The inherent risk may be higher for some assertions than for others. The auditor can change the assessed level of inherent risk, but cannot change the actual level of inherent risk. Inherent risk assessments occur primarily during the audit planning phase. Control risk is the risk that material errors or misstatements will circumvent control. They are not detected, prevented or modified in time by the customer's internal control system. This will occur in the account balance, disclosure or transaction category. This risk depends on the effectiveness of the design and operation of an entity's internal control. The control risk may not be zero, it may be minimal. Some control risk may always exist, this is due to the inherent limitations of internal control. The auditor can assess control risk at a certain level. For example, the auditor may choose the maximum of 100% to estimate control risk. This is because it is determined that there are no associated controls or that the auditor does not expect the controls to be applied effectively. The auditor may also set control risk at the maximum level, believing that it is more effective or less costly to conduct extensive substantive procedures on the account balance than to conduct detailed testing of the account balance..