What is Inherent risk?


Inherent risk has been defined in the standards as follows:

The susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.

Simply put, management make assertions in financial statements which might be materially wrong because of misstatements if internal control system is not in place to guard against such misstatements. And in absence of any checks to ensure accuracy of financial information, financial statements and assertions related to it can also be wrong.

Every system has its own weaknesses and also every accounting system no matter however fool proof we make it, still there are chances that if related controls are absent that inherent risks might creep into financial information.

For example, accounting system cannot on its own check whether KPO is entering the correct amount of invoice in the ledgers. So, there is a risk that KPO will make errors when typing in the values and if there are no controls to stop such mistake then financial information will be misstated. But if the relevant controls are in place then it can be avoided like system checks on its own whether the amount typed in is equal to the value of order delivered or not and if its not than system will give the warning message.

From the auditor’s point of view, inherent risks are important as it complements audit risk. If inherent risk is high then existence of material misstatements is more expected and thus more pressure on auditor that it is possible that auditor will express inappropriate opinion i.e. stating that financial statements give true and fair view where they actually don’t.