Audit Sight Blog
Home  →  Blog      

Test Journal Entries Like It’s 2025 (Not 1990)

Michael W. Zimmerman Jr, CPA and Jonathan Womack, CPA
June 6, 2025

When was the last time you stopped and asked yourself:

“Are we testing journal entries the way we should be — or just the way we’ve always done it?”

If that question makes you shift in your chair a little, good. It should.

Let’s be honest — journal entry testing has long been one of the staler, checkbox-driven parts of the audit. Fraud risks and business practices have evolved. And SAS 99 is here to stay. Yet, so many auditors are still applying testing criteria that have never been challenged or even address the modern-day risks of management override.

Let’s break this down.

A Legacy of "Just Roll It Forward"

Too often, audit teams fall back on familiar, SALY (same as last year) selections:

These tests were fine in 1990 but in 2025 times have changed. If your testing hasn't evolved since dial-up internet was a thing, your audit risk assessment is stale — and potentially missing the mark.

Here’s the brutal truth:
🧨 Fraud and management override doesn’t always look like it did in 1990.
💻 The cloud is how and where accounting professionals operate.
📉 Risk is dynamic. Companies change. Industries change. Technology changes. This all requires professional judgement. Your approach should too.

How Did We Get Here?

SAS 99 outlines our responsibilities as auditors: consider fraud risks, brainstorm how fraud could occur, and design procedures to identify specific (and likely) ways management might manipulate financial reporting.

But let’s be clear—nowhere in the standards does it say: “Thou shalt test journal entries posted on the weekend.”

That part? It's all professional judgment.

So why is weekend JE testing still a thing?

Let’s rewind to the 1990s. Employees couldn’t take computers home. The internet wasn’t mainstream. The cloud didn’t exist. Most companies had a server tucked away in a locked closet. So, the theory was: if someone wanted to commit fraud, they’d sneak into the office on a Saturday to book journal entries when no one was watching.

Fast forward to 2025.

It’s completely normal—expected, even—for people to log in on weekends and catch up on work. So… are weekend entries really a red flag anymore?

For 98% of companies? No.
And yet, teams keep testing them. Why?
Because of SALY — Same As Last Year.

“The partner signed off on it last year.”
“I don’t want to rock the boat.”
“I’d rather just burn 3 hours testing weekend entries than risk messing something up.”

That’s not professional judgment. That’s fear-based and, frankly, lazy auditing.

It’s 2025. Audit Like It.

SAS 99 requires us to identify real fraud risks according to professional judgement. So, assuming your client isn’t leaving a breadcrumb trail by labeling entries “I am committing fraud”, and they have functioning internet, ask yourself:

How would management actually commit fraud?

Simple. They want to hit a target — usually inflate EBITDA — to:

So how do they do it?

  1. Record unusual entries to key accounts (revenue or expenses)
  2. Record normal-looking entries that still have a manipulative impact

How Audit Sight Helps

Let’s walk through how we help auditors cut through the noise:

✅ Step 1: Ensure Completeness

If you don’t have a complete journal entry population, you’ve already failed the test. Our solution automatically rolls the trial balance using GL data to validate completeness. No guesswork. No assumptions. Just a verifiable population. This is especially important when you do not rely on ITGCs. 

🔍 Step 2: Spot the Unusual

We break down batch entries into digestible combinations and summarize them monthly. This makes it easy for auditors to scan for strange pairings—like revenue hitting accounts it shouldn't—or timing oddities that don’t align with normal operations. If something is material and odd, go test it.

🤖 Step 3: Let the Machine Confirm the Normal

What about entries that look normal? That’s where tech steps in.
Audit Sight automatically reconciles recorded revenue to actual bank deposits. If it’s been vouched to cash, it’s been validated. No need to manually test 40 “normal” entries when a system can do it in seconds.

Final Thought: Be Specific. Be Strategic.

Not every fraud risk is the same. If you’ve got a client with no internet, strict office hours, and they’re underperforming—sure, go ahead and test those weekend entries.

But for the other 98%? Focus on what actually matters.

Remember, SAS 99 requires the use of auditors' professional judgement. Not a prescriptive set of rigid entry testing criteria.

Audit firms that embrace smarter, tech-forward journal entry testing procedures are:

Heading into the next busy season, let’s commit to doing this better.

Don’t just audit by tradition.
Audit with intention.

It’s 2025. Click HERE and Audit Like It.

Want to learn more?
Subscribe for business insights, auditing updates, automations your team can use and more.

Ready to get started?

Join a growing network of auditors, diligence and private equity providers who are simplifying how they do business with Audit Sight.