Control risk represents the exposure remaining after accounting for designed control effectiveness, encompassing both control design adequacy and operational execution reliability. Auditors assess control risk when determining audit procedures scope and depth, with higher control risk necessitating more extensive substantive testing. Control risk increases when segregation of duties is inadequate, override capabilities exist, monitoring is infrequent, or control environments lack accountability. The Société Générale €4.9 billion trading loss exemplified extreme control risk where trader Jérôme Kerviel systematically bypassed risk limits, trade confirmations, and reconciliation controls over multiple years, revealing fundamental control execution and supervision failures.