How Inherent Risk Is Assessed by Auditors

Auditors play a very important role in the financial sector. These professionals act as independent parties who review financial statements to ensure they are fair and accurate. They do this through routine audits, which are reviews that may involve the financial examinations of corporate financial statements, as well as compliance issues and internal controls involving a company's financial reporting.

Audits are conducted by internal and external auditors. Internal auditors work for a company. Their examinations act as managerial tools to identify process and internal control improvements. External auditors often review corporate financial statements and internal controls. In either case, auditors are responsible for identifying any errors and inconsistencies. The risk posed by these mistakes is commonly referred to as inherent risk. Keep reading to learn more about inherent risk and what auditors do to assess it.

Key Takeaways

  • Auditors help ensure that corporate controls and financial statements are free from errors, fraud, and misstatements.
  • Inherent risk is an inevitable part of doing business and occurs even when there are controls in place.
  • An auditor's knowledge and judgment of the industry, corporate transactions, and company assets can help determine inherent risk.
  • Companies with complicated business structures and transactions tend to have more inherent risk.
  • Lowering inherent risk often involves reevaluating existing internal controls and implementing new practices.

Why Inherent Risk Matters

There are risks that arise even if an auditor clears a company's financial statements of any material misstatements. This is known as audit risk. Despite being given the all-clear, statements may still have some inconsistencies. Audit risk can be divided into three categories: control risk, detection risk, and inherent risk.

Control risk arises whenever a company's internal practices don't prevent any misstatements. Detection risk, on the other hand, occurs when an auditor fails to detect any risks. But what about inherent risk? Inherent risk is any risk that occurs naturally when there is no risk management in place to mitigate it. Put simply, it is inevitable.

Auditors use inherent risk to assess the risk of material misstatement associated with a particular line item or audit area in a company's financial statements. It is primarily assessed by the auditor's knowledge and judgment about:

  • The industry as a whole
  • The types of transactions that occur within a particular company
  • The assets that the company owns

An auditor assesses each audit area in the financial reporting or internal controls as either low, medium, or high in inherent risk. Inherent risk is high whenever there is a higher chance of material misstatements. It can also increase for companies with complex and dynamic day-to-day operations. Certified personal accountant (CPA) firms use the assessed level of risk of material misstatement to design the audit procedures applied to the associated accounts.

The ultimate risk posed to the company also depends on the financial exposure created by the inherent risk if the process for accounting for the exposure fails.

Who Has the Highest Inherent Risk?

As noted above, inherent risk can't be avoided. Therefore, it comes with doing business. Some types of businesses are more susceptible to inherent risk than others. Businesses that don't have complicated business structures are prone to low levels of inherent risk, Highly complex and dynamic businesses, on the other hand, come with a higher degree of inherent risk.

Companies that operate in highly regulated sectors, such as the financial sector, are more likely to have higher inherent risk. This is especially true for companies without internal audit departments or audit departments without an oversight committee with a financial background.

While companies can't prevent inherent risk altogether, they can lower the degree of risk they experience. Implementing or increasing internal controls is one of the best ways that companies have to lower the level of inherent risk they may experience.

Examples of Inherent Risk Factors

Assessing inherent risk tends to be a more subjective process than other components of the audit. However, there are often clear and observable factors to consider, such as the economy, the industry, and previously known misstatements that help the auditor arrive at an assessed level of inherent risk for each audit area.

Here are a few examples of inherent risk that exist within the corporate world. The following are types of factors that auditors consider as they assess inherent risk:

  • Financial transactions that require complex calculations are inherently more likely to be misstated than simple calculations.
  • Cash on hand is by nature more susceptible to theft than a large inventory of coal.
  • Rapid technological developments may create a higher risk of inventory becoming obsolete more quickly than in other industries.
  • A struggling company may inherently have a greater incentive to misstate financial information to meet certain covenants.
  • A company that has improperly reported a particular balance in the past may be inherently more likely to misstate it again.

What Is Inherent Risk?

Inherent risk is any risk associated with errors or omissions in a company's financial statements and reporting. These misstatements generally occur whenever there are complicated transactions that occur or whenever there is a higher degree of knowledge or judgment required to come up with financial estimates. In many cases, internal controls that are in place all fail, resulting in inherent risk.

Can You Prevent Inherent Risk?

Inherent risk is inevitable. This means that any business is susceptible to inherent risk. When a company has a very basic business structure, the chances of inherent risk is low. But more complex businesses that have complicated structures have a higher degree of inherent risk involved. While companies may not be able to prevent it altogether, they can lower the chance of inherent risk by improving existing processes or putting more controls in place.

What's the Difference Between Inherent and Control Risk?

Inherent risk is unavoidable, which means it's a natural part of doing business. Control risk, on the other hand, arises whenever internal practices stop working and lead to material misstatements. Control risk also occurs whenever there aren't enough internal procedures in place to prevent or mitigate risk.

How Does Detection Risk Differ From Inherent Risk?

Inherent risk is any risk that arises as a result of doing business. It is commonly present even when controls and risk management doesn't work. Detection risk, on the other hand, is one of the three components of audit risk along with control and inherent risk. When an auditor fails to find material misstatements in a financial statement or company's financial reporting, this is known as detection risk. These misstatements may be the result of fraud or errors.

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. Association of International Certified Professional Accountants. "An Audit of Internal Control Over Financial Reporting: AU-C Section 940-An Audit of Internal Control Over Financial Reporting That is Integrated With an Audit of Financial Statements."

  2. Association of International Certified Professional Accountants. "Audit Risk and Materiality in Conducting an Audit-AU Section 312-Audit Risk and Materiality in Conducting an Audit," Page 1652.

Take the Next Step to Invest
×
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.
Service
Name
Description