A type of risk that is untreated or unprocessed, i.e., still in its raw or natural form. The effect of an inherent risk is still not subject to conscious management intervention. It is typically defined as the level of risk in place before an entity takes any action to address the risk’s impact or likelihood. For example, a process that has not been controlled or mitigated by means of risk management is perceived to be exposed to, or associated with, inherent risk. This type of risk can be assessed for a specific event or threat, but without any application of mitigation controls or before considering existing controls.

In accounting (inherent risk), it is the risk arising from an error, omission or misstatement in a financial statement due to an inherent factor (other than a failure of internal control). A financial statement is said to be exposed to inherent risk if it is probable that it would become defective due to error, omission, or misstatement, associated with factors beyond the reach of internal controls.