In financial and managerial accounting, inherent risk is defined as the possibility of incorrect or misleading information in accounting statements resulting from something other than the failure of controls. Incidents of inherent risk are most common where accountants have to use a larger than normal amount of judgment and approximation, or where complex financial instruments are involved. It is often present when a company releases forward-looking financial statements.
Types of Audit Risk
To understand inherent risk, it helps to place it within the context of audit risk analysis. Audit risk is the risk of error while performing an audit, and it traditionally is broken into three distinct types.
- Control risk: Control risk occurs when a financial misstatement results from lack of proper accounting controls in the firm. This is most likely to surface in the form of fraud or lazy accounting practices.
- Detection risk: It's also possible that auditors simply fail to detect an otherwise easy-to-notice error in the financial accounts. This is known as detection risk. Normally, detection risk is countered by increasing the number of sampled transactions during testing.
- Inherent risk: Considered the most pernicious of the major audit risk components, inherent risk can't be easily avoided through increased auditor training or creating controls in the auditing process. Nevertheless, it is one of the risks auditors and analysts must look for when reviewing financial statements, along with control risk and detection risk.
Common Examples of Inherent Risk
Inherent risk is common in the financial services sector. The reasons include the complexity of regulating financial institutions (the large and ever-changing amount of rules and regulations), the large networks of related companies, and the development of derivative products and other intricate instruments which require complicated calculations to assess.
Financial institutions often have longstanding and complicated relationships with multiple parties. A holding company might be involved with several different entities at once, each controlling special-purpose vehicles and other off-balance sheet entities. Each organizational structure level might have large numbers of investor and client relationships. Related parties are notoriously less transparent than separate entities, too.
Business relationships include those with auditors; both initial and repeat engagements with auditors create some inherent risk. Initial auditors might be overwhelmed by complexity or new topics. Repeat engagement may cause overconfidence or laxity due to personal relationships.
Non-routine accounts or transactions can present some inherent risk. For example, accounting for fire damage or acquiring another company is uncommon enough that auditors run the risk of focusing too much or too little on the unique event.
Inherent risk is particularly prevalent for accounts that require a lot of guesstimates, approximations, or value judgments by management. Fair value accounting estimates are difficult to make, and the nature of the fair value process should be disclosed in accounting statements. Auditors may have to investigate and interview the firm's decision-makers about estimation techniques to reduce error. This type of risk is magnified whether it occurs rarely or for the first time.