Guidance On Journal Entries - KAM 3.2.20 (Ver01.20) [PDF]

Zitiervorschau

Guidance on Journal Entry Testing Prepared in accordance with KPMG Audit Manual - International (2019) In addition to Guidance on journal entry testing issued on 23 February 2018, this document provides additional clarifications and enhancements over our approach on journal entry testing workflow. Overall recommended approach over journal entry testing

Please refer to Appendix 1 for JE template work papers.

1 (Version 01/20)

Guidance on Journal Entry Testing Prepared in accordance with KPMG Audit Manual - International (2019) Below are critical guidance over each stage of the journal entry testing workflow. Understand the process and controls [KAM 33.1010]

Screening to identify high-risk criteria [KAM 33.1030] [KAM 33.2210]



Planning & Interim Evaluate the design and implementation of controls surrounding journal entries and other adjustments. This requires an understanding of the process for initiating, authorising, recording and processing journal entries and other adjustments and the "what could go wrongs" in the process that are mitigated by the controls. Our understanding of the process may be relevant to identifying high-risk criteria and gaining an understanding of the nature of journal entries.



Final Roll-forward the test the operating effectiveness of controls over journal entries (if necessary)



Test the operating effectiveness of controls over journal entries if necessary.



Identify preliminary expectations of the high-risk criteria from our risk assessment procedures, including make inquiries of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments.



Re-perform risk assessment procedures to identify any changes in relation to the circumstances of the client which may be trigger events leading fraud transactions created by the management.



Identify high-risk criteria by performing common screening routines over journal entries and other adjustments. Partner, Manager and senior staff (with most knowledge of client and risks) should be involved in screening and setting precise highrisk criteria to select the journal entries that the engagement team considers are necessary for testing. This is normally an iterative process (i.e. requiring several rounds of journal entry sorting and enquires).



Re-screening the population of journal entries and other adjustments if any additional highrisk criteria are identified.



Document additional high-risk criteria and rationale for selection.



Document specific high-risk criteria and rationale for selection.

Screening the population of journal entries and other adjustments enables us to identify high risk criteria and refine other criteria identified during risk assessment including when characteristics in 2 (Version 01/20)

Guidance on Journal Entry Testing Prepared in accordance with KPMG Audit Manual - International (2019) Planning & Interim combination may be high-risk criteria. We apply our professional judgment based on the results of our risk assessment procedures to determine if characteristics, or combinations of characteristics identified using screening constitute high-risk criteria.

Final

For example, in screening the population of journal entries the engagement team identifies that there are: •10,000 journal entries ending 00,000 •15,000 journal entries posted during a weekend, and •600 journal entries posted to "suspense account". Due to the team's understanding of the entity, and the fact that journal entries with these characteristics are expected to be common for the particular entity, none of these characteristics are considered to be high-risk criteria individually. However, we identify that there are 10 journal entries posted to the "suspense account" ending in 00,000 and posted during the last weekend of the year. This is considered unusual and, therefore, the combination of the characteristics is a high-risk criterion. Please refer to Appendix 2 for examples of possible criteria for selecting "high-risk" journal entries for further testing under KAM and the recommended pre-screening routines. Engagement team should make inquiries of relevant individuals to identify the methods to collect required fields and verify the practicability of the data collection method at interim. Involvement of D&A/IRM team might be necessary over the inquiries to extract required data fields. Define relevant population [KAM 33.0520]



Initially define relevant population based on the high-risk criteria identified:  Post-closing entries;  Journal entries and other adjustments at the end of the



Re-define relevant population if additional high-risk criteria were identified. 3

(Version 01/20)

Guidance on Journal Entry Testing Prepared in accordance with KPMG Audit Manual - International (2019)



Planning & Interim reporting period; and Journal entries made throughout the period (if relevant).

Final

KAM [33.1095] states that because material misstatements in financial statements due to fraud can occur throughout the period and may involve extensive efforts to conceal how the fraud is accomplished, in designing and performing audit procedures for testing the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements, we shall consider the need to test journal entries throughout the period. In general, entries which have a temporary effect on profit or revenue, e.g. revenue cut-off error, provisions for inventories, receivables are unlikely to have an impact on the financial statements for the year as their impact will be reversed before the year end. Therefore, our population of journal entries for testing at dates throughout the period if any, is usually more focused on journal entries which could have a permanent effect on the gross transaction streams. e.g. roundtripping revenue transactions or deliberate principal vs agent misstatements.

Perform completeness test [KAM 33.1055]



Obtain relevant journal entries and perform completeness testing.



Obtain relevant journal entries and perform completeness testing.

Method selected for testing completeness of these journal entries could be:  Rolling forward account balances  System query executed by audit team  System query executed by client observed by audit team If we tested the completeness of the population based on a system query, audit teams should obtain evidence that the controls over the recording of journal entries and the generation of the system query is effective. There should be effective application controls supported by effective General IT 4 (Version 01/20)

Guidance on Journal Entry Testing Prepared in accordance with KPMG Audit Manual - International (2019) Planning & Interim Controls (GITCs). Screen prints of the query must be included in the audit documentation. Generally, system query testing should be performed by ITA specialists who have more technical knowledge about IT systems and the query executed. Test reliability of relevant data elements [KAM 33.2405]



Test the reliability of relevant data elements (*) of the population of journal entries by selecting a sample of journal entries. (E.g. 25 items for populations over 250 items). Engagement team might need to proportionate the sample size between interim and final if relevant.

