What is Control Risk?

Control risk is the probability that financial statements are materially misstated, due to failures in the controls used by a business. When there are significant control failures, a business is more likely to experience undocumented asset losses, which mean that its financial statements may reveal a profit when there is actually a loss.

Who is Responsible for Control Risk?

The managers of a business are responsible for designing, implementing, and maintaining a system of controls that is adequate for preventing the loss of assets. It is not easy to maintain a solid system of controls, since the system must be periodically altered to fit ongoing changes in business processes, as well as to deal with entirely new business transactions. Also, management may knowingly avoid implementing certain controls, on the grounds that they are too expensive to maintain or that they interfere with the smooth flow of transactions that impact customers.

Who Monitors Control Risk?

The monitoring of controls is a key task for a company’s internal audit department. When control issues are found, they communicate these problems to management and the audit committee, with recommendations for improvements to be made.

Control Risk Best Practices

The primary best practice related to control risk is to conduct periodic reviews of an organization’s systems to ensure that controls are being updated to match changes in processes. When a business operates in a dynamic market environment, it will likely need to alter its processes continually, which calls for ongoing control changes. If these controls are not implemented properly, then there is a good chance that its control risk will increase.