True Partners Insights

Pillar Icon

Three Types of Internal Tax Control Risks Every Business Should Consider

By: John P. Bennecke Jennifer Crawford |

When looking at internal controls from a tax perspective, businesses tend to zero in on financial statement risk. And while that’s important, there’s really a lot more to it than that. In order to get a complete picture, there are three broad areas of risk that all companies should take into account.

Inherent risk. This is risk that exists due to the nature of the company and its environment. It could be related to the organization’s structure, operations, staff or even its industry. Examples include:

  • A decentralized, global organization with operations in multiple jurisdictions will have inherent risk due to the lack of a central control responsibility
  • Financial transactions that require complex calculations are inherently subject to misstatements over simple calculations
  • A company in high growth may face inherent risk if its focus on advancement and acquisition outweighs its focus on internal controls
  • Companies operating in highly regulated sectors, such as the financial sector, are more likely to have higher inherent risk, especially if the company does not have an internal audit department or has an audit department without an oversight committee with a financial background

Control risk. This is a risk that established internal controls will not prevent or detect material errors to the financial statement. An effective control is designed to detect errors at the right time. The key to that effectiveness comes down to people, process and technology:

  • people with the right training and skill set;
  • a process that captures the right data at the right time;
  • the right technology to help make that happen.

Often times when a control risk is present there’s either a design deficiency or a company may have outgrown its internal controls and they need updating.

Detection risk. This is the risk that an auditor will fail to detect an error. Because every tax control will ultimately be tested both internally and externally by auditors, it can happen even if inherent risks have been addressed and appropriate internal controls are in place. It usually comes down to human error, often as a result of inadequate technical tax training. If the person doing the testing doesn’t understand what the outcome should be there’s a risk that errors won’t be detected.

Whether it’s inherent risk, control risk or detection risk, risk management is essential to the implementation of internal controls. The experienced tax professionals at True Partners Consulting can evaluate all areas of risk and design effective controls to avoid them. Let us help you. To learn more about the types of risk affecting your business, contact John Bennecke at