Journal Entries and Adjustments: A Fraud Danger Viewed Through the Lens of Forensic Accounting and Investigations

Opening

Journal entries and financial adjustments play a vital role in an organization’s financial reporting. From a forensic accounting and investigative perspective, journal entries offer critical insight into how fraud is carried out, concealed, and perpetuated.

Manipulating journal entries allows perpetrators to alter financial statements, misrepresent a company’s financial health, and cover up fraudulent transactions.

This Fraud Tip Friday release explores the various risks associated with journal entries, the forensic techniques used to investigate them, and how they are exploited to conceal fraud.

The Role of Journal Entries in Financial Fraud Investigations

Journal entries form the backbone of an organization’s financial records. They capture everything from routine daily operations to complex financial adjustments. Forensic accountants rely on journal entries to trace how fraudsters manipulate financial data. In many cases, journal entries provide a clear record of manipulation and offer direct evidence of how a company’s financial results have been misrepresented.

Types of Journal Entries: Key Areas of Focus in Investigations

• Standard Journal Entries: These represent routine transactions such as sales, payroll, and daily expenses. While they are generally straightforward, forensic accountants must still review them to ensure that fraud has not been hidden among normal business activities. In many cases, fraudsters may use standard entries to aggregate smaller fraudulent amounts or adjust figures incrementally over time.
• Nonstandard Journal Entries: Nonstandard or adjusting journal entries are the primary area of concern for forensic accountants. These entries reflect nonrecurring transactions, such as year-end adjustments, asset impairments, or provisions. Because nonstandard entries often fall outside routine operations, they are more susceptible to manipulation. During an investigation, forensic accountants give extra attention to nonstandard entries to determine whether they were made with the intention of adjusting financial results improperly.
• Top-Side Journal Entries: These entries are made at the consolidation level and bypass the normal transactional process. Top-side journal entries are particularly concerning in investigations because they provide management with a way to override normal controls, allowing them to adjust financial results directly without having to justify the underlying transactions. Forensic accountants prioritize these entries, investigating the reasoning behind their use and whether they were used to smooth earnings or inflate results artificially. See my article on Top Side Entries here.

Forensic investigations often reveal that journal entries, particularly nonstandard and top-side adjustments, were used to conceal fraudulent activities. Investigators must scrutinize every entry to uncover patterns of manipulation, understand the context behind each adjustment, and determine whether these entries align with legitimate business practices.

Investigating Top-Side Journal Entries: A Key Focus for Forensic Accountants

Top-side journal entries are a common tool used by senior management to manipulate financial results. Unlike standard entries, which pass through routine transaction cycles, top-side adjustments are made directly at the financial statement level. These adjustments allow management to bypass normal controls, making it easier to manipulate financial figures without detection.

Key Risks and Red Flags in Top-Side Entries

Forensic accountants pay close attention to top-side entries for several reasons:

• Lack of Documentation: Many top-side journal entries lack the necessary documentation to justify their existence. Fraudsters may create these entries without providing adequate support, making it harder for auditors or investigators to trace the purpose of the adjustment. When a journal entry does not have the necessary paperwork or rationale, it is a significant red flag.
• Management Override: Top-side entries are often made by senior executives, which means they can override normal control mechanisms. This gives management significant power to manipulate financial results, especially when there is pressure to meet performance targets. Detecting management override through top-side entries is critical in an investigation.
• Unusual Patterns and Timing: Top-side entries made near reporting deadlines, particularly at quarter or year-end, are a red flag. These adjustments are often used to smooth earnings or boost performance metrics just before financial reports are released to investors or regulators. Forensic accountants focus on the timing of these entries to determine whether they were made with the intent to deceive.

Forensic accountants investigate top-side journal entries by reconstructing the financial logic behind each entry. They review whether the adjustments were made for legitimate reasons or if they were intended to misstate the financial position of the company.

