Manual Accounting Entries and Audit Risk — Why Auditors Treat Them as a Presumed Fraud Risk
Published: April 16, 2026
Every month, your accounting team opens Tally and types purchase vouchers, journal entries, debit notes, and asset records. Each entry involves selecting a ledger, entering an amount, choosing the right GST treatment, and applying TDS where applicable. Across a hundred transactions, that is hundreds of manual decisions — each one a place where a wrong ledger, a transposed digit, or a missed deduction can go unnoticed until the auditor finds it.
What most finance teams do not fully appreciate is that their statutory auditor is required to treat these manual entries as a presumed fraud risk. Not because they suspect fraud — but because SA 240 mandates it for every audit.
This article explains why manual accounting entries attract audit scrutiny, what happens when entries are system-generated instead of manually typed, and how the shift changes both the volume of audit testing and the risk of qualification.
1. What SA 240 says about manual entries
SA 240 — The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements — establishes certain risks that the auditor must treat as significant regardless of their assessment of the entity. Journal entry testing is one of them.
The standard requires auditors to:
- Test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of financial statements
- Select journal entries and other adjustments made at the end of a reporting period
- Consider the need to test journal entries and other adjustments throughout the period
The word "journal entries" in SA 240 is used broadly. It covers all manual entries in the books of account — not just the Journal Voucher type in Tally. Purchase vouchers, debit notes, credit notes, and any other entry that a person types manually falls within scope. The risk is in the manual act itself: a person choosing what to debit, what to credit, and for how much, without a system-enforced constraint linking that entry to an approved source document.
The auditor does not need to suspect fraud to test manual entries. SA 240 treats journal entry manipulation as a presumed risk. The testing is mandatory.
2. What SA 315 says about controls over entry recording
SA 315 — Identifying and Assessing the Risks of Material Misstatement — requires the auditor to understand the entity's internal controls relevant to the audit. One of the specific areas SA 315 focuses on is how journal entries and other adjustments are initiated, authorised, recorded, and processed.
The auditor evaluates:
- Who has access to record entries in the accounting system
- Whether entries require authorisation before posting
- Whether the system enforces segregation between the person who initiates a transaction and the person who records it
- Whether there are automated controls that prevent or detect unusual entries
When entries are typed manually by an accountant reading a GRN and creating a purchase voucher, the control environment is weak by definition. The accountant has discretion over ledger selection, amount, and tax treatment. The only control is review — someone else checking the entry after it is made. Post-entry review catches some errors but not all, and it is itself a manual, attention-dependent process.
3. How SA 330 connects controls to testing volume
SA 330 — The Auditor's Responses to Assessed Risks — determines how much testing the auditor performs based on the control environment assessed under SA 315.
The practical consequence:
- Weak controls over entry recording — The auditor performs more substantive testing. Larger sample sizes. More entries selected for detailed verification against source documents. More audit hours. Higher cost.
- Strong controls over entry recording — The auditor can perform tests of controls (verify the system works correctly) and reduce the extent of substantive testing. Smaller sample sizes. Fewer entries verified individually. The auditor tests the system rather than the entries.
This is the mechanism by which automated entry generation reduces audit burden. It is not that the auditor stops testing — it is that the nature of testing changes from verifying individual entries to verifying the system that generates them.
4. What "manual entry" actually means in practice
Before discussing automation, it is worth being precise about what the accountant is actually typing each month. Not all entries are journal entries in the Tally sense. The work breaks down into distinct voucher types:
Purchase vouchers — the highest volume
Every time goods are received against a purchase order (GRN) or services are accepted (SA), the accountant creates a purchase voucher in Tally:
- Debit the asset account or expense account based on the item classification
- Credit the vendor's sundry creditor ledger
- Post CGST and SGST (intra-state) or IGST (inter-state) to the correct input credit ledgers
- Deduct TDS if applicable and post to the TDS payable ledger for the relevant section
A single GRN with five line items, GST, and TDS involves 8-12 ledger entries. If the accountant handles 80-100 GRNs per month, that is 700-1,200 manual ledger selections per month — for purchase vouchers alone.
When a GRN is reversed (goods returned, quality rejection), the accountant must create a matching reversal purchase voucher with the same structure. When a service acceptance is reversed, same thing.
