Year-end fieldwork has a pattern that auditors recognize immediately: the last three business days of a reporting period contain a disproportionate share of complex, manual journal entries — the ones that require management approval, the ones with unusual account combinations, the ones posted by senior finance staff after the normal approval chain has closed. These are also, consistently, where the problems are.
Across the engagements where AuditPulsar's detection engine has processed complete journal entry populations, 61% of findings that were ultimately escalated to reportable status originated in entries posted in the final 72 hours of the accounting period. That isn't a dramatic finding — it's consistent with what experienced auditors already believe. What's notable is that most testing programs don't reflect this belief in how they allocate coverage.
Why Period-End Entries Carry More Risk
The reasons are structural, not incidental. Period-end is when management makes its final decisions about revenue recognition, accrual levels, reserve adjustments, and asset valuations. Many of these decisions have some degree of discretion built into the accounting standards. That discretion is not inherently problematic. It becomes a risk when the entries that implement those decisions bypass the controls that apply to normal-course transactions.
In most ERP environments, normal-course journal entries go through a workflow: they're prepared by one person, reviewed by another, and approved by a third. Period-end entries frequently bypass this workflow. They're posted directly by CFOs or controllers, often after hours, often with overrides to the normal authorization limits. The entries may be technically compliant with GAAP while also representing management's preferred outcome rather than the most defensible estimate.
AU-C Section 240 (the fraud consideration standard) explicitly identifies period-end journal entries as a required area of focus. ISA 240 says the same thing in nearly identical language. The standards exist precisely because the profession has seen this pattern play out in enough restatements and enforcement actions to codify it as a significant risk area.
What the Testing Programs Actually Look Like
Ask an audit manager how they test journal entries and the typical answer is a version of this: they pull all entries over a materiality threshold, filter for entries posted outside normal business hours, filter for entries posted by unusual preparers, and sample from the resulting population. For complex clients, this might yield 50 to 200 items that get reviewed in detail.
There are two problems with that approach applied to period-end entries. First, the threshold filter excludes a meaningful population of below-threshold entries that collectively aggregate to a material amount. Second, the "unusual preparer" filter often misclassifies period-end entries — the CFO posting the year-end accrual reversal is not an unusual preparer by system definition, but their entries carry more inherent risk than a staff accountant's routine payable posting.
The better approach is to segment the population by posting date and treat period-end entries — defined as entries posted in the last three business days of each accounting period — as a distinct sub-population with its own testing objectives and coverage requirements.
How to Define "Period-End" in Practice
Three business days before the period close is a workable definition for monthly and quarterly closes. For annual closes, extend to five business days to capture the activity that accelerates in the final week of the fiscal year.
Some clients use a soft close followed by a hard close, typically one to two weeks apart. In those environments, define "period-end" as the five business days before the hard close. Entries posted in the soft close window but before the period-end window are lower risk — they've typically gone through normal review processes and may be adjusted before the books finalize.
Identify the period-end population by posting date in the ERP, not by journal entry date. In SAP S/4HANA, this is the BUDAT field in BKPF. In Oracle NetSuite, it's the posting date in the Transaction table. In QuickBooks Enterprise, the TxnDate field. When these fields differ from the transaction date by more than three days, that gap is itself an audit indicator — it suggests the entry was backdated, which is a separate finding.
What to Test in the Period-End Population
Period-end entries warrant more extensive testing than normal-course entries. For each entry in the period-end population above materiality, the minimum documentation should cover:
Authorization. Who prepared and who approved the entry? If it was posted without a secondary approval, was there a documented business reason for the override? In ERP systems, authorization data is usually in the posting user fields — USNAM in BKPF for SAP, the CreatedBy and ApprovedBy fields in NetSuite. When the preparer and approver are the same person, that's not automatically a finding, but it warrants a note explaining why the normal segregation requirement didn't apply.
Business purpose. Does the account combination make sense given the period-end context? A debit to an accrued expenses account and a credit to revenue in the last two days of the period is a combination that should always require a supporting business rationale, not because it's necessarily wrong, but because it's the combination associated with revenue inflation schemes in enough historical cases to make routine verification appropriate.
Reversal status. Period-end accruals that are not reversed in the subsequent period need an explanation. Accumulating non-reversing accruals year over year is a common technique for maintaining reserve buffers that can be released to manage reported earnings.
The Volume Problem and How Technology Changes It
A mid-market manufacturing client might generate 8,000 to 15,000 journal entries in a single quarter. The period-end population under the three-day definition might be 400 to 800 of those. At current staffing economics, a manual review of 800 items takes 12 to 20 hours. That's time that doesn't exist in most audit schedules.
This is exactly the trade-off that automated screening is designed to resolve. AuditPulsar's detection engine can score the full period-end population in under 30 seconds. The scoring uses statistical deviation from account-specific historical patterns, Benford's Law analysis on the amount field, unusual account combinations relative to the client's own posting history, and after-hours posting indicators. A population of 800 entries typically produces 15 to 40 items that score above 70 on the 0-100 risk scale.
Those 15 to 40 items are where the audit hours go. The scoring is not a substitute for the auditor's judgment about whether each item represents an actual finding — it's a mechanism for directing that judgment toward the entries where it's most likely to matter.
Documentation Requirements for Period-End JE Testing
Under AS 2201, if you're performing PCAOB-registered audits, period-end journal entry testing is a required procedure and the workpapers must document the population definition, the selection criteria, the items selected, and the results of testing. PCAOB inspection findings have cited inadequate JE testing documentation in multiple recent inspection reports, including the 2024 report on inspection findings across 16 registered firms.
The minimum workpaper should include: the complete period-end population (not just the tested items), the scoring or selection criteria applied, the items selected and the basis for selection, the supporting documentation obtained for each selected item, and the conclusion reached. If you used automated screening, document the tool used, the parameters applied, and the basis for concluding the tool is reliable for this purpose.
AuditPulsar's export function generates a PCAOB-compatible workpaper covering all of these elements. The export includes the complete population, each item's risk score with the supporting factor breakdown, and the audit trail showing when the scan was run and by whom. That documentation travels with the workpaper file rather than living in a separate system.
The Practical Starting Point
If you're auditing a client for the first time with AuditPulsar, or adapting your JE testing program to give period-end entries appropriate weight, start by running a scan on the prior year's complete journal entry population. Segment by posting date. Look at what the period-end concentration reveals relative to the full-year distribution. That baseline tells you what the risk profile of this client's period-end entries actually looks like before you set coverage expectations for the current year.
The finding that surprises most audit teams is not the high-risk items — those are expected. It's the discovery that what they considered a representative sample in prior years was systematically underweighted toward period-end transactions. Understanding that gap is the first step toward a testing program that actually addresses the risk.