Top 25 Analytic Test for Every Organization: Test 1 – Suspicious Journal Entries

February 18, 2013
by Dan Zitting
, ,
5 Comments

Earlier this month, AUDITMAN Dan Zitting shared some insight on the Rules and Tools for effective auditing in Top 25 Analytics Tests Your Organization Should Use, today he shares Test #1 – Suspicious Journal Entries.

When auditing, where else would we start than right in the guts of things, the general ledger. If I can’t find something interesting in the GL to talk about with management, I consider myself a failure as an auditor. So here is one suggested way to get quick and dirty with the journal entries and find at least that next topic of discussion:

RISK:  Posted entries may not be authorized or valid.

TEST:  Identify any journal entries containing descriptions that could indicate an invalid or suspicious entry.

TEST STEPS:

  1. Obtain a dump of all the journal entries from within the audit period you want to review.
    • Get it from someone in IT responsible for your ERP or core financial system.
    • Get it in a delimited text file format, quicker to import into your analysis tool.
    • Include all the key fields, but in particular things like description, date, amount, employee ID, account, etc.
    • *Hulk smash* if IT gives you any trouble – getting the data for this test should actually be quite easy to do.
  2. Import the JE data into ACL Desktop using the import wizard
  3. Filter on the description field for “hot button” words that might indicate a fraudulent, brain-dead, or otherwise suspicious entry
    • Examples: “per [X person]“, “to correct”, “error”, “adjust”, etc.
    • Get creative and think about those words that might be specific to your organization
  4. Consider further refining the results by identifying suspicious descriptions based on the accounts being posted to
    • Example: “land” or “building” showing up in the description field for a short-term asset account
  5. For the exceptions identified, review with management.

 

EXPECTED RESULTS:  You should definitely find some fun entries in any reasonably sized organization. Listen carefully in the discussion. You will certainly identify either errors, fraud, or (at least) the next thing you should have a look at!

Next Time:  We’ll continue our discussion on journal entries with some great tests.

Powered By DT Author Box

Posted by Dan Zitting

Dan Zitting

Dan Zitting, ACL’s Vice President, Product Management & Design, is responsible for product management, design, and user experience for ACL’s industry-leading software products. He is dedicated to the advancement of productivity enhancing technology for the audit profession and is a three-time winner of the CPA Practice Advisor Magazine’s 40 under 40 and Readers’ Choice awards. Dan is a Certified Public Accountant, Certified Information System Auditor and Certified Information Technology Professional. He holds a Bachelor of Science from Colorado State University and a Master of Science from University of Notre Dame.

  1. Chelsea Smith March 1, 2013 at 4:34 am Reply
    This is a not my ordinary reading day, but this has brought clear issues to me. You also pointed out many important things about compliance audit. Thanks for sharing this essential information.
  2. Francisco A. Ortiz March 3, 2013 at 5:28 pm Reply
    Looking forward to your next post. Interesting and very simple. Sometimes we know what to do, but we think: "NAH! That's too simple." Those are the jobs that put you through the roof, up, up and away, like you say. Good job and thanks!
  3. Bidyadhar March 12, 2013 at 7:50 am Reply
    Hello Kindly clarify me: 1. Journal entries : We are in SAP environment, so those entries I will take it from "SAP TABLE level" or "FBL3N i.e., General ledger level" ? Thanks Regards
  4. Dan Zitting March 20, 2013 at 7:22 pm Reply
    @Chelsea - I'm interested in what you posted here. How is auditing journal entries related to compliance auditing? General ledger is not something that sticks out to me at all as having compliance implications. @Francisco - Absolutely. I just spoke with a customer yesterday about a similarly simple test. Checking that all journal entries were posted and approved by different individuals. They thought it was too simple a test to find anything - sure enough though, they did! The application was controlling this for individual entries but NOT for batch entries. Simple tests (when using analytics - that is the key) often have findings, and even when they don't, you usually see something interesting that helps you know what to look at next!
  5. Dan Zitting March 20, 2013 at 7:26 pm Reply
    @Bidyadhar - I apologize as I am not a total SAP expert. I have audited it many times, but I don't claim to be the best. That said, I have always done this sort of test by taking the data from the SAP table level. I *believe* (I am NOT sure) that FBL3N command would require you enter an account code. So you if you exported that information, you would only be auditing that one account, correct? I would much prefer to extract all the data at table level and analyze it all at once.

Leave a Reply

*

Categories

Contact Us

Latest Tweets

Subscribe

Sign up to receive email updates from ACL.

SUBSCRIBE

Recent Posts


t: 1-888-669-4225 e: info@acl.com | Terms and Conditions
© 2013 Copyright ACL Services Ltd.

mongoose