Journal vouchers — adjustments and lifecycle events
Journal vouchers in Tally handle entries that are not purchase or sale transactions:
- Depreciation: Debit depreciation expense, credit accumulated depreciation — per asset class, per depreciation method (SLM or WDV as per Companies Act Schedule II)
- Asset write-off: Debit loss on write-off, credit fixed asset account (net of accumulated depreciation)
- Asset scrap: Similar to write-off, but with scrap recovery value
- Asset disposal: Record sale proceeds, remove asset from books, recognise profit or loss on disposal
- Asset movement between departments: Debit destination department's fixed asset account, credit source department's fixed asset account
- Customs duty capitalisation: When import duties (BCD, SWS, IGST on imports, cess) are capitalised to the asset's cost
- Service expense posting: For expense-type service acceptances — debit expense account, credit vendor
- AMC and warranty contract activation: Debit prepaid asset, credit contract vendor payable
- Vendor debit notes for claims: Debit vendor (claim recovery), credit purchase returns, reverse GST input credit proportionally
These are lower volume than purchase vouchers but higher complexity. A depreciation run touching 15 asset classes requires 30 ledger entries. A disposal with proceeds and accumulated depreciation involves 4-5 ledger entries with gain/loss computation.
Debit note vouchers
When the organisation needs to reduce the amount owed to a vendor — overcharge, quantity mismatch, quality rejection — the accountant creates a debit note in Tally. This debits the vendor's account and credits the appropriate expense or purchase returns account, with proportional GST reversal.
Purchase order vouchers
Tally supports purchase order vouchers for commitment tracking. When a PO is approved, a PO voucher records the committed amount. When cancelled, a reversal PO voucher clears it. These are not accounting entries in the traditional sense but are useful for budget tracking and financial statement disclosures on outstanding commitments.
Master data — not entries, but still manual work
Beyond vouchers, the accountant also maintains master data in Tally:
- Vendor ledger creation: When a new vendor is approved, create a sundry creditor ledger with GSTIN, PAN, payment terms, and TDS section
- Fixed asset ledger creation: When a new asset is capitalised, create a fixed asset entry in Tally under the appropriate group with depreciation rate and method
Master data creation is low volume but high consequence — a wrong vendor ledger or incorrect depreciation rate compounds across every subsequent transaction.
5. What changes when entries are system-generated
In a system where accounting entries are generated automatically from approved source documents, the manual steps described above are replaced by system logic:
| Source event | Tally voucher type | What the system generates |
|---|---|---|
| GRN posted | Purchase voucher | Asset/expense debit, vendor credit, CGST/SGST or IGST split, TDS deduction — all derived from the approved PO and GRN data |
| GRN reversed | Purchase voucher (reversal) | Mirror of original entry with reversal flag |
| Service acceptance posted | Purchase voucher | Same structure as GRN, for service-type POs |
| Service acceptance reversed | Purchase voucher (reversal) | Mirror of original SA entry |
| Service expense posted | Journal voucher | Expense debit, vendor credit, with ITC handling |
| Asset write-off / scrap / disposal / movement | Journal voucher | Appropriate Dr/Cr based on removal type, with gain/loss computation for disposals |
| Depreciation run | Journal voucher | Depreciation expense debit, accumulated depreciation credit — grouped by asset class |
| Asset retirement | Journal voucher | Loss/write-off debit, asset credit |
| Customs duty capitalisation | Journal voucher | BCD, SWS, IGST, cess posted to duty ledgers and capitalised to asset cost |
| Vendor debit note | Journal voucher | Vendor debit, purchase returns credit, proportional GST reversal |
| Internal debit note | Debit note | Vendor debit, expense credit for overcharges or rejections |
| AMC / warranty contract | Journal voucher | Prepaid asset debit, contract payable credit |
| PO approved | Purchase order | Commitment voucher for the approved PO amount |
| PO cancelled | Purchase order (reversal) | Reversal of commitment voucher |
| Vendor approved | Ledger master | Sundry creditor ledger with GSTIN, PAN, and payment terms |
| Asset capitalised at GRN | Fixed asset master | Asset entry under correct group with depreciation rate and method |
The critical point: the system does not invent these entries. Every voucher is derived from an approved source document — a purchase order that went through the approval matrix, a GRN that was posted against that PO, a depreciation schedule based on asset capitalisation dates and Companies Act Schedule II rates. The ledger selection is not discretionary — it follows the configured mapping between the procurement system's classification structure and the Tally chart of accounts.
