Inherent risk is a term used in risk management to describe the natural level of risk inherent in a process or activity without doing anything to reduce the likelihood or mitigate the severity of a mishap. It is the current risk level given the existing set of controls, which may be incomplete or less than ideal, rather than an absence of any controls. Inherent risk is contrasted with residual risk, which is the amount of risk left after treatment and added security measures.
In accounting, inherent risk indicates the probability of any material misstatements in financial reporting caused by factors other than an internal control failure. In a financial audit, inherent risk is most likely to occur when transactions are complex or in situations that require a high degree of judgment in regard to financial estimates. Inherent risk is one of the risks auditors and analysts must look for when reviewing financial statements, along with control risk and detection risk.
Risk management or risk control approaches are supposed to reduce both the impact and likelihood of inherent risk. However, risks cannot be eliminated completely, and residual risk is the remaining level of risk following the development and implementation of the entity’s response.