How journal entry testing works

ISA 240.32(a) requires the auditor to test the appropriateness of journal entries. This is not optional. It applies to every engagement because it sits under the response to management override of controls, which is a non-rebuttable presumed risk.

The procedure has two parts. First, inquiries of individuals involved in financial reporting about inappropriate activity (ISA 240.A43). Second, selecting journal entries for testing based on fraud-specific characteristics (ISA 240.A44): entries at end of reporting period, by unusual individuals, to unusual accounts, round-number amounts, consistent ending digits.

Governed by: ISA 240 paragraph 32(a)

Key Takeaways

  • The auditor must test journal entries on every engagement as part of the response to management override risk.
  • Selection criteria should target characteristics associated with fraud, not just entries above a monetary threshold.
  • The full population of journal entries and other adjustments must be obtained before selection can begin.
  • Inspection findings most often cite a failure to explain why specific selection criteria were chosen.

Worked example: Peeters Holding N.V.

Belgian holding company, FY2024, consolidated revenue €210M, IFRS. Consolidation adjustments prepared manually in Excel.

The team obtains the full population: 38,200 subsidiary entries plus 142 consolidation adjustments. Six selection criteria are defined based on ISA 240.A44, tailored to the entity's risk profile. 83 entries are selected and tested.

Result: Four consolidation entries (€380K) reclassify operating expenses without documented business purpose. The team investigates further and reports findings to governance.

What reviewers get wrong

  • FRC 2022 found teams selected journal entries using only monetary threshold without considering ISA 240.A44 fraud-specific characteristics.
  • Teams test general ledger entries but overlook "other adjustments" — consolidation entries, top-side adjustments, manual period-end entries.

Related terms

Management Override of ControlsRevenue Recognition Fraud RiskFraud Risk Factors

Related reading

How to Test Journal Entries for Fraud Under ISA 240
Blog guide
ISA 240: The Auditor's Responsibilities Relating to Fraud
Blog guide

Frequently asked questions

Is journal entry testing required on every audit?

Yes. It is one of four mandatory responses to management override risk under ISA 240.32, which is a non-rebuttable presumed risk on every engagement.

Can you use only a monetary threshold to select journal entries?

No. ISA 240.A44 requires selection criteria that target fraud characteristics such as timing, unusual accounts, and entries by individuals who don't typically make entries. A threshold-only approach misses how override actually occurs.

This glossary entry is for educational purposes and does not constitute legal or professional advice. Always consult the applicable standard text for authoritative guidance.

Last reviewed: March 2026 · Standards version: IAASB 2024 Handbook