# How to interpret tolerable deviation rate vs actual deviation rate in controls testing?

It is important to understand how control risk factors into the amount of substantive testing that the audit team must perform. As you can see in the visual below, if control risk is higher (as well as inherent risk), that means that the audit team cannot really rely on internal controls to prevent or detect material misstatement. If control risk is higher, that means that the audit team must set detection risk at low, which means that the level of substantive testing procedures will increase.

What Increases control risk?

Now that we understand control risk, what would cause control risk to be high? Control risk is increased if the audit determines that controls are not operating effectively (i.e. they will not prevent or detect material misstatements). Audit teams will use sampling to determine whether or not controls are operating effectively.

What is tolerable deviation rate?

Based on materiality and the level of importance placed on the control, the audit team will calculate what the tolerable deviation rate is. The tolerable deviation rate is the max allowable difference (e.g. % or \$ difference) that is allowed before the audit team determines that the control is not operating effectively.

What is actual deviation rate?

When the audit team actually tests the control, they will identify the actual deviation rate. Again, this would be the % or \$ difference identified, which could vary based on the control type.

Tolerable deviation rate vs actual deviation rate?

After testing the control, the audit team will compare the actual deviation rate to the tolerable deviation rate. For example, imagine you are going on a date. You’ll likely compare what the guy/girl looked like in their profile picture on Bumble versus what they look like in real life!

If the tolerable deviation rate exceeds the actual deviation rate, then that means that the audit team can accept the test and rely on the internal control. If the actual deviation rate exceeds the tolerable deviation rate, then the audit team cannot rely on the internal control.

How do control testing results impact control risk?

Earlier we talked about how control risk would be high if the audit team cannot rely on intern controls. So if the audit team rejects the internal control test, then that means that control risk will be high and the audit team will have to perform a higher level of substantive testing. If the audit team accepts the internal control test, then control risk will be lower and the audit team can likely perform a lower amount of substantive testing.

What happens if the audit team incorrectly assesses test results?

If the audit team determines that the actual deviation rate based on their testing is higher than the actual deviation rate in the population, then they may incorrectly reject the test. That means that they will assess control risk at high when they could have assessed it at low and performed a lower level of substantive testing.

If the audit team determines the actual deviation rate based on their testing is lower than the actual deviation rate in the population, then they may incorrectly accept the test. That means that they will assess control risk at low when it should be assessed at high, which means they will perform lower substantive testing and may not identify a misstatement.

## You might also be interested in...

• ### CECL Excel Workbook

If you would like to use the Excel workbook that was used to create the Universal CPA lecture on CECL for debt securities, please click the link below to download the Excel workbook: CECL Calculation workbook (Universal CPA Review)

• ### Journal Entry for Direct Materials Variance

Journal Entry for Direct Materials Variance In the current year, Mission Burrito budgeted 6,000 pounds of production and actually used 4,000 pounds. Material cost was budgeted for \$5 per pound and the actual cost was \$8 per pound. What would the debit or credit to the direct material efficiency variance account be for the current...

• ### Understanding Variance Analysis

Variance Analysis Variance analysis is a method for companies to compare its actual performance vs its budgeted amount for that cost measurement (related to the flexible budget). The differences between the standard (budgeted) amount of cost and the actual amount that the organization incurs is referred to as a variance. By analyzing variances, the company...