6. How this changes the auditor's approach
When an auditor encounters a system where accounting entries are generated automatically from approved operational documents, the audit approach shifts in three specific ways:
6.1 Control testing replaces volume sampling
Instead of selecting 50 purchase vouchers and verifying each one against source documents (SA 330 substantive procedures), the auditor can:
- Evaluate the system's IT general controls — access controls, change management, processing integrity (SA 315)
- Test the application controls — does the system correctly map ledgers, compute GST splits, apply TDS rates, enforce approval before posting?
- Verify a smaller sample of entries to confirm the system is operating as designed
The auditor tests the control environment once. If the controls are reliable, the sample size for substantive testing is significantly reduced. The audit tests the system rather than the entries.
6.2 Source document linkage is built in
Every system-generated voucher carries a reference back to its source — the GRN number, the PO number, the approval chain, the posting user. When the auditor selects an entry for verification, the trail is already there. There is no need to request the accountant to "find the GRN for this purchase voucher" — the reference is embedded in the entry's narration and metadata.
This linkage also supports the auditor's work under SA 500 (Audit Evidence) — the evidence for each entry is system-maintained, timestamped, and linked to the approval workflow rather than residing in a physical file that may or may not be complete.
6.3 The SA 240 journal entry testing scope narrows
SA 240's journal entry testing requirement does not disappear when entries are system-generated. But the scope of testing changes. The auditor focuses on:
- Manual override entries: Any entries made directly in Tally outside the automated system — these remain high-risk and are tested substantively
- System configuration: Whether the ledger mappings, GST rates, TDS sections, and depreciation rates are correctly configured
- Exception reports: Failed entries, skipped entries, entries that required manual intervention
The presumed fraud risk under SA 240 now concentrates on the manual entries that remain (adjustments, provisions, year-end entries) rather than spreading across every routine purchase voucher and depreciation journal.
7. The controls that support auditor reliance
An auditor does not rely on system-generated entries merely because they are system-generated. Reliance requires specific controls to be in place:
Segregation of duties
The person who raises a purchase requisition cannot approve it. The person who approves a GRN cannot be the same person who initiated the purchase order. Self-approval prevention is enforced by the system, not by policy alone. This addresses a core SA 315 control requirement.
Approval before posting
No accounting entry is generated until the source document has completed its full approval chain. A GRN that has not been approved does not produce a purchase voucher. A write-off requisition that has not been approved does not produce a journal entry. The approval chain is configured through the approval matrix and frozen at the time of submission — subsequent changes to the matrix do not affect workflows already in progress.
Immutable audit trail
Every action — submission, approval, rejection, posting, reversal — is logged with user, timestamp, and before/after values. The trail is append-only. This supports the audit trail requirements under Companies Act 2013 Section 128 and Rule 3 of the Companies (Accounts) Rules 2014.
Pre-processing validation
Before any entry is sent to Tally, the system validates that all mapped ledgers exist, all required mappings are configured, and debits equal credits. Incomplete or imbalanced entries are blocked and flagged for resolution. The auditor can review the validation log to confirm that no malformed entries were posted.
Queue-based processing with state tracking
Every accounting event moves through tracked states: PENDING, PROCESSING, POSTED, FAILED, SKIPPED. Failed entries are retained with error details for investigation. The auditor can compare the count of POSTED entries in the system against the count of vouchers in Tally to identify any discrepancies — this is the reconciliation process.
8. What a typical month looks like — before and after
Consider an organisation with 100 GRNs, 20 service acceptances, 5 debit notes, 3 asset write-offs, and a quarterly depreciation run covering 15 asset classes per month.
Before — manual entry
- 100 purchase vouchers typed manually (GRN) — each with 4-8 ledger entries = 400-800 manual ledger selections
- 20 purchase vouchers typed manually (SA) — each with 3-5 ledger entries = 60-100 manual ledger selections
- 5 debit note vouchers — each with 2-3 ledger entries = 10-15 manual ledger selections
- 3 journal vouchers for write-offs — each with 2-3 ledger entries = 6-9 manual ledger selections
- 1 depreciation journal with 30 ledger entries (15 classes, debit + credit each)
- Vendor ledger creation, asset ledger creation — as needed
- Total: 500-950+ manual ledger selections per month
Each selection is a point where a wrong ledger, incorrect amount, missing TDS, or wrong GST treatment can occur. At a conservative 2% error rate, that is 10-19 errors per month — errors that accumulate in the books until someone finds them during reconciliation or audit.
