This article explains how Audit Sight’s journal entry (JE) testing approach aligns with AU-C 240, Consideration of Fraud in a Financial Statement Audit, with a specific focus on responding to the presumed risk of management override of controls.
AU-C 240 does not prescribe a single checklist or method for journal entry testing. Instead, it requires auditors to apply professional judgment to design procedures that appropriately respond to fraud risks based on the facts and circumstances of the engagement. Audit Sight is designed to support that judgment-based approach while remaining fully compliant with the standard.
Understanding the Financial Reporting Process
AU-C 240 Requirement
Auditors are required to obtain an understanding of how journal entries and other adjustments are initiated, recorded, and posted, including who can initiate entries and under what circumstances.
How This Is Addressed
Walkthroughs are performed during audit planning to understand the client’s journal entry process and controls.
Auditors make inquiries of individuals involved in financial reporting regarding:
Unusual or non-routine journal entries
Potential opportunities for inappropriate adjustments
This understanding informs how “normal” versus “unusual” activity is defined for the engagement.
Audit Sight does not replace these procedures; instead, it supports auditors once this foundational understanding has been established.
Responding to the Presumed Risk of Management Override
AU-C 240 Requirement
The standard presumes a risk of management override in every audit and requires auditors to design procedures responsive to that risk.
How This Is Addressed
Revenue is treated as a significant risk, consistent with auditing standards.
Balance sheet testing focuses on complex accounts, estimates, and areas susceptible to management bias.
Proof of Cash is used to verify routine, expected cash activity by:
Reconciling recorded cash activity to bank transactions
Identifying unrecorded or improperly recorded items
Once routine, expected activity is validated, the remaining journal entry population primarily consists of unusual entries, most often impacting the profit and loss statement.
As a result, journal entry testing is intentionally focused on entries outside the normal course of business, which is consistent with AU-C 240’s emphasis on risk-based procedures rather than blanket testing.
Expense-related journal entry testing is driven by professional judgment, taking into account the auditor’s understanding of the client, identified risks, and results of other audit procedures.
Testing Journal Entries Throughout the Period
AU-C 240 Requirement
Auditors are required to consider whether journal entries and adjustments should be tested throughout the period, not solely at period-end.
How This Is Addressed
Proof of Cash verifies routine transactions throughout the entire year, not just at period-end.
This approach reduces reliance on traditional attribute testing over large, low-risk populations.
Auditors perform completeness procedures to gain comfort over the full journal entry population.
Journal entries that are unusual, particularly those affecting the P&L, are selected for detailed testing.
If no unusual journal entries are identified after completing these procedures, no additional journal entry testing is required, as the auditor has already obtained sufficient appropriate audit evidence responsive to the risk of management override.
Period-End and Financial Statement Adjustments
AU-C 240 Requirement
Auditors are required to select and test journal entries and other adjustments made at the end of the reporting period.
How This Is Addressed
By the financial statement preparation stage, auditors have already obtained comfort over:
The journal entry population
Routine transaction processing
Period-end and post-close adjustments are defined as JEs made outside of the audited system and are:
Evaluated as they arise
Reviewed as part of the financial statement tie-out and completion process
These entries are assessed for appropriateness, support, and consistency with audit conclusions.
Important Clarification: What AU-C 240 Does Not Require
AU-C 240 does not mandate that auditors:
Test journal entries posted on weekends or outside normal business hours
Test all entries above a specific dollar threshold
Use predefined filters or mandatory analytics
Apply a one-size-fits-all journal entry testing methodology
Instead, AU-C 240 requires auditors to apply professional judgment and design procedures that appropriately address the risk of management override, based on the specific engagement.
Audit Sight is built to support this standards-based, judgment-driven approach—helping auditors efficiently identify and focus on the journal entries that matter most from a fraud risk perspective.
