Inherent risk rating evaluates the raw exposure based purely on the nature of the activity, asset, or process, assuming no controls exist. This assessment establishes the baseline risk level that informs control design and resource allocation decisions. Comparing inherent risk to residual risk reveals control effectiveness and helps prioritize control improvements. Organizations typically rate inherent risk on standardized scales combining likelihood and impact dimensions. Cash-intensive retail businesses face high inherent fraud risk due to transaction volumes and accessibility of funds, necessitating robust controls like segregation of duties, reconciliation procedures, and surveillance systems.