There are many definitions of internal control, as it affects the various constituencies (stakeholders) of an organization in various ways and at different levels of aggregation.
Under the COSO Internal Control-Integrated Framework, a widely-used framework in not only the United States but around the world, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations.

COSO defines internal control as having five components:
1.Control Environment-sets the tone for the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control.
2.Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed
3.Information and Communication-systems or processes that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities
4.Control Activities-the policies and procedures that help ensure management directives are carried out.
5.Monitoring-processes used to assess the quality of internal control performance over time.

The COSO definition relates to the aggregate control system of the organization, which is composed of many individual control procedures.
Discrete control procedures, or controls are defined by the SEC as: "...a specific set of policies, procedures, and activities designed to meet an objective. A control may exist within a designated function or activity in a process. A control’s impact...may be entity-wide or specific to an account balance, class of transactions or application. Controls have unique characteristics – for example, they can be: automated or manual; reconciliations; segregation of duties; review and approval authorizations; safeguarding and accountability of assets; preventing or detecting error or fraud. Controls within a process may consist of financial reporting controls and operational controls (that is, those designed to achieve operational objectives)."[4] Internal control is defined as "The process designed, implemented and maintained by - (a) those charged with governance, (b) management and (c) other personnel, to provide reasonable assurance about the achievement of an entity's objectives with regard to - (a) reliability of financial reporting, (b) effectiveness and efficiency of operation, (c) safeguarding of assets and (d) compliance with applicable laws and regulations."