Inherent risk, in the audit of financial statements, is the risk that the account, disclosure or financial statement note being attested to by an independent CPA firm is materially misstated without considering internal controls

Internal control

In accounting and auditing, internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's...

 due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited.

Range of assessment

Inherent risk is typically assessed using a scale, with assessments being either low, medium, or high. Assessments of medium or high risk will require additional audit work to be performed in order to reduce the audit risk.

Inherent risk is a client risk; since it is outside of the auditor's control the auditor's response is to adjust detection risk.

Factors in assessing inherent risk

Considerations which an auditor may include in assessing inherent risk include:

• complexity of determining the account amount (if it is an estimate or a financial statement disclosure)
• past history (including any audit differences identified)
• the circumstances of the entity's business environment
• management's overall risk awareness

For example, the valuation of accounts receivable would have a higher inherent risk assessment since the amount of allowance is subjective and is an accounting estimate. In contrast, the valuation assertion of cash and cash equivalents would have a lower inherent risk as the amount involves no estimation and is thus less susceptible to manipulation.