What Is Inherent Risk?
Inherent risk is the risk posed by an error or omission in a financial statement due to a factor other than a failure of internal control. In a financial audit, inherent risk is most likely to occur when transactions are complex, or in situations that require a high degree of judgment in regard to financial estimates. This type of risk represents a worst-case scenario because all internal controls in place have nonetheless failed.
- Inherent risk is the risk posed by an error or omission in a financial statement due to a factor other than a failure of internal control.
- In a financial audit, inherent risk is most likely to occur when transactions are complex, or in situations that require a high degree of judgment in regard to financial estimates.
- Inherent risk is one of the risks auditors and analysts must look for when reviewing financial statements, along with control risk and detection risk.
- Inherent risk is common in the financial services sector due to complex regulations and the use of difficult-to-assess financial instruments.
Understanding Inherent Risk
Inherent risk is one of the risks auditors and analysts must look for when reviewing financial statements. The other main audit risks are control risk, which occurs when a financial misstatement results from a lack of proper accounting controls in the firm, and detection risk, which occurs when auditors simply fail to detect an easy-to-notice error.
When conducting an audit or analyzing a business, the auditor or analyst tries to gain an understanding of the nature of the business while examining control risks and inherent risks. If inherent and control risks are considered to be high, an auditor can set the detection risk to an acceptably low level to keep the overall audit risk at a reasonable level. To lower detection risk, an auditor will take steps to improve audit procedures through targeted audit selections or increased sample sizes.
Companies operating in highly regulated sectors, such as the financial sector, are more likely to have higher inherent risk, especially if the company does not have an internal audit department or has an audit department without an oversight committee with a financial background. The ultimate risk posed to the company also depends on the financial exposure created by the inherent risk if the process for accounting for the exposure fails.
Complex financial transactions, such as those undertaken in the years leading up to the financial crisis of 2007–2008, can be difficult for even the most intelligent financial professionals to understand. Asset-backed securities, such as collateralized debt obligations (CDOs), became difficult to account for as tranches of varying qualities were repackaged again and again. This complexity may make it difficult for an auditor to make the correct opinion, which in turn can lead investors to consider a company to be more financially stable than in actuality.
Inherent risk is highest when management has to use a substantial amount of judgment and approximation in recording a transaction, or where complex financial instruments are involved.
Examples of Inherent Risk
Inherent risk is often present when a company releases forward-looking financial statements, either to internal investors or the public as a whole. Forward-looking financials by nature rely on management's estimates and value judgments, which pose an inherent risk.
When an estimation is made, it should be disclosed to financial statement users for clarity.
The same applies to accounts that require approximations or value judgments by management. Fair value accounting estimates are tricky to make and can be highly subjective.
What Are the 3 Types of Audit Risk?
There are three main types of audit risk: Inherent risk, detection risk, and control risk.
What Is the Difference Between Inherent Risk and Control Risk?
Inherent risk is an error or omission in a financial statement due to a factor other than a failure of internal control. Control risk, on the other hand, refers to the misstatement of financial statements due to sloppy accounting practices.
Can Auditors Reduce Inherent Risk?
If inherent and control risks are considered high, an auditor can keep the overall audit risk at a reasonable level by lowering the detection risk. This can be achieved by targeted audit selections or increased sample sizes.
What Factors Can Increase Inherent Risk?
Factors that can increase inherent risk include subjective estimates, non-routine transactions, and the use of complex financial instruments. Generally, the more complicated a company’s business model and transactions are, the higher the inherent risk is.
The Bottom Line
Inherent risk is not always easy to spot, particularly compared to the other main two audit risks, and increases substantially in business sectors where transactions are open to a substantial amount of judgment and approximation. These risks are important to take into account as they can drastically mislead investors and are generally best combatted by getting several qualified auditors to go over the books.