Key Risks and Red Flags in Journal Entries from an Investigative Perspective

Fraudulent journal entries have several characteristics that forensic accountants look for during an investigation. These red flags often point to manipulation or the concealment of improper activities:

• Concealment of Misappropriated Funds: Journal entries can be used to hide the diversion of funds or cover up unauthorized transactions. For instance, fraudsters may reclassify stolen funds as legitimate business expenses by routing them through unrelated accounts. Forensic accountants look for unusual reclassifications or transactions that seem out of place.
• Revenue and Expense Misstatements: One of the most common ways to commit fraud is by manipulating revenue or expense entries. Fraudsters may record false revenue, prematurely recognize income, or misclassify operating expenses as capital expenditures. By inflating revenue or underreporting expenses, the company’s profitability is artificially boosted.
• Manipulation of Liabilities: Journal entries are often used to understate liabilities, making the company appear more financially stable. Forensic accountants scrutinize whether liabilities are recorded accurately and whether any entries inappropriately defer or reduce these obligations.
• Improper Segment Adjustments: Management may manipulate segment-level reporting by shifting expenses or revenues between divisions to make one area of the company appear more profitable than others. By reviewing how entries impact various business segments, forensic accountants can identify instances where financial performance has been artificially adjusted.
• Backdated or Post-Close Entries: Backdating entries to previous periods or making entries after a financial period has closed is a classic red flag for fraud. By retrospectively adjusting financial results, fraudsters can alter performance metrics to meet targets or cover up discrepancies. Forensic accountants focus heavily on the timing of entries to determine if any have been backdated or made after the books were supposed to be closed.
• Unusual or Repetitive Account Use: Fraudulent journal entries are often routed through seldom-used or unrelated accounts to make them harder to detect. Investigators look for patterns of unusual account combinations or repetitive use of certain accounts, as these can signal attempts to conceal fraudulent transactions.

Investigative Techniques for Detecting Fraud Through Journal Entries

Forensic accountants employ a variety of techniques to detect and investigate fraudulent journal entries. These methods help investigators uncover hidden patterns, trace the flow of funds, and identify suspicious transactions.

Cross-Referencing Entries with Supporting Documentation

A critical part of any journal entry investigation is ensuring that each entry is backed by appropriate documentation. This includes verifying whether the entry has legitimate support, such as invoices, contracts, or third-party confirmations. A lack of proper documentation is a major red flag, as it suggests that the entry was made to conceal fraud or manipulate results.

Transaction Cross-Referencing

Forensic accountants also cross-check journal entries against other financial records, such as bank statements, accounts payable, and accounts receivable. This ensures that journal entries correspond with real-world transactions. If there is no underlying transaction to support an entry, it may indicate that the entry is fraudulent.

Pattern Recognition and Anomaly Detection

One of the most powerful techniques in forensic accounting is the ability to recognize patterns in journal entries. Investigators use data analytics to detect anomalies, including:

• High-Risk Account Activity: Certain accounts, such as accruals, allowances, or reserves, are prone to manipulation. Investigators focus on these accounts to detect unusual transactions or irregular entries.
• Time Series Analysis: Investigating the timing of journal entries can reveal significant insights. For example, spikes in activity near quarter-end or year-end reporting periods may indicate that management is attempting to manipulate financial results to meet targets.
• Automated Entry Testing: Modern forensic tools allow investigators to flag journal entries based on predefined criteria, such as entries made outside regular business hours, large round numbers, or entries made by unauthorized personnel. Automated testing helps forensic accountants quickly identify entries that warrant further investigation.

Using Benford’s Law in Forensic Investigations

Benford’s Law is a mathematical principle that predicts the distribution of leading digits in naturally occurring datasets. According to Benford’s Law, the digit 1 appears as the leading digit around 30.1% of the time, while the digit 9 appears only about 4.6% of the time. This law can be applied to financial datasets, including journal entries, to detect manipulation.

When financial data deviates from Benford’s Law, it may signal that the entries have been fabricated or altered. Forensic accountants use Benford’s Law to analyze journal entries and identify entries that fall outside the expected digit distribution.

