Inherent risk may be greater for some assertions than others. The auditor can change the assessed level of inherent risk but cannot change the actual level of inherent risk. Inherent risk assessments occur primarily in the planning phase of the audit. Control risk is the risk that material errors or misstatements will escape control. It is not detected, prevented or modified in a timely manner by the customer's internal control system. It will occur in the account balance, disclosure or transaction class. This risk depends on the effectiveness of the design and operation of an entity's internal control. The control risk may not be zero, it may be minimal. Some control risks may always exist, due to the inherent limitations of internal control. The auditor can evaluate control risk at a certain level. For example, the auditor may choose the maximum value of 100% to estimate control risk. This is because it has been determined that no related controls exist or the auditor does not expect the controls to actually be exercised. The auditor may also set control risk at the maximum level in the belief that it is more efficient or less costly to conduct extensive substantive tests on the account balance rather than to conduct detailed tests on the situation