When internal auditors perform a risk assessment, they generally focus on inherent risk. Inherent risk represents the susceptibility of an area or process to a material misstatement, assuming that there are no related internal controls. This type of risk is fundamental and must be assessed before considering the effectiveness of any controls in place. Control risk, on the other hand, refers to the possibility that a material misstatement will not be prevented or detected by an organization's control systems, and audit risk and detection risk are typically more relevant to the external audit process rather than internal audit risk assessments.