Auditor most of the time, due to number of factors, is unable to apply audit procedures on each and every piece of information available to him. Therefore, he applies different audit procedures on less then 100% items in a given population. This is called sampling.
Among these audit procedures there are two types of procedures namely; Tests of Controls and Tests of Details. Lets have a brief overview of these terms.
Tests of controls are directed towards Internal control system of the entity to evaluate its operating effectiveness in preventing or detecting and correcting material misstatements. If internal controls implemented by the management are not followed or applied effectively then it is termed as “deviation from internal controls” or simply “deviation”. Discovery of more and more deviations from internal control system means higher probability of material misstatements.
Tests of details are applied to detect material misstatements in account balances, classes of transactions and disclosures.
As said earlier, auditor use sampling techniques to conduct audit, which if we sum in few words mean that auditor applies audit procedures to less then 100% items (sample) and draw conclusions on the basis of sample he will make an opinion about the population. Because of sampling there are two problems that auditor has to face:
- As less then 100% items will be selected thus items that have not been selected may have material misstatement and thus some misstatements might go undetected completely and in addition to that some misstatements just escape auditor’s procedures.
- Misstatements which might be immaterial taken individually but when aggregated can misstate the financial statements materially.
Based on the above two factors auditor will determine how much deviations and misstatements of what amount should be tolerated so that when “detected” + “undetected” + “individually immaterial but possibly material when aggregated” misstatements are put together then materiality level is not breached.
Thus, tolerable rate of deviation is related to deviations in internal control system and tolerable misstatements is connected with tests of details.
Tolerance basically has its implications on those deviations and misstatements which have been detected and is adjusted by considering risk of undetected misstatements and the risk that immaterial misstatements will amount to material misstatements when added up. In simple words, if these two risks are higher then auditor will go tough on detected misstatements and thus his tolerance will be low and will ask the management to correct even the minor misstatements so that over all risk of material misstatement can be lowered.
You can think of tolerable misstatements or tolerable rate of deviation as a box that holds detected, undetected and individually immaterial misstatements together. Now, as the auditor is going to fix the volume of the box therefore, if the size of any of these three elements increases then surely the room for other two will decrease and thus auditor will have to act accordingly.