After — system-generated entries
- The same 100 GRNs, 20 SAs, 5 debit notes, 3 write-offs, and depreciation run produce the same entries — but generated automatically from approved source documents
- The accountant's role shifts from data entry to review: checking that the generated entries look correct, investigating any failed entries, and handling the small number of manual adjustments that the system cannot automate (year-end provisions, one-off reclassifications)
- Manual entries: only those adjustments that genuinely require human judgement
- Manual ledger selections per month: 10-30 (provisions, adjustments, reclassifications)
The audit consequence
In the manual scenario, the auditor's SA 240 testing covers all 500-950 entries. In the automated scenario, the auditor tests the system controls once and then focuses SA 240 journal entry testing on the 10-30 genuinely manual entries. The substantive sample for routine entries drops from perhaps 50-60 entries to 10-15 — not because the auditor is cutting corners, but because the control environment supports reduced testing under SA 330.
9. Where this matters most — high-risk areas
Some categories of manual entries carry higher audit risk than others:
Fixed asset entries
Fixed assets are explicitly addressed in CARO 2020 Clause 3(i). The auditor must report on whether the company has maintained proper records of fixed assets, whether physical verification has been conducted at reasonable intervals, and whether the title deeds are held in the name of the company. Every asset capitalisation, depreciation entry, and disposal journal directly feeds this CARO reporting. Manual errors in these entries create discrepancies that the auditor must report.
GST input credit entries
A wrong GST split — posting CGST/SGST when it should have been IGST, or vice versa — creates a mismatch between the books and GSTR-2B. The ITC reversal consequences are real: the tax authority reverses the credit with interest. When GST treatment is derived automatically from the vendor GSTIN and organisation GSTIN, this class of error is eliminated.
TDS entries
A missed TDS deduction or wrong section application results in a Section 201 notice — the company becomes the assessee in default. When TDS is embedded in the purchase order workflow and automatically applied at the correct rate per section, the risk of short deduction is structurally reduced.
Reversal entries
When a GRN is reversed or a service acceptance is cancelled, the reversal entry must mirror the original exactly — same ledgers, same amounts, opposite direction. Manual reversal entries are prone to partial reversal (forgetting to reverse the GST component) or incorrect amounts. System-generated reversals mirror the original entry automatically.
The reversal model is itself worth noting. Reversals now ship to Tally as Journal vouchers with the original debits and credits flipped, and Tally's Against Reference field preserves the forward voucher number so the original and the reversal stay paired in Outstandings and in audit trails. The earlier ISOPTIONAL=Yes pattern has been retired — it kept reversed amounts out of Outstandings and made the audit trail harder to read — and now appears only on PO-cancellation forwards. See Tally integration for how the pairing is rendered.
10. Frequently asked questions
Why does SA 240 treat journal entries as a presumed fraud risk?
Because journal entries are the primary mechanism for recording transactions in the books of account. Anyone with access can record an entry for any amount to any ledger. The standard recognises this inherent susceptibility and requires testing regardless of whether the auditor has identified specific fraud risks. It is a mandatory procedure, not a discretionary one.
Does SA 240 apply only to journal vouchers, or to all manual entries?
SA 240's requirements cover all manual entries in the books of account, not just journal vouchers in the Tally sense. Purchase vouchers, debit notes, and any other entry that a person types manually falls within scope. The risk is in the manual act — a person choosing what to debit, what to credit, and for how much — not in the specific voucher type.
Can an auditor rely on system-generated entries without testing them?
No. The auditor still tests, but the nature and extent of testing changes. Instead of selecting a sample of 50 purchase vouchers and verifying each against source documents, the auditor can test the system controls: does the system correctly map ledgers, compute GST splits, apply TDS rates, and enforce approval before posting? If those controls are reliable, a smaller sample of entries is sufficient to confirm the system is working as designed.
What about year-end adjustments that cannot be automated?
Year-end provisions, estimates, and reclassification entries will remain manual in most organisations. These are the entries that genuinely require professional judgement. The value of automating routine entries is that it concentrates the auditor's attention and the accountant's time on these judgement-intensive entries rather than diluting them across hundreds of routine purchase vouchers and depreciation journals.
Does this apply to organisations using Tally specifically?
The audit risk principles under SA 240, SA 315, and SA 330 apply regardless of the accounting software. Tally is the most commonly used accounting system in India, and the integration module generates Tally-compatible XML vouchers covering 22 event types. But the underlying argument — that system-generated entries from approved source documents reduce audit risk compared to manual entries — applies to any accounting system.