Inherent risk definition

/

What is Inherent Risk?

Inherent risk is the probability of loss based on the nature of an organization's business, without any changes to the existing environment. The concept can be applied to the financial statements of an organization, where inherent risk is considered to be the risk of misstatement due to existing transactional errors or fraud.

A misstatement due to errors or fraud appear in the financial statements of the entity or in its accompanying disclosures. This risk may be assessed by external auditors as part of their audit of the financial statements of a business.

When is Inherent Risk More Likely?

Inherent risk is considered to be more likely under the circumstances noted below:

  • Judgment-based transactions. A high degree of judgment is involved in business transactions, which introduces the risk that an inexperienced person is more likely to make an error. This is especially likely when there is a large amount of employee turnover within a business, so that few people have experience in dealing with the various types of transactions.

  • Estimates in transactions. Significant estimates must be included in transactions, which makes it more likely that an estimation error will be made.

  • Complex transactions. The transactions in which a business engages are highly complex, and so are more likely to be completed or recorded incorrectly. Transactions are also more likely to be complex when there are a large number of subsidiaries submitting information for inclusion in the financial statements. Another example of complexity is when an organization routinely engages in derivative transactions.

  • Non-routine transactions. When a business engages in non-routine transactions for which it has no procedures or controls, it is easier for the staff to complete them in error.

Related AccountingTools Courses

Guide to Audit Sampling

How to Conduct an Audit Engagement

The Audit Risk Model

Using Controls to Reduce Risk

The effects of an inherent risk can be mitigated by using one or more precisely targeted controls. However, the effects of too many controls can be a less efficient organization, so management should weigh the benefits of risk reduction against the greater burden of more controls on the business. The result is usually a pared-back set of controls that optimize a blend of risk and efficiency.