Tolerable Deviation Rate
The Tolerable Deviation Rate (TDR), often used in auditing, refers to the maximum rate of deviations from prescribed internal controls that the auditor is willing to accept without altering the planned assessed level of control risk. In other words, it’s the highest rate at which control procedures can fail and still allow the auditor to conclude that the control is functioning effectively.
The TDR is an essential factor in determining the sample size for tests of controls. An auditor sets the TDR based on how crucial the specific control is to the audit’s overall objective and the risks associated with that control. Typically, the more critical the control, the lower the tolerable deviation rate, because the auditor wants a higher assurance level that the control is working effectively.
For example, if an auditor sets a TDR of 5% for a particular control, this means that they are willing to tolerate a deviation rate of up to 5% in the sample without considering the control ineffective. If the actual deviation rate observed in the sample exceeds this rate, the auditor might conclude that the control is not effective, leading them to adjust their audit approach.
In practice, setting the TDR requires professional judgment and consideration of various factors, including the significance of the control, the risk of material misstatement due to the control’s failure, and other controls in place that might mitigate the risk.
Example of the Tolerable Deviation Rate
Let’s explore a hypothetical auditing scenario to illustrate the Tolerable Deviation Rate (TDR).
Scenario: Auditing the Sales Invoicing Process at ABC Company
Background: ABC Company has an internal control procedure where every sales invoice is reviewed and approved by a manager before being sent to the customer. As an auditor, you want to test the effectiveness of this control.
Objective: Determine if the sales invoicing process’s approval control is operating effectively.
- Set the TDR: Given the significance of ensuring that every invoice is correctly approved (to prevent errors, fraud, and customer disputes), you decide to set a strict TDR. You determine that a TDR of 3% is appropriate. This means you’re willing to accept a deviation rate of up to 3% in your sample without deeming the control ineffective.
- Sample Selection: You decide to select a sample of 100 sales invoices from various points throughout the year.
- Testing: Upon reviewing the 100 sales invoices:
- 95 have clear evidence of manager approval.
- 5 do not have any evidence of manager approval.
This results in an observed deviation rate of 5% (5 out of 100).
- Evaluation: The observed deviation rate (5%) exceeds the TDR (3%). This suggests that the control might not be operating as effectively as desired.
- Audit Implication: Given the higher than acceptable deviation rate, you might:
- Increase the substantive testing around sales to identify potential misstatements.
- Discuss the findings with ABC Company’s management to understand potential reasons and to consider if there are other compensating controls.
- Adjust the control risk assessment for sales, which might impact the overall audit strategy.
This example highlights how the TDR is used in practice and its implications for the audit approach. If the deviation rate had been below the TDR, the auditor might have had more confidence in the control’s effectiveness. But since it exceeded the TDR, it raised concerns about the control’s reliability.