How journal entry testing works

On roughly half the engagements we've seen reviewed by inspection bodies, the journal entry testing section draws a finding. The usual problem is not that teams skip the procedure. It is that they treat it as ticking and bashing (pick entries over a threshold, vouch to a document, move on) instead of designing selection criteria that actually target fraud characteristics.

ISA 240.32 (a) requires the auditor to test the appropriateness of journal entries. This is not optional. It applies to every engagement because it sits under the response to management override of controls, which is a non-rebuttable presumed risk.

The procedure has two parts. First, inquiries of individuals involved in financial reporting about inappropriate activity ( ISA 240 .A43). Second, selecting journal entries for testing based on fraud-specific characteristics ( ISA 240 .A44): entries at end of reporting period, by unusual individuals, to unusual accounts, round-number amounts, consistent ending digits. The governing requirement is ISA 240 paragraph 32(a).

Key takeaways

  • The auditor must test journal entries on every engagement as part of the response to management override risk.
  • Selection criteria should target characteristics associated with fraud, not just entries above a monetary threshold.
  • The full population of journal entries and other adjustments must be obtained before selection can begin.
  • Inspection findings most often cite a failure to explain why specific selection criteria were chosen.

Worked example: Peeters Holding N.V.

Belgian holding company, FY2024, consolidated revenue €210M, IFRS. Consolidation adjustments prepared manually in Excel.

The team obtains the full population: 38,200 subsidiary entries plus 142 consolidation adjustments. Six selection criteria are defined based on ISA 240 .A44, tailored to the entity's risk profile. 83 entries are selected and tested.

Four consolidation entries (totalling €380K) reclassify operating expenses without documented business purpose. The team investigates further and reports findings to governance. This is the kind of result that separates a real fraud-response procedure from SALY with better narratives.

What reviewers get wrong

  • FRC 2022 found teams selected journal entries using only monetary thresholds, without considering ISA 240 .A44 fraud-specific characteristics. At firms like ours, this is frustratingly common even among experienced teams who know the standard.
  • Teams test general ledger entries but overlook "other adjustments" (consolidation entries, top-side adjustments, manual period-end entries, and post-close reclassifications). These are often the entries where override actually happens.

Related terms

Management Override of ControlsRevenue Recognition Fraud RiskFraud Risk Factors

Related reading

How to Test Journal Entries for Fraud Under ISA 240
Blog guide
ISA 240: The Auditor's Responsibilities Relating to Fraud
Blog guide

Frequently asked questions

Is journal entry testing required on every audit?

Yes. It is one of four mandatory responses to management override risk under ISA 240.32, which is a non-rebuttable presumed risk on every engagement.

Can you use only a monetary threshold to select journal entries?

No. ISA 240.A44 requires selection criteria that target fraud characteristics such as unusual timing, unusual accounts, entries by individuals who don't typically make entries, and round-number amounts. A threshold-only approach misses how override actually occurs.

Get practical audit insights, weekly.

No exam theory. Just what makes audits run faster.

290+ guides published20 free toolsBuilt by practicing auditors

No spam. We’re auditors, not marketers.

This glossary entry is for educational purposes and does not constitute legal or professional advice. Always consult the applicable standard text for authoritative guidance.

Last reviewed: · Standards version: IAASB 2024 Handbook