Example of Benford’s Law Applied to Journal Entries

Consider the following set of 10 journal entries:

Using Benford’s Law, we analyze the leading digits of each journal entry amount. The expected distribution from Benford’s Law versus the actual leading digit distribution for this dataset is as follows:

? JE001: Leading digit 1 (102,500)

? JE002: Leading digit 5 (58,930)

? JE003: Leading digit 2 (235,700)

? JE004: Leading digit 9 (915,600)

? JE005: Leading digit 4 (476,200)

? JE006: Leading digit 1 (150,300)

? JE007: Leading digit 3 (310,250)

? JE008: Leading digit 8 (89,500)

? JE009: Leading digit 6 (62,400)

? JE010: Leading digit 1 (15,930)

Benford’s Law Expected Distribution vs. Actual Distribution:

? Digit 1: Expected 30.1% | Actual: 30% (3 occurrences)

? Digit 2: Expected 17.6% | Actual: 10% (1 occurrence)

? Digit 3: Expected 12.5% | Actual: 10% (1 occurrence)

? Digit 4: Expected 9.7% | Actual: 10% (1 occurrence)

? Digit 5: Expected 7.9% | Actual: 10% (1 occurrence)

? Digit 6: Expected 6.7% | Actual: 10% (1 occurrence)

? Digit 8: Expected 5.1% | Actual: 10% (1 occurrence)

? Digit 9: Expected 4.6% | Actual: 10% (1 occurrence)

Analysis:

• The digit 9 (JE004) is overrepresented in this dataset, appearing in 10% of the journal entries, despite Benford’s Law predicting it should only appear 4.6% of the time. This raises concerns about JE004 being potentially fraudulent.
• The digit 8 (JE008) also shows up more frequently than expected. Further analysis would be needed to understand why these entries deviate from the expected distribution.

This discrepancy, combined with the fact that both JE004 and JE008 were entered outside regular business hours (at 9:00 PM and 11:00 PM, respectively), raises red flags that warrant further investigation.

Timestamp and User Analysis: A Critical Forensic Technique

Journal entry investigations require reviewing audit logs to understand who made the entries when they were made, and whether they were subsequently modified. This provides critical insights into potential manipulation.

Audit logs are a powerful tool for forensic accountants because they record the precise details of every journal entry, including the user, the timestamp, and any subsequent modifications. Fraudulent entries are often made after business hours or by individuals who typically do not have accounting responsibilities, making audit logs a vital source of evidence in identifying irregularities.

In the provided example:

• JE004 and JE008 were both recorded after regular business hours, suggesting an attempt to avoid detection. Entries made late at night are a common red flag in fraud investigations, as they may indicate someone is trying to manipulate the books without being noticed.
• User B, who is associated with multiple entries made outside normal business hours (including JE002, JE005, and JE008), should be scrutinized. Repeated involvement in high-risk journal entries is often a sign that the user may be either intentionally or unintentionally involved in fraudulent activities.

Investigators should carefully analyze the roles and responsibilities of each user making these entries, ensuring they have the proper authorization. Additionally, the timing of the entries should be compared to business operations. Late-night entries, especially those made right before financial reporting deadlines, are highly suspicious and should be flagged for further investigation.

By combining timestamp analysis, user profiling, and audit logs, forensic accountants can build a more comprehensive picture of how fraudulent entries are made and who might be involved.

Additional Red Flags in Journal Entries

In addition to analyzing user activity and timestamps, forensic accountants look for specific characteristics in journal entries that suggest fraud. These red flags, when detected in combination with other suspicious behaviors, can provide a clear indication of fraudulent activity.

Backdated or Post-Close Entries:

Entries made after a financial period has closed, or entries that are backdated to previous periods, can signal an attempt to alter financial results retrospectively. Forensic accountants will examine whether entries were made after the books should have been closed and determine if they were backdated to manipulate performance metrics. Any such entries require detailed scrutiny.

Entries to Dormant or Unrelated Accounts:

Fraudsters often use dormant or unrelated accounts to obscure fraudulent journal entries. Investigators should focus on entries made to accounts that are seldom used or do not align with the nature of the transaction. Entries routed through dormant or obscure accounts can be a sign that the fraudster is attempting to hide the true nature of the transaction.

