Difference Between Inherent Risk and Control Risk
Every business transaction is faced by a low, medium or high risk that should be mitigated through internal controls. A risk can be defined as the likelihood that an oversight, error or an unexpected event will result in financial loss. While authorities require all publicly traded companies to provide the correct relevant information regarding the current and future status of the business, an auditor may in some instances issue incorrect opinions on a business’ financial statements. These risks are classified into three forms, namely; inherent risks, control risks and detection risks.
What is Inherent Risk?
This is a material misstatement as a result of an omission or an error in the financial statements due to factors other than the failure of control. This is normally higher where a high degree of estimation or judgement is involved.
Inherent risks can be increased as a result of:
- The inability of a company to cope with or adapt to a rapidly changing business environment
- Method of recording complex activities and transactions such as a firm collecting data from several subsidiaries to combine it later
- Lack of integrity in a company’s staff management such as unethical business practices
- Biased or weak audits whereby auditors intentionally ignored misstatements
- Transactions involving relating entities as there is a chance of overstatement or understatement of financial assets
Inherent risk represents a worst-case scenario of audit risks as it shows that all internal controls put in place have failed.
What is Control Risk?
This is a risk caused by the misstatement of financial statements that stems from failures in a firm’s internal controls. A major failure in internal controls may see organizations report profits due to undocumented losses. Although it’s difficult for a company to maintain a fully functional internal controls system, an organization’s leadership is responsible for maintaining, designing and implementing a system. As such, periodic reviewal of internal controls systems is essential.
Control risks can increase in an organization as a result of;
- Failure to segregate duties to the right staff
- Failure to verify documents and transactions
- A non-transparent supplier selection process
- Non-involvement in the management in the approval of documents
Similarities between Inherent Risk and Control Risk
- Both are used to manage the risk of an audit engagement
Differences between Inherent Risk and Control Risk
Definition
Inherent risks refer to a material misstatement as a result of an omission or an error in the financial statements due to factors other than the failure of control. On the other hand, control risk refers to a risk caused by the misstatement of financial statements that stems from failures in a firm’s internal controls.
Nature
While inherent risk is inevitable, control risk can be avoided through the implementation of effective internal control.
Inherent Risk vs. Control Risk: Comparison Table
Summary of Inherent Risk vs. Control Risk
Inherent risks refer to a material misstatement as a result of an omission or an error in the financial statements due to factors other than the failure of control. On the other hand, control risk refers to a risk caused by the misstatement of financial statements that stems from failures in a firm’s internal controls. Despite the differences, both are used to manage the risk of an audit engagement.
- Difference Between Profit Center and Investment Center - July 2, 2022
- Difference Between Anti-Trust and Anti-Competition - June 6, 2022
- Difference Between Stocktaking and Stock Control - June 6, 2022
Search DifferenceBetween.net :
Email This Post : If you like this article or our site. Please spread the word. Share it with your friends/family.
Leave a Response
References :
[0]Whittington R & Delaney P. Wiley CPA Examination Review, Outlines and Study Guides. John Wiley & Sons Publishers, 2009. https://books.google.co.ke/books?id=AHuZa_EcXOcC&pg=PA56&dq=Difference+Between+Inherent+Risk+and+Control+Risk&hl=en&sa=X&ved=2ahUKEwi5lPufiIfqAhWRSxUIHdr4C_UQ6AEwAHoECAIQAg#v=onepage&q=Difference%20Between%20Inherent%20Risk%20and%20Control%20Risk&f=false
[1]Whittington R & Delaney P. Wiley CPA Examination Review, Outlines and Study Guides. John Wiley & Sons Publishers, 2009. https://books.google.co.ke/books?id=AHuZa_EcXOcC&pg=PA56&dq=Difference+Between+Inherent+Risk+and+Control+Risk&hl=en&sa=X&ved=2ahUKEwi5lPufiIfqAhWRSxUIHdr4C_UQ6AEwAHoECAIQAg#v=onepage&q=Difference%20Between%20Inherent%20Risk%20and%20Control%20Risk&f=false
[2]Lynford Graham. Complying with Sarbanes-Oxley Section 404: A Guide for Small Publicly Held Companies. John Wiley & Sons Publishers, 2010. https://books.google.co.ke/books?id=lWm-oGbmi2gC&pg=PA102&dq=Difference+Between+Inherent+Risk+and+Control+Risk&hl=en&sa=X&ved=2ahUKEwi5lPufiIfqAhWRSxUIHdr4C_UQ6AEwBnoECAQQAg#v=onepage&q=Difference%20Between%20Inherent%20Risk%20and%20Control%20Risk&f=false
[3]Rhett Harrell. Local Government and Single Audits. CCH, 2006. https://books.google.co.ke/books?id=tbEWxzpNr_MC&pg=RA7-PA47&dq=Difference+Between+Inherent+Risk+and+Control+Risk&hl=en&sa=X&ved=2ahUKEwi5lPufiIfqAhWRSxUIHdr4C_UQ6AEwBXoECAAQAg#v=onepage&q=Difference%20Between%20Inherent%20Risk%20and%20Control%20Risk&f=false
[4]Image credit: https://commons.wikimedia.org/wiki/File:Cyber_Assessment_Tool_Inherent_Profile_Layout.jpg
[5]Image credit: https://commons.wikimedia.org/wiki/File:Hierarchy_of_Controls.PNG