What is Inherent Risk?
Inherent risk is defined as the variant of enterprise-level risk wherein the probability of loss is derived from the organisation’s type and complexity without any potential modifications to the prevalent environment. It is basically one of the major components of audit risk. The audit risk comprises of inherent risk, detection risk, and control risk.
Components of Inherent Risk
Components of Inherent Risk are as follows:
1. Business Type
The organization’s way of conducting its day to day business operations is one of the key factors that give rise to the inherent risk (IR). If it is unable to cope with the dynamic environment and shows susceptibility to adaption, then it increases the level of inherent risk.
2. Execution of Data Processing
The ability of the business to employ technology and computers to transform raw data to meaningful information is termed as data processing. If the business employs poor IT infrastructure to drive and perform data processing, it can increase the organisation’s inherent risk.
3. Complexity Level
This attribute focus on how the business record complex transactions and activities. It is always assumed that the business driving high complex work to execution and completion would also have the probability of completing them incorrectly, increasing the level of inherent risk. An organization collecting information from several subsidiaries with the intent of collation is regarded as highly complex work which could be composed of material misstatements, which in turn give rise to inherent risk.
4. Ignorant Management
The management that is fairly ignorant towards their subordinates and daily activities can give rise to the levels of inherent risk. If not being proactive, the management can always miss out on material misstatements arising out in the general nature of the business, which in turn gives rise to IR.
5. Integrity of Management
A very strong and critical driver in raising the organisation’s inherent risk is the low and decreased integrity of the management. A management driving unethical business could always lead to deterioration in the reputation of the organization, which further leads to a loss in business and hence raising the level of IR.
6. Previous Results on Audits
If the audits performed by previous auditors were weak, biased or if they intentionally ignored material misstatements, such scenarios can give rise to inherent risk. These events or occurrences have tendencies to reappear and repeat themselves.
7. Transactions Among Related Parties
The transactions that happen between related parties also give rise to inherent risk. There is an equal likelihood that the asset’s value in the financial deal between related entities may over or understate.
The organization itself may be involved in the dealing of financial assets whose values are always misappropriated with the transaction happening on biased terms. This again gives rise to inherent risk due to the fact that there is a rise in frauds.
9. Acquiring New Engagements
Whenever a firm acquires new activities, deliverables or tasks, there is always a probability that the tasks submitted to the client may be inaccurate or wrong. This again gives rise to the level of inherent risk.
Inherent Risk Formula
An investigation performed by the auditor can only determine the level of inherent risk. The auditor can have discussions with management. He may further look into prior results on the audits performed by earlier auditors. The basis on the level of discussions and data gathering, the auditor, can develop an inherent level risk matrix model.
The calculation of inherent risk can be bifurcated under various broad qualitative parameters. Another method to determine the IR may involve in bifurcating the activities happening in the organization into low risk, moderate and high risk, with each risk having some threshold number and then multiplying the risk levels together to arrive at the IR score. The IR is always inversely proportional to the detection risk. Hence methods should be developed that computes detection risk.
The IR can be derived and computed using the audit risk model formula as displayed below: –
The inherent risk can also be deduced using the ratio of the risk of material misstatements and control. This can be illustrated as displayed below: –
Control risk is defined as the risk which tends to surface when the internal controls in place have failed, and the financial statements have missed highlighting the failures of internal controls. The audit risk corresponds to the risk that arises when there is material misstatements on the financial statements, whereas audit opinions present a fair picture. The detection risk corresponds to the risk where the auditor displays an inability to catch material misstatements.
The risk of material misstatements corresponds to the risks beared by the unaudited financial statements. To curb the material misstatements, audits of the financials become absolutely critical.
Examples of Inherent Risk
Examples of IR are given below
A very broad example of inherent risk can be illustrated by highlighting the nature of the technology business. The technology business operates under a dynamic and everchanging environment. The lifecycles of products developed by them always remain short.
The IR rises if the technology business does not adapt to a dynamic environment and innovate on new products. Hence, each technology business has its own research and development wing, which develops new products and curb the IR.
The Financial service business has released unaudited financial statements. Such financial statements may be composed of forward-looking numbers yet to be materialized. These forward-looking numbers may be based on bias, judgments, and estimates of the management. It may hide substantial information impacting users of the financial statements, which in turn results in the inherent risk.
To reduce inherent risk, the management should release broad advisory that these numbers are just approximation and should be utilized to clarify among internal stakeholders.
Example #3 – Practical Application
In the recent US financial crisis of 2007-2008, there was the usage of collateralized debt obligations. Each tranche of CDO had variable quality and was repetitively repackaged to the investors. The financial transactions were so complex that they were difficult to comprehend for the financial experts and analysts. The complexity of transactions gave rise to the IR.
- The inherent risk is directly related to the volume and the complexity of transactions performed by the business.
- If the volume and complexity achieved are adverse and high, then this can give birth to high IR.
- They are additionally prone to subjective estimates with zero groundwork.
- It also rises with the quick changes in the accounting policies within a short span of time.
The audit risk model is composed of three broad risks, namely inherent risk, control risk, and detection risk. It is the responsibility of the auditor to assess the past audited results, perform investigations and have comprehensive discussions with the management at all levels of the organization to understand the nature of the business and results being achieved by the organization, which is, however, susceptible to the inherent risk. The IR could only be reduced if there is timely detection of the material misstatements by the auditor.
This is a guide to Inherent Risk. Here we discuss the Introduction and Examples of IR along with Components of Inherent Risk. You can also go through our other suggested articles to learn more –