements within AS 2401 for testing journal entries?

AS 2401 states that material misstatements of financial statements due to fraud often involve the manipulation of the financial reporting process by:

  1. Recording inappropriate or unauthorized journal entries throughout the year or at period end; or
  2. Making adjustments to amounts reported in the financial statements that are not reflected in formal journal entries, such as through consolidating adjustments, report combinations, and reclassifications.

Accordingly, the auditor should design procedures to test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of financial statements.

Because of the large number of deficiencies in this area, the PCAOB published Audit Focus: Journal Entries in January 2025. This document sets out the following requirements for auditors with respect to journal entries:

  1. Obtain an understanding of the entity’s financial reporting process and the controls over journal entries and other adjustments
  2. Use professional judgement in determining the nature, timing, and extent of the testing of journal entries and other adjustments
  3. Identify and select journal entries and other adjustments for testing
  4. Determine the timing of the journal entries selected for testing
  5. Inquire of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments

What things should be considered when selecting journal entries for testing?

First and foremost, AS 2401 requires the auditor to use professional judgment in determining the nature, timing, and extent of testing journal entries and other adjustments. Paragraph 61 provides us the following considerations when identifying and selecting journal entries for testing:

The auditor’s assessment of the fraud risk

If fraud risk factors or other conditions are present, auditors should consider them when identifying specific classes of journal entries and determining the extent of their procedures. More risk equals more (and better) procedures.

The effectiveness of controls that have been implemented over journal entries and other adjustments

If the controls over journal entries are operating effectively, this will decrease the extent of the substantive testing. However, even if this is the case and operating effectiveness has been tested, auditors are still required to perform substantive procedures over journal entries. Such testing includes the identification and substantive testing of specific items.

The entity’s financial reporting process and the nature of evidence that can be examined

Our testing of journal entries should vary based on the nature of the entity’s financial reporting process. Regardless of whether the processing of journal entries and related controls is manual or automated, auditors are required to select journal entries from the general ledger to be tested and examine support for such entries. And don’t forget to test the completeness and accuracy of the source document(s) from which you are making your selection for journal entries to test.

The characteristics of fraudulent entries or adjustments

Inappropriate journal entries or adjustments often have unique characteristics. AS 2410 states such characteristics may include entries:

  • Made to unrelated, unusual, or seldom-used account
  • Made by individuals who typically do not make journal entries
  • Recorded at the end of the period or as post-closing entries that have little or no explanation of description
  • Made either before or during the preparation of the financial statements that do not have account number
  • Containing round numbers or a consistent ending number

The nature and complexity of accounts

According to AS 2401, inappropriate journal entries or adjustments may be applied to accounts that:

  • Contain transactions that are complex or unusual in nature
  • Contain significant estimates and period-end adjustments
  • Have been prone to errors in the past
  • Have not been reconciled on a timely basis or contain unreconciled differences
  • Contain intercompany transactions
  • Are otherwise associated with an identified fraud risk, such as related party transactions

Journal entries or other adjustments processed outside the normal course of business

Standard journal entries are normally subject to the entity’s internal controls. Nonstandard entries such as those related to a business combination or asset impairment may not have the same level of controls. Auditors may want to review these nonstandard entries, as well as adjustments related to consolidating entries, report combinations, and reclassifications.

Fraudulent journal entries are often made at the end of a reporting period. Therefore, the uditor’s testing ordinarily should focus on the journal entries and other adjustments made at that time. That said, don’t just limit your testing to those period-end journal entries as misstatement of financial statement due to fraud can happen at any time of the year!

Is there a listing or checklist of the journal entries auditors should test?

No. We were recently asked this question at a training and, other than the considerations set out in AS 2401 as noted above, there is no “official” list. In fact, auditors should avoid using the above information like a checklist. According to the SEC Statement on Fraud, our audit response “should be tailored to the identified fraud risk and dynamic to changing business environments” to ensure we’re properly fulfilling our professional responsibilities regarding fraud.

In other words, your selection of journal entries to test is entity-specific. It’s based on your professional judgment. And based on the fraud risks that you’ve identified at your client in the current economic environment.

Where are auditors getting it wrong?

Here are some of the deficiencies noted by the PCAOB related to journal entry testing:

  • Not obtaining an understanding of the financial reporting process and controls over journal entries and other adjustments (AS 2401.58)
  • Not identifying and selecting journal entries and other adjustments for testing to address the potential for material misstatement due to fraud (AS 2401.58)
  • Not testing the completeness of the population of journal entries (AS 1105.10)
  • Not testing any of the journal entries that met the auditor’s fraud criteria and/or limiting its procedures to certain journal entries meeting its fraud criteria, without having an appropriate rationale for such limitation in its procedures (AS 2401.61 and .62)
  • Not evidencing an appropriate rationale for how certain factors in AS 2401 resulted in the identification of its fraud risk criteria including the consideration of manual versus automated journal entries (AS 2401.61 and .62)

Concluding thoughts

The SEC Statement on Fraud closes with this:

“The value of the audit and the related benefits to investors, including investor protections, are diminished if the audit is conducted without the appropriate levels of due professional care and professional skepticism. Therefore, we remind auditors to fulfill their professional responsibilities by applying an appropriate fraud lens throughout the audit, including understanding the relationship between PCAOB AS 2401 and other auditing standards as it relates to identifying and responding to the risk of fraud in the audit so that the auditor has obtained reasonable assurance that there is not a material misstatement to the financial statements caused either by fraud or error.

Obviously, journal entry testing is a big piece of fulfilling our professional responsibilities! We hope that this post has provided some insight in the audit requirement related to testing journal entries. Good luck! If you have any question, comments, or suggestions for this post, please let me know. If you like to learn more about the auditor’s requirements related to consideration of fraud (and earn CPE), check out this eLearning course.

About GAAP Dynamics
We’re a DIFFERENT type of accounting training firm. We view training as an opportunity to empower professionals to make informed decisions at the right time. Whether it’s U.S. GAAP, IFRS, or audit training, we’ve trained thousands of professionals since 2001, including at some of the world’s largest firms. Our promise: Accurate, relevant, engaging, and fun training. Want to know how GAAP Dynamics can help you? Let’s talk!

Disclaimer
This post is for informational purposes only and should not be relied upon as official accounting guidance. While we’ve ensured accuracy as of the publishing date, standards evolve. Please consult a professional for specific advice.

New call-to-action
 
Check out our Consideration of Fraud course for Auditors today!