When was the last time you stopped and asked yourself:
“Are we testing journal entries the way we should be — or just the way we’ve always done it?”
If that question makes you shift in your chair a little, good. It should.
Let’s be honest — journal entry testing has long been one of the more stale, checkbox-driven parts of the audit. Fraud risks and business practices have evolved. And SAS 99 is here to stay. Yet, so many auditors are still applying testing criteria that have never been challenged or even address the modern-day risks of management override.
Let’s break this down.
Too often, audit teams fall back on familiar, SALY (same as last year) selections:
These tests were fine in 1990 but in 2025 times have changed. If your testing hasn't evolved since dial-up internet was a thing, your audit risk assessment is stale — and potentially missing the mark.
Here’s the brutal truth:
🧨 Fraud and management override doesn’t always look like it did in 1990.
💻 The cloud how and where accounting professionals operate.
📉 Risk is dynamic. Companies change. Industries change. Technology changes. This all requires professional judgement. Your approach should too.
SAS 99 outlines our responsibilities as auditors: consider fraud risks, brainstorm how fraud could occur, and design procedures to identify specific and likely ways management might manipulate financial reporting.
But let’s be clear—nowhere in the standards does it say: “Thou shalt test journal entries posted on the weekend.”
That part? It's all professional judgment.
Let’s rewind to the 1990s. Employees couldn’t take computers home. The internet wasn’t mainstream. The cloud didn’t exist. Most companies had a server tucked away in a locked closet. So, the theory was: if someone wanted to commit fraud, they’d sneak into the office on a Saturday to book journal entries when no one was watching.
Fast forward to 2025.
It’s completely normal—expected, even—for people to log in on weekends and catch up on work. So… are weekend entries really a red flag anymore?
For 98% of companies? No.
And yet, teams keep testing them. Why?
Because of SALY — Same As Last Year.
“The partner signed off on it last year.”
“I don’t want to rock the boat.”
“I’d rather just burn 3 hours testing weekend entries than risk messing something up.”
That’s not professional judgment. That’s fear-based and, frankly, lazy auditing.
It’s 2025. Audit Like It.
SAS 99 requires us to identify real fraud risks according to professional judgement. So, assuming your client isn’t leaving a breadcrumb trail by labeling entries “I am committing fraud”, and they have functioning internet, ask yourself:
How would management actually commit fraud?
Simple. They want to hit a target — usually inflate EBITDA — to:
Let’s walk through how we help auditors cut through the noise:
If you don’t have a complete journal entry population, you’ve already failed the test. Our solution automatically rolls the trial balance using GL data to validate completeness. No guesswork. No assumptions. Just a verifiable population. This is especially important when you do not rely on ITCGs.
We break down batch entries into digestible combinations and summarize them monthly. This makes it easy for auditors to scan for strange pairings—like revenue hitting accounts it shouldn't—or timing oddities that don’t align with normal operations. If something is material and odd, go test it.
What about entries that look normal? That’s where tech steps in.
Audit Sight automatically reconciles recorded revenue to actual bank deposits. If it’s been vouched to cash, it’s been validated. No need to manually test 40 “normal” entries when a system can do it in seconds.
Not every fraud risk is the same. If you’ve got a client with no internet, strict office hours, and they’re underperforming—sure, go ahead and test those weekend entries.
But for the other 98%? Focus on what actually matters.
Remember, SAS 99 requires the use of auditors' professional judgement. Not a prescriptive set of rigid entry testing criteria.
Audit firms that embrace smarter, tech-forward journal entry testing procedures are:
Heading into the next busy season, let’s commit to doing this better.
Don’t just audit by tradition.
Audit with intention.
It’s 2025. Click HERE and Audit Like It.