Round Numbers and Consistent Endings:

Fraudulent journal entries frequently involve round numbers or amounts with consistent endings (e.g., $100,000, $500,000, etc.). This is because perpetrators often fabricate entries using easy-to-calculate numbers, hoping to avoid detection. Forensic accountants should pay close attention to entries with large, round numbers, as these are often indicative of fabricated or manipulated transactions.

Case Studies: Journal Entries in Fraud Investigations

Several high-profile fraud cases have illustrated how journal entries were used to perpetuate and conceal fraud. These case studies highlight the critical role that forensic accountants play in uncovering fraudulent journal entries.

WorldCom

WorldCom executives used fraudulent journal entries to reclassify more than $11 billion in operating expenses as capital expenditures. By manipulating journal entries, the company inflated its assets and net income, hiding its deteriorating financial position from investors and regulators. Forensic accountants uncovered the fraud by analyzing these journal entries, which lacked proper documentation and were authorized by senior management without adequate oversight. The entries were often made near reporting deadlines, raising further suspicion.

Xerox

Xerox executives engaged in fraudulent activities by making top-side adjustments to inflate the company’s earnings. These journal entries bypassed normal accounting processes and were recorded without supporting documentation. By focusing on these entries, forensic accountants were able to unravel the fraudulent scheme, which misrepresented the company’s financial performance over several years. The use of audit logs and user tracking played a key role in identifying how and when these entries were made.

Cendant

Cendant Corporation used fraudulent journal entries to backdate revenue and inflate earnings. These entries were made without proper authorization and were routed through unrelated accounts to obscure the true nature of the transactions. Forensic accountants detected the fraud by analyzing the audit logs and cross-referencing the entries with supporting documentation. The investigation revealed that these entries were made with the intent of misleading investors and regulators.

Using Benford’s Law to Identify Anomalies in Journal Entries

As previously discussed, Benford’s Law is an effective tool for detecting anomalies in financial data, particularly when examining journal entries. By analyzing the leading digits in a dataset of journal entries, forensic accountants can identify entries that deviate from the expected distribution, suggesting manipulation.

How Benford’s Law Works in Practice

Benford’s Law predicts that in a naturally occurring dataset, the digit 1 should appear as the leading digit about 30.1% of the time, while the digit 9 should appear only 4.6% of the time. When journal entries deviate significantly from this expected distribution, it can signal that some entries were fabricated or manipulated.

In our earlier example dataset, JE004 and JE008 raised red flags due to their deviation from the expected distribution. The leading digit 9 (JE004) was overrepresented in the dataset, and both entries occurred after regular business hours, further increasing the likelihood of fraud.

By applying Benford’s Law, forensic accountants can quickly identify which journal entries require further investigation. This allows investigators to focus on the most suspicious entries and cross-reference them with supporting documentation and audit logs.

Summary

Journal entries, while a necessary component of financial reporting, are often exploited by fraudsters to conceal fraudulent activities and manipulate financial results. Forensic accountants play a critical role in detecting these manipulations by carefully analyzing the content, timing, and documentation of journal entries. Whether through top-side adjustments, backdating, or improper classifications, journal entries are frequently used to distort a company’s true financial condition.

It is important to emphasize that journal entry fraud is not a category of fraud in itself but a tool used to perpetrate fraud in general. Through the use of forensic techniques such as Benford’s Law, timestamp analysis, and user profiling, forensic accountants can uncover hidden patterns of manipulation and hold those responsible accountable.

The case studies of WorldCom, Xerox, and Cendant illustrate how senior management can abuse journal entries to cover up financial wrongdoing. By focusing on suspicious patterns, irregularities in timing, and deviations from normal accounting practices, forensic accountants can expose the individuals behind the fraud and help restore trust in the company’s financial statements.

Thoughts and comments are welcome!

Jonathan M.

References

1. The concepts and case studies discussed in this paper were inspired by Journal Entries and Adjustments—Your Biggest Fraud Danger by Delwyn D. DeVries and Jack E. Kiger.

2. Additional case studies and methodologies are based on real-world investigations from publicly available SEC and DOJ enforcement actions.