Inherent risk is the probability of loss based on the nature of an organization's business, without any changes to the existing environment. The concept can be applied to the financial statements of an organization, where inherent risk is considered to be the risk of misstatement due to existing transactional errors or fraud.
The misstatement may be present in the financial statements or in the accompanying disclosures. This risk may be assessed by outside auditors as part of their audit of the financial statements of a business. Inherent risk is considered to be more likely under the following circumstances:
- Judgment. A high degree of judgment is involved in business transactions, which introduces the risk that an inexperienced person is more likely to make an error.
- Estimates. Significant estimates must be included in transactions, which makes it more likely that an estimation error will be made.
- Complexity. The transactions in which a business engages are highly complex, and so are more likely to be completed or recorded incorrectly. Transactions are also more likely to be complex when there are a large number of subsidiaries submitting information for inclusion in the financial statements. Another example of complexity is when an organization routinely engages in derivative transactions.
The effects of an inherent risk can be mitigated by using one or more precisely targeted controls. However, the effects of too many controls can be a less efficient organization, so management should weigh the benefits of risk reduction against the greater burden of more controls on the business.