When the internal control system is nonexistent or so weak that a class of transaction or account balances are susceptible to the material misstatement then the risk associated is known as inherent risk. It is very important for the auditor to assess the inherent risks associated with all material transactions and should be considered while developing overall audit plan and drawing up audit programmes.
The assessment of inherent risks is the professional judgements of the auditors However, there are a few general factors that the auditor can consider while assessing the inherent risk. Some of the examples are the management experience and knowledge, nature of business, reliability of business partners, level of engagement of professionals and experts, availability of standard set of policies and rules, etc.
When there is related accounting and internal control system for a class of transaction or accounts balances but a material misstatement could occur in an individual case as independent of others that would not normally be prevented or detected by the internal control and accounting system, then there is existence of control risk.
The auditor should assess whether the accounting and internal control system for a transaction or account balance are effective and sufficient. It is also important how the control mechanisms relate to each other in various transactions and account balances.
The audit programme and procedures should be drawn and audit should be performed in light of the possibility of material misstatement that could occur in any transaction or account as a control risk.
Thus, inherent risk is existence risk whereas control risk is procedural lapses risks. Inherent risks can be minimized by adopting certain rules and steps whereas control risks can be minimized by way of continuing assessment of implementation of management rules, procedures and systems.