Audit Focus: Journal Entries

This document, which was published in January 2025, represents the views of PCAOB staff and not necessarily those of the Board. It is not a rule, policy, or statement of the Board.

PCAOB staff (“staff”) continues to identify a large number of deficiencies related to the examination of journal entries and other adjustments for evidence of possible material misstatement due to fraud. This edition of Audit Focus highlights key reminders for auditors from the PCAOB standards related to testing of journal entries, provides the staff’s perspective on common deficiencies made by auditors, and shares good practices that PCAOB staff has observed. 

About the Audit Focus Series

Audit Focus is a series of PCAOB staff publications that aims to provide easy-to-digest information to auditors, especially those who audit smaller public companies. Each edition of Audit Focus reiterates the auditing standards and staff guidance, as well as offers reminders and good practices tailored to PCAOB-registered auditors of smaller public companies – all with an eye toward protecting investors and improving audit quality.

Applicable PCAOB Standard

AS 2401, Consideration of Fraud in a Financial Statement (“AS 2401”) states that material misstatements of financial statements due to fraud often involve the manipulation of the financial reporting process by (a) recording inappropriate or unauthorized journal entries throughout the year or at period end, or (b) making adjustments to amounts reported in the financial statements that are not reflected in formal journal entries, such as through consolidating adjustments, report combinations, and reclassifications. Accordingly, the auditor should design procedures to address the risk of management override of controls. These procedures include examining journal entries and other adjustments for evidence of possible material misstatement due to fraud. More specifically, the auditor should:

  • Obtain an understanding of the entity’s financial reporting process and the controls over journal entries and other adjustments. (See paragraphs 2401.59 and .60)
  • Use professional judgment in determining the nature, timing, and extent of the testing of journal entries and other adjustments. (See paragraph 2401.61)
  • Identify and select journal entries and other adjustments for testing. (See paragraph 2401.61)
  • Determine the timing of the journal entries selected for testing. (See paragraph 2401.62)
  • Inquire of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments. 

Common Deficiencies

When it comes to the testing of journal entries, the following are some of the common deficiencies that the PCAOB has observed on inspections of firms who audit smaller public companies:

Magnifying Glass_blue

Not obtaining an understanding of the financial reporting process and controls over journal entries and other adjustments. (AS 2401.58)

Magnifying Glass_blue

Not Identifying and selecting journal entries and other adjustments for testing to address the potential for material misstatement due to fraud. (AS 2401.58)

Magnifying Glass_blue

Not testing the completeness of the population of journal entries. (AS 1105.10)

Magnifying Glass_blue

Not testing any of the journal entries that met the auditor’s fraud criteria and/or limiting its procedures to certain journal entries meeting its fraud criteria , without having an appropriate rationale for such a limitation in its procedures. (AS 2401.61 and .62)

Magnifying Glass_blue

Not evidencing an appropriate rationale for how certain factors in AS 2401 resulted in the identification of its fraud risk criteria including the consideration of manual versus automated journal entries. (AS 2401.61 and .62)

Reminders

Understanding Controls Over Journal Entries

Auditors should understand an entity’s controls over initiating, authorizing, recording, and processing journal entries in the general ledger, subsidiary ledger, or other information technology (IT) systems.

The sources of journal entries and other adjustments may include manual or automated entries from subsidiary ledgers or other IT systems, as well as post-closing or top-side entries not yet reflected in the general ledger. Auditors should obtain an understanding of the design of controls over journal entries and other adjustments, both automated and manual, and determine whether they are suitably designed and have been placed into operation. It also is important for the auditor to consider whether control deficiencies exist where the auditor may need to adjust the nature, timing, and extent of their journal entry testing.

Identifying and Selecting Journal Entries To Test

Auditors should examine journal entries and other adjustments for evidence of possible material misstatement due to fraud.

The auditor should use professional judgment in determining the nature, timing, and extent of the testing of journal entries and other adjustments. For purposes of identifying and selecting specific journal entries and other adjustments for testing, and determining the appropriate method of examining the underlying support for the items selected, AS 2401.61 requires the auditor to consider:

  • The engagement team's assessment of the fraud risk. The presence of fraud risk factors or other conditions may help the auditor to identify specific classes of journal entries for testing and indicate the extent of testing necessary.
  • The effectiveness of controls that have been implemented over journal entries and other adjustments. Effective controls over the preparation and posting of journal entries and adjustments may affect the extent of substantive testing necessary, provided that the auditor has tested the controls.
  • The entity's financial reporting process and the nature of the evidence that can be examined. The auditor's procedures for testing journal entries and other adjustments will vary based on the nature of the financial reporting process.
  • The characteristics of fraudulent entries or adjustments. Inappropriate journal entries and other adjustments often have certain unique identifying characteristics. Such characteristics may include entries (a) made to unrelated, unusual, or seldom-used accounts, (b) made by individuals who typically do not make journal entries, (c) recorded at the end of the period or as post-closing entries that have little or no explanation or description, (d) made either before or during the preparation of the financial statements and that do not have account numbers, or (e) containing round numbers or a consistent ending number.
  • The nature and complexity of the accounts. Inappropriate journal entries or adjustments may be applied to accounts that (a) contain transactions that are complex or unusual in nature, (b) contain significant estimates and period-end adjustments, (c) have been prone to errors in the past, (d) have not been reconciled on a timely basis or contain unreconciled differences, (e) contain intercompany transactions, or (f) are otherwise associated with an identified fraud risk.
  • Journal entries or other adjustments processed outside the normal course of business. Nonstandard entries might not be subject to the same level of internal control. Other adjustments such as consolidating adjustments, report combinations, and reclassifications generally are not reflected in formal journal entries and might not be subject to the entity's internal controls.

It is also important that auditors carefully consider fraud risks associated with journal entries processed through automated systems, as the risk of management override of controls is not limited to journal entries processed manually.

Completeness of the Population

Auditors should test the list of journal entries for accuracy and completeness.

Auditing journal entries generally involves selecting journal entries for testing from the population of journal entries produced by the company. In accordance with AS 1105, Audit Evidence, the auditor should evaluate whether the information is sufficient and appropriate for purposes of the audit by performing procedures to:

  • Test the accuracy and completeness of the information or test the controls over the accuracy and completeness of that information.
  • Evaluate whether the information is sufficiently precise and detailed for the purposes of the audit.

This includes testing accuracy and completeness of the journal entry population produced by the company from which journal entries and other adjustments were identified and selected for testing, including, if applicable, those imported into software audit or data extraction tools, or other systems-based techniques.

Testing of Journal Entries

Auditors should use professional judgment in determining the nature, timing, and extent of the testing of journal entries.

The procedures for testing journal entries and other adjustments include:

  • Substantive testing of specific items. Even though controls might be implemented and operating effectively, the auditor's substantive procedures for testing journal entries and other adjustments should include the identification and substantive testing of specific items.
  • Examining supporting evidence for the selected journal entries (and not just relying on inquiry alone) and determining whether such evidence corroborates or contradicts the risk assessed around journal entry processing.
  • Providing an appropriate rationale or basis for excluding journal entries from the auditor’s testing that met the fraud risk criteria.

Good Practices

We have observed the following good practices that audit firms who audit smaller public companies have implemented in the area of journal entry testing:

Magnifying Glass_blue

Use of an IT specialist or person(s) with specialized skill or knowledge in IT. Audit firms use such specialists to aid in understanding an entity’s financial reporting process, including the use of IT systems, understanding controls over manual or automated journal entries and other adjustments, determining which entries are manual or automated, and when testing completeness of the journal entry population.

Magnifying Glass_blue

Guidance With Examples. Audit firms provide examples to engagement teams of characteristics of potentially fraudulent journal entries to consider for selecting journal entries for testing that can be tailored to a specific audit.

Magnifying Glass_blue

Structured Templates. Audit firms use templates that (a) include specific procedures to test the journal entry population, including the completeness of the population, and (b) are required to be reviewed by the engagement partner and engagement quality reviewer.

Magnifying Glass_blue

Journal Entry Practice Aids. To assist the engagement team in determining and documenting the basis for selecting journal entries to test, audit firms utilize journal entry practice aids which include guidance on the:

  • Requirements of AS 2401.
  • Criteria that could be used to select journal entries for testing.
  • Testing of entries that meet the selected criteria.
  • Documentation of journal entry testing.

Magnifying Glass_blue

Software Audit Tools. To aid in testing the completeness of the journal entry population and identifying journal entries for testing, audit firms employ software audit tools. Those audit firms also require consultations if an engagement team does not use the software audit tool, or if the journal entries identified by the software audit tool are not all selected for testing.

Magnifying Glass_blue

Training. Audit firms provide training for all partners and firm personnel on AS 2401, including journal entry testing.

Magnifying Glass_blue

Review Programs. Audit firms utilize pre-issuance review programs focused on journal entry testing.

Stay Connected

We invite you to join our Communications to Auditors mailing list and to visit the PCAOB’s Staff Publications page for more resources on the PCAOB's activities and observations.