Final



Complete the test the reliability of relevant data elements.



Test high-risk journal entries (if any) through combination of enquires and substantive test of details procedures.

The population for this test may overlap with other tests in other parts of the file. As a result, it is much more efficient and effective if audit teams could define the high-risk criteria and the relevant data elements at early stage of the audit so that they could combine the test with other tests of controls/details in other parts of the file. (*)

Test and document high risk journal entries [KAM 33.2560]



KAM 9.1452.1 Information may be provided in a number of forms such as a report, a document or as a set of data. While we may refer to such reports, documents or data sets as IPE, the audit evidence we use will likely be individual data elements within that information. Data elements include financial and non-financial data that are used to prepare (e.g. sort, select or calculate) information for a specific purpose. For example, example relevant data elements related to journal entry testing might be description, account codes, supporting document reference, amount, entry date, posting date, user id, user name, user function and application/system module.

Test high-risk journal entries (if any) through combination of enquires and substantive test of details procedures.

5 (Version 01/20)

Guidance on Journal Entry Testing Prepared in accordance with KPMG Audit Manual - International (2019)

6 (Version 01/20)

Guidance on Journal Entry Testing Prepared in accordance with KPMG Audit Manual International (2019) Appendix 1: JE template work papers Please refer to attached file for JE template work papers.

7 (Version 01/20)

s

Guidance on journal entry testing Prepared in accordance with KPMG Audit Manual International (2019) Appendix 2: Examples of possible criteria for selecting "high-risk" journal entries for further testing under KAM and recommended pre-screening routines. Appendix 3 to KAM Topic 33 sets out the below examples of characteristics of journal entries and other adjustments that may be high-risk criteria individually or in combination. Note that the list is not intended to be all inclusive and most of the following criteria will not be the entity specific criteria related to every individual client. Engagement teams need to consider their fraud risk assessment and select the criteria which represent a higher risk of management override of controls which are specific to the entity being audited and tailor the selection to the usually small number of journal entries that require detailed testing. Type with fraud risks and fraud risk factors

made to unrelated accounts

made to unusual accounts

made to seldom-used accounts made by individuals who typically do not make journal entries or are not authorized to post journal entries recorded at the end of the period or as post-closing entries that have little or no explanation or description. containing round numbers, consistent ending numbers or are just below an authorization or review limit

Examples •posted to accounts linked to a fraud risk (**) •debit a liability account and credit a revenue account •debit a liability account and credit an expense account •debit an inventory account and credit a cost of sales account •debit a reserve account and credit a different reserve account •debit an inventory reserve account and credit a different inventory account •debit an asset account and credit an expense account •debit a retained earnings account and credit a revenue account •debit an inventory reserve account and credit a non-cost of goods sold account or different inventory account •debit a suspense account and credit a different suspense account •debit a suspense account and credit a non-liability account •debit a suspense account and credit a non-asset account •with an account number not in the current chart of accounts •reversing entries between periods •manual journal entries to revenue close to a period end •transfers between provision accounts •posted to provision accounts that only contain debits or credits •revisions to expenses at period ends. •posted to an account that has less than X journal entries posted to it in the period •posted by users who are not authorized to post journal entries  •posted by users that have posted less than X number of journal entries in the period. / •with round sum amounts containing more than X 0s  •ending in 999 or 950 8

(Version 01/20)

s

Guidance on journal entry testing Prepared in accordance with KPMG Audit Manual International (2019) Appendix 2: Examples of possible criteria for selecting "high-risk" journal entries for further testing under KAM and recommended pre-screening routines. Type

made to accounts with specific nature and complexity

processed outside the normal course of business  

other criteria

(**)

Examples •journal entries posted to accounts that contain transactions that are complex or unusual in nature  •journal entries posted to accounts that contain significant estimates and period-end adjustments  •journal entries posted to accounts that have been prone to misstatements in the past •journal entries posted to accounts that have not been reconciled on a timely basis or contain unreconciled differences •journal entries posted to accounts that contain inter-company transactions •journal entries posted to accounts that are otherwise associated with an identified fraud risk •manual journal entries in the period from [9:00pm] to [7:00am] •manual journal entries posted during weekends  •manual journal entries posted on other non-work observances  •manual journal entries posted from GL module to accounts that are mainly interfaced with other modules or to accounts that mainly consist of automated entries. •journal entries that have negative values (a negative debit or a negative credit) •unbalanced journal entries  •journal entries that have non-standard formats for data such as posting date  •journal entries that have unusual supporting document reference number •duplicate entries  •journal entries with invalid effective dates  •journal entries with lines having zero monetary value  •journal entries containing the word "restatement" •journal entries containing the word "reversal" •journal entries containing the word "reclass" or "reclassification" •journal entries posted without a user ID •journal entries posted and approved by the same user

This is normally done within the audit areas that include fraud risk(s) but should not be the only criterion as for JE we look broader than areas with fraud risk(s).

Below attachment listed out certain recommended pre-screening routines, high risk criteria as well as required data fields in order to run the routines on our Data Analysis Tools.

9 (Version 01/20)