A group of people are working on a financial success plan on a table.
A person is typing on a laptop computer with a graph on the screen.
March 24, 2025

Testing of Non-Standard Journal Entries to Identify Questionable Transactions

As audit season is in high gear, it’s important for auditors to step back and plan how they are going to audit a client’s books and records.

 

What are the red flags you’re looking for when it comes time to throw open the books and look through a huge swath of journal entries to pluck out the ones that are questionable, and need to be questioned?

 

First off, it’s important to understand how journal entries are created at the company being audited.

 

For an auditor, that means looking at the internal control environment to understand how a journal entry is created: Who’s authorized to create one and who can create one. You have to understand the process. How does it start and how is the entry eventually recorded onto the financial reporting system?

 

Once you know that, you can determine whether someone can come in and override the system, or if someone can pretend to be someone else and start recording journal entries onto the system.

 

That will help you figure out what to look for to decide what entries to pull out and ask management to get back up information to support and validate those entries.

 

Finding the needle

 

The key here is not to just go through the mechanics, but to really go through the exercise so you can determine if management is playing games in the recording of those transactions. You have to be able to get comfortable with that, and that means you need to be able to document what you’re looking for.

 

Because what the auditor is really doing is looking for a “needle in the haystack”, to identify the transactions that don’t look right, that don’t make sense in the ordinary course of business.

 

For example, if the business is not open on weekends, are transactions being posted on a Saturday or Sunday, or even on holidays? If you see rounded numbers or accounts that are seldom used, those can be red flags as well.

 

Sometimes it can be as simple as asking managers and others like accounting, data entry and IT personnel if they’ve observed any unusual accounting entries.

 

Depending on the size of the company and scope of the work, you might need to use computerized audit software program — some of them with AI built in — that can scan the entries to identify anomalies.


Red flags

 

When an auditor is looking for evidence of management override of controls, they can look for some of these 12 red flags indicators:

●     Top-side entries

●     Entries made to unrelated, unusual or seldom-used accounts

●     Entries made by individuals who typically don't make entries.

●     Entries recorded at the end of the period

●     Post-closing entries with no explanations

●     Entries made before or during the preparation of financial statements with no account numbers

●     Entries that contain rounded numbers or a consistent ending number

●     Entries processed outside the normal course of business

●     Accounts that contain transactions that are complex or unusual in nature

●     Accounts that contain significant estimates and period-end adjustments

●     Accounts that have been prone to errors in the past

●     Accounts that contain intercompany transactions


When testing non-standard journal entries and other adjustments, you should look for documentary evidence indicating that they were properly supported and approved by management.

 

Finally, remember that while most fraudulent entries are made at the end of a reporting period, you shouldn't ignore the rest of the year

 

Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.

It’s Time For Year-End Audits

December 20, 2024
Are you prepared?
A woman's hands holding a microphone

Shake It Off

December 9, 2024
Conquer your fear of public speaking and present like a pro
Man with hand by his ear straining to listen.

Hear, Hear!

December 4, 2024
Boost your business by becoming adept at active listening.
Open calendar book laying on desk next to open laptop with time on screen

There’s Only One Year Left to Implement the PCAOB’s New Quality Control Standards

November 18, 2024
ADDITIONAL GUIDANCE: Since this blog was first published, the PCAOB released two new guidance documents. The Nov. 26 updates can be found here: An additional overview of the requirements of QC 1000 and staff guidance for firms about how to comply with the standard. This document provides additional staff insights on scope and applicability, responding to engagement deficiencies, and documentation for AS 2901, Responding to Engagement Deficiencies After Issuance of the Auditor’s Report. The Public Company Accounting Oversight Board (PCAOB) recently announced a new set of quality control standards designed around a risk-based approach. And there’s only one year to design and implement them. The PCAOB’s new QC 1000 standard is more than two decades in the making, as it replaces the quality control standards it adopted on an interim basis back in 2003 from the American Institute of Certified Public Accountants (AICPA). The new standard is intended to make independent registered public accounting firms significantly improve their quality control (QC) systems. QC 1000 applies to all PCAOB-registered member firms, with more extensive requirements for those that audit more than 100 issuer clients annually. It has been approved by the U.S. Securities and Exchange Commission (SEC) and goes into effect on December 15, 2025. The new requirements and the work required to implement them will be extensive, and the larger public accounting firms require external oversight of the QC system. Therefore, it is strongly recommended that firms do not put it off until the last minute. At its core, the new standard is intended to enable firms to identify their specific risks and design a quality control system including policies and procedures to guard against those risks. The overall goal is to establish what the PCAOB calls “a continuous feedback-loop for improvement.” In this, the new standard differs from the International Auditing and Assurance Standards Board’s (IAASB) International Standard on Quality Management No. 1 (ISQM 1) and the AICPA Statement on Quality Management Standards No. 1 (SQMS 1). An extensive but not comprehensive comparison document of the three standards may be found here, but is presented only as a reference tool. New requirements QC 1000 has requirements that do not appear in other QC standards. They can be more prescriptive or more specifically tailored to the U.S. legal and regulatory environment. There are 10 main areas in which the QC 1000 standards go beyond other, existing standards. These are: Evaluation and Reporting: QC systems must be evaluated annually and reported to the PCAOB. They must be certified by specific individuals with responsibility and accountability for the firm’s QC system. Governance and Leadership: Firms must create and maintain clear lines of responsibility and supervision. Larger firms must have outside oversight and a confidential complaint system. Ethics and Independence: Quality objectives must be tailored to the U.S. regulatory environment. Larger firms must implement an automated system for identifying securities investments that could impair independence. Monitoring and Remediation: QC 1000 divides monitoring into engagement and QC system levels. Engagement and QC deficiencies are defined, including requirements for their determination. Larger firms must (and smaller ones should) monitor in-process engagements. Quality Objectives: The firm’s personnel must comply with its policies and procedures Information and Communication: Quality objectives for communication with external parties are established at the firm and engagement level. Communication of the firm’s QC system’s policies and procedures must be communicated in writing. Resources: The firm’s personnel must adhere to standards of conduct. Policies and procedures must address both enumerated and circumstance-specific competencies. Mandatory training, licensure and technological resource requirements are established Risk Assessment Processes: Quality risks must be identified and assessed annually. Roles and Responsibilities: A single person must be assigned responsibility for each role and responsibility in the QC 1000 standard. Documentation: With respect to the QC system’s operation, documentation that allows an experienced auditor to evaluate the operation of quality responses must be provided. Documentation must be retained for at least seven years. That’s not an exhaustive list, but it does give an indication of how much work will be involved. And it’s happening at the same time as the AICPA extensive new Statements on Quality Management Standards (SQMS) requirements are coming into effect . Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.
More Posts
Share by: