Proactive journal entry testing: Detecting entries made in the middle of the night

The ACFE's "2006 Report to the Nation" pins the median financial statement misstatement at $2 million, which occurred in 10.6 percent of the study's reported cases. When looking at some of the recent large-scale frauds, such as WorldCom, management override around the journal entry process was the key contributing factor.¹ This is to be expected because the easiest route to changing the books and records is for executive management to post a top-side journal entry. Though it's always possible to make the adjustments in the sub-ledgers (for example, fixed assets, sales journals, etc.), this requires more collusion with other organizational departments. So the top-side entry is still the best way to commit the financial statement fraud.

Companies have spent much time documenting, testing, and otherwise fine-tuning their journal entry processes for Sarbanes-Oxley. Standard-setters like the AICPA have even issued guidance to companies on ways to prevent management override. (See www.aicpa.org/audcommctr/spotlight/achilles_heel.htm.) However, none of this documentation, testing, or standards can prevent the one-off entry in the middle of the night. Executive management can beat the system with a few keystrokes.

Therefore, journal entry testing requirements have been specifically promulgated for external auditors with the AICPA's Statement of Auditing Standard (SAS) 99 - Consideration of Fraud in a Financial Statement Audit. The standard states that "the auditor should design procedures to test the appropriateness of journal entries recorded in the general ledger and other adjustments (for example, entries posted directly to financial statement drafts) made in the preparation of the financial statements." More specifically, SAS 99 requires the auditor, in all audits, to (a) obtain an understanding of the entity's financial reporting process and controls over journal entries and other adjustments, (b) identify and select journal entries and other adjustments for testing, (c) determine the timing of the testing, and (d) inquire of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries or other adjustments.

This SAS was followed by the AICPA's Practice Alert 2003-02 (http://media.cpa2biz.com/Publication/pralert _03_02.pdf) with the purpose of providing auditors additional guidance regarding the design and performance of journal entry audit procedures to fulfill the responsibilities outlined in SAS 99. Rightly or wrongly, the auditor is still perceived as a valid line of defense against fraud, material and immaterial, and therefore, needs to detect as much fraud as possible.

DATA ANALYSIS IS A KEY TO MEETING THE REQUIREMENTS
Auditors and fraud examiners shouldn't rely on just manually reviewing the general ledger because it's just too large and they will miss some irregularities. Even though an auditor's or fraud examiner's judgment is still valuable, relying only on manual means is obsolete. As highlighted in the AICPA's Practice Alert 2003-02, "Journal entries and other adjustments oftentimes exist only in electronic form, which requires extraction of the desired data for any quality analysis. In an IT environment, it might be necessary for the auditor to employ computer-assisted audit techniques (for example, report writers, software or data extraction tools, or other systems based techniques) to identify the journal entries and other adjustments to be tested." The Practice Alert further describes various journal-entry tests that would be difficult or impossible to complete for most client engagements without a computer. The practical reality is that financial statement fraud lives in the 1 percent of digital transactions and, hence, needs improved tools for detection. Data analysis can provide that superb defense against management override by performing a more extensive search for unusual ledger activity.

TESTS TO PERFORM
Per SAS 99, fraudulent adjustments often have certain unique identifying characteristics, which might include entries (a) made to unrelated, unusual, or seldom-used accounts, (b) made by individuals who typically don't make journal entries, (c) recorded at the end of the period or as post-closing entries that have little or no explanation or description, (d) made either before or during the preparation of the financial statements that don't have account numbers, (e) containing round numbers or a consistent ending number, or (f) applied to accounts that contain transactions that are complex or unusual in nature, contain significant estimates and period-end adjustments, have been prone to errors in the past, haven't been reconciled on a timely basis or contain unreconciled differences, contain inter-company transactions, or are otherwise associated with an identified risk of material misstatement due to fraud.
While the above is helpful guidance, let's list some precise computerized journal entry tests and organize them into the five Ws:

Who 

• Summarize journal entries by the persons entering to determine if they're authorized.

What 

• Summarize journal entries by account and repetitive extracts (more than 50 instances) and unique account sequences used in the journal entry (based on the first five debit and credit postings).
• Extract nonstandard or manual journal entries (versus a created system such as an accounts payable ledger posting) for further analysis.
• Stratify size of journal entries based on amount (using the debit side of the transaction).
• Summarize general ledger activity on the amount field (absolute value of debit or credit) to identify the top occurring amounts. Then summarize activity by account and the amount identified for the top 25 appearing amounts.
• Scatter-graph general ledger account (debit and credit amounts separately) and numbers of transactions.

When 

• Extract journal entries posted on weekends and holidays.
• Extract journal entries relating to the prior year that were made just immediately following a fiscal-year end.
• Summarize journal entry credits and debits processing by day, month, and year.

Where 

• Extract journal entries made to suspense accounts and summarize by the person entering and corresponding account numbers.
• Extract journal entries to general ledger accounts known to be problematic or complex based on past issues (errors of accounting in journal subsequently corrected by accounting staff or auditors) at the company or the industry in general.
• Extract debits in revenue and summarize by general ledger account.

Why (unusual activity) 

• Extract general ledger transaction amounts (debit or credit) that exceed the average amounts for that general ledger account by a specified percentage. (Five times the average is the default.)
• Extract journal entries that equate to round multiples of 10,000, 100,000, and 1,000,000.
• Extract journal entries with key texts such as "plug" and "net to zero" anywhere in the record.
• Extract journal entries that are made below set accounting department approval limits especially multiple entries of amounts below such limits.
• Extract journal entries that don't net to zero (debits less credits).

The above test, "Extract journal entries to general ledger accounts known to be problematic or complex based on past issues ..." could be made specific to an organization by reviewing past audits or inquiring of management to determine past issues. (Generally, companies tend to have misstatement issues in revenue recognition and capitalization of expenses.)

Another approach is for a company's auditors and fraud examiners to track any issues identified in internal control reviews or past audits in a small database of their own. (It could be as simple as a Microsoft Excel list.) For an industry perspective, check AuditAnalytics.com; the site has a database of all Securities and Exchange Commission filings that you can use to identify trends in company misstatements based on a given industry or size of a company.

WAYS TO DO SOME OF THESE TESTS
You can perform some simple procedures in Microsoft Excel and easily apply them to any data analysis product you're using in your organization.

For unusual times of day, obtain the time-stamp field for analysis or obtain a date field and then use the WEEKDAY() function. For instance, WEEKDAY(A1) will convert a date field cell A1 into the day of the week (1 is a Monday and 7 is Sunday). Then by selecting the top of the column containing the WEEKDAY() functions, the Auto Filter feature (under the Data menu item in Excel) can be used to filter all WEEKDAY(Date_Field) values that are equal to 6 or 7.

For identifying round numbers, use the MOD() function, which divides the number by a provided divisor and then lists the resulting value that isn't divisible by the divisor. For example, say that $10,422 is in cell A1 and the function MOD(A1,1000) is placed in cell B1. The result in B1 would be $422 because this would be the remainder after dividing $10,422 by $1,000. Or if cell A2 had $100,000 in it then MOD(A1,1000) would result in a zero value, which would indicate a round number. Once you use this MOD() function for every amount posted in the journal entry, you can filter all zero items using the AutoFilter feature. Note that the function would be written as MOD(A2, 10000) for round multiples of $10,000.

BENEFITS OF AUTOMATED JOURNAL ENTRY TESTING
If you're serious about stopping financial statement fraud, consider using effective journal entry controls and automated tests. Here are the benefits:

• It mitigates one of the top risks affecting financial statement audits: the fraudulent top-side journal entry.
• There's a better chance of detecting any issue caused by fraud in journal entry processing based on analyzing 100 percent of the underlying data.
• This approach automates manual procedures, which frees up auditors and fraud examiners to perform more rewarding tasks such as gaining a better understanding of the organization's business and allows for improved future tests.
• It supports audit findings and recommendations with quantitative data rather than sample selections.

In the January/February column, I'll explain additional journal entry tests based on the tests I describe here.

1. Pulliam, Susan and Deborah Solomon. "How These Unlikely Sleuths Exposed Fraud at WorldCom." The Wall Street Journal. Oct. 30, 2002.

[Some source links referenced in this article are no longer available. — Ed.]

Richard B. Lanza, CFE, CPA-CITP, PMP, president of Audit Software Professionals., in Lake Hopatcong, N.J., provides audit technology and project management assistance to companies. He focuses much of his time in developing computerized audit and fraud tests. Lanza is the founder of the non-profit Web site, www.auditsoftware.net.