Journal Entry Review and Approval 1835



  • Want some considered opinion on the relevance of the sequencing of the creation of a journal with the review/approval process and the impact on controls.
    Background: my company has mulitple general ledger systems in which some review and approval porcesses are fully manual (evidenced via paper) and some are electronic. With respect to electronic approval, certain older systems are designed so that an entry is effectively made to the ledger and then flagged for review. In other cases, the entry goes into a review que and is not posted until approved.
    Our auditors think that a post-entry review is the required standard. I disagree in that as long as entries are being reviewed (and documented as such) irregardless of whether before or after posting, we have met our obligations to ensure the validity, completeness and correctness of these entries. In any case, all entries are reviewed prior to close and financial reporting.
    Note: all of the above scenarios assume no way to alter a journal once entered into the system and that threholds are in place to ensure review of all material transactions.
    Am I off base here?



  • You are right on target. JE review is critical, but can be performed either before or after posting (after posting allows you to verify that the JE was properly entered into the system as written and approved, whereas review and approval prior to posting still leaves room for input errors unless you have some sort of input control).



  • When reviewing journals after posting - is there a risk that they may not be reviewed until after the period -end and therefore have an effect on Cut-Off?



  • I agree review is important. What is also important is that the whole process is viewed holistically. I have found auditors tend to focus on ‘best practice’ for a control without examining the bigger picture.
    You state that all entries are reviewed prior to close and financial reporting - surely that is sufficient to satisfy yourself that no material misstatement can occur on your accounts through journalling? That assumes the process is robust but I rely on the same type of control and it helps distract away from all the debate about other reviews, authorisations, etc. Though I should also say that is couched within our overall COSO assessment including code, conduct and qualification of staff.



  • When reviewing journals after posting - is there a risk that they may not be reviewed until after the period -end and therefore have an effect on Cut-Off?
    No risk there…
    …you just post a journal to correct it :lol:



  • More seriously though I would expect to see a combination of prevent and detect controls around journal entries meeting a variety of control risks, e.g.

    • required journals are not processed
    • journals are not correctly calculated
    • journals are not accurately processed
    • invalid journals are processed
    • duplicate journals are processed
      In response I would expect to see:
    • restrictions on journal processing
    • automated controls around journal procesing e.g. journals must balance
    • review and approval
    • post period-end review


  • …to follow on with the holisitic thinking…we also have the requirement to perform account reconciliations in conjunction with our financial close process…



  • …to follow on with the holisitic thinking…we also have the requirement to perform account reconciliations in conjunction with our financial close process…
    From which, of course, more journals may arise. 😉



  • Use Park and Post facility( if available), or use an approval for JEs already posted. If you do a verification/ approval of JEs before posting and do no further checks, there is a risk of approved JEs inappropriately entered as well.
    To top it we can do a monthly User wise Document review( time consuming but if there are no other controls what else can be done)
    Cheers



  • About journal entries:

    • restrictions on journal processing (if the process is centralized other way, SOD for restrict who post and who approves)
    • automated controls around journal processing e.g. journals must balance (for SAP, that’s an inherent control)
    • review and approval (manual journal entries must be approved, automatic will be controlled by account reconciliations and work-flow)
    • post period-end review (analytical review)
      Does anyone know any report on SAP for manual journal entries???
      Thanks in advance.

Log in to reply