Perspectives from the Profession: Test Journal Entries Like It’s 2025 (Not 1990)

By Michael W. Zimmerman Jr and Jonathan Womack

When was the last time you stopped and asked yourself: “Are we testing journal entries the way we should be – or just the way we’ve always done it?”  

If that question makes you shift in your chair a little, good. It should.    

Let’s be honest – journal entry testing has long been one of the staler, checkbox-driven parts of the audit. Fraud risks and business practices have evolved. And SAS 99 is here to stay.  

Yet, so many auditors are still applying testing criteria that have never been challenged or even address the modern-day risks of management override.  

Let’s break this down.  

A Legacy of “Just Roll It Forward”  

Too often, audit teams fall back on familiar SALY (same as last year) selections:  

• “Let’s pull all JEs posted on weekends”  
• “Look for anything with the word ‘fraud’, or ‘error’ in the description.”  

These tests were fine in 1990 but in 2025 times have changed. If your testing hasn’t evolved since dial-up internet was a thing, your audit risk assessment is stale – and potentially missing the mark.   

Here’s the brutal truth:  

• Fraud and management override doesn’t always look like it did in 1990.  
• The cloud is how and where accounting professionals operate.  
• Risk is dynamic. Companies change. Industries change. Technology changes. This all requires professional judgement. Your approach should too. 

How Did We Get Here?  

SAS 99 outlines our responsibilities as auditors: consider fraud risks, brainstorm how fraud could occur, and design procedures to identify specific (and likely) ways management might manipulate financial reporting.  

But let’s be clear – nowhere in the standards does it say: “Thou shalt test journal entries posted on the weekend.”  

That part? It’s all professional judgment.  

So why is weekend JE testing still a thing?  

Let’s rewind to the 1990s.  Employees couldn’t take computers home. The internet wasn’t mainstream. The cloud didn’t exist. Most companies had a server tucked away in a locked closet. So, the theory was: if someone wanted to commit fraud, they’d sneak into the office on a Saturday to book journal entries when no one was watching.  

Fast forward to 2025.  

• Cloud and internet access are not confined to specific locations. 
• Remote work is the norm.  
• Work-life balance is a thing (or so I’m told).  

It’s completely normal – expected, even – for people to log in on weekends and catch up on work. So…are weekend entries really a red flag anymore?  

For 98% of companies? No.
And yet, teams keep testing them. Why?
Because of SALY – Same As Last Year.

“The partner signed off on it last year.” 
“I don’t want to rock the boat.” 
“I’d rather just burn 3 hours testing weekend entries than risk messing something up.”  

That’s not professional judgement. That’s fear-based and, frankly, lazy auditing.  

It’s 2025. Audit Like It.  

SAS 99 requires us to identify real fraud risks according to professional judgement. So, assuming your client isn’t leaving a breadcrumb trail by labeling entries “I am committing fraud”, and they have functioning internet, ask yourself:  

How would management actually commit fraud?  

Simple. They want to hit a target – usually inflate EBITDA – to:  

• Maximize their bonus. 
• Increase the company’s valuation.  
• Hit covenant metrics.  

So how do they do it?  

1. Record unusual entries to key accounts (revenue or expenses)  
2. Record normal-looking entries that still have a manipulative impact  

Let’s walk through how auditors should cut through the noise: 

Step 1: Ensure Completeness 

If you don’t have a complete journal entry population, you’ve already failed the test. Ensure you roll the trial balance using GL data to validate completeness. No guesswork. No assumptions. Just a verifiable population. This is especially important when you do not rely on IT General Controls. 

Step 2: Spot the Unusual 

Break down batch entries into digestible combinations and summarize them monthly. This makes it easy for auditors to scan for strange pairings—like revenue hitting accounts it shouldn’t—or timing oddities that don’t align with normal operations. If something is material and odd, go test it. 

Step 3: Let the Machine Confirm the Normal 

What about entries that look normal? That’s where tech should step in. You should automate reconciling recorded revenue to actual bank deposits. If it’s been vouched to cash, it’s been validated. No need to manually test 40 “normal” entries when a system can do it in seconds. 

Final Thought:  

Not every fraud risk is the same. If you have a client with no internet, strict office hours, and they’re underperforming – sure, go ahead and test those weekend entries.  

But for the other 98%? Focus on what actually matters.  

• Design tests around likely fraud scenarios – and execute them consistently.  
• Don’t waste time manually testing transactions a computer can handle.  
• Completeness testing is non-negotiable.  
• Use your judgment where it’s needed most: on the unusual stuff.  

Remember, SAS 99 requires the use of auditors’ professional judgement. Not a prescriptive set of rigid entry testing criteria.  

Audit firms that embrace smarter, tech-forward journal entry testing procedures are:  

• Reducing risk more effectively.  
• Creating re-performable audit evidence, faster. If it’s not documented, it’s not done!  
• Consistently applying this smart approach across all engagements.  
• Becoming more profitable. And retaining their staff.  

Heading into the next busy season – commit to doing this better.  

Don’t just audit by tradition. 
Audit with intention.  

Audit Sight helps auditors cut through the noise, ensure completeness, easily address unusual & risky entries, and ultimately improve firms’ audit quality and engagement margins.