Internal controls are systematic and procedural steps adopted by an organization to reduce risks, primarily in the areas of financial accounting and reporting, operational processing, and compliance with laws and regulations.
Internal controls (ICs) are essentially risk mitigation measures taken to strengthen an organization's systems and processes, as well as help prevent and detect errors and irregularities. The actual phases of mitigation (eg, review, approval, physical enumeration, separation of duty, etc.) are called 'control activities'.
Internal Controls can be broad-based covering the whole entity (i.e., Code of Conduct), or focused to a specific process or area (such as Order processing or Payroll, etc.). In the former case they are generally referred to as “Entity Level Controls (ELCs)” as part of the “Control Environment”.