In financial and managerial accounting, inherent risk is defined as the possibility of incorrect or misleading information in the financial statements as a result of something other than the failure of controls. Inherent risk incidents are more common when accountants have to use a greater amount of judgment and approximation than normal, or when complex financial instruments are involved. It is often present when a company publishes prospective financial statements.
- Inherent risk, as applied to accounting practice, is the risk that incorrect or misleading information appears in the financial statements that occurred for reasons other than the failure of controls.
- These incidents often occur when using complex financial instruments or when a company publishes earnings guidance for future quarters.
- Inherent risk can be considered in conjunction with audit risk, which is the possibility of making mistakes when conducting an audit.
- In addition to inherent risk, audit risk also includes control risk and detection risk.
Types of audit risk
To understand inherent risk, it is helpful to place it within the context of the audit risk analysis. Audit risk is the risk of error when conducting an audit, and is traditionally divided into three different types.
- Control risk: Control risk occurs when a financial misstatement is the result of a lack of adequate accounting controls in the company. This is more likely to come in the form of fraud or lazy accounting practices.
- Detection risk: It is also possible that the auditors simply do not detect an easy to notice error in the financial accounts. This is known as detection risk. Typically, the risk of detection is offset by increasing the number of transactions sampled during the test.
- Inherent risk: Considered the most pernicious of the major components of audit risk, inherent risk cannot be easily avoided by further training of auditors or creating controls in the audit process. However, it is one of the risks that auditors and analysts should look for when reviewing financial statements, along with control risk and detection risk.
Common examples of inherent risk
Inherent risk is common in the financial services industry. Reasons include the complexity of regulating financial institutions (the large and ever-changing number of rules and regulations), the large networks of related companies, and the development of derivative products and other intricate instruments that require complicated calculations to evaluate.
Financial institutions often have complicated and long-lasting relationships with multiple parties. A holding company may be involved with several different entities at once, each of which controls special purpose vehicles and other off-balance sheet entities. Each level of organizational structure can have a large number of investor and customer relationships. Related parties are also notoriously less transparent than separate entities.
Business relationships include those with auditors; both initial and repeated engagements with auditors create some inherent risk. Initial auditors may be overwhelmed by complexity or new topics. Repeated participation can cause overconfidence or laxity due to personal relationships.
Non-routine accounts or transactions may present some inherent risk. For example, accounting for fire damage or acquiring another company is so rare that auditors run the risk of focusing too much or too little on the single event.
Inherent risk is particularly prevalent for accounts that require many estimates, approximations, or value judgments on the part of management. Accounting estimates of fair value are difficult to make and the nature of the fair value process should be disclosed in the financial statements. Auditors may need to research and interview company decision makers about estimation techniques to reduce error. This type of risk is magnified whether it occurs rarely or for the first time.