Inherent Risk Assessment identifies and measures the raw level of risk exposure based solely on the nature of business activities, without credit for existing controls. This assessment establishes a baseline understanding of maximum potential impact and likelihood, informing control design decisions and resource allocation. Organizations compare inherent risk to residual risk to evaluate control effectiveness and efficiency. For instance, a pharmaceutical manufacturer conducting clinical trials faces inherent patient safety risks that are very high; robust protocols, monitoring, and adverse event reporting systems reduce this to an acceptable residual level.