Protecting a company’s business and financial information is an activity common in today’s economic environment, with internal controls being the most common term for the tasks. While these activities are certainly quite old in use, the term internal control is not.


The American Institute of Accountants first defined the term internal control in 1949, followed by further clarifications in 1958 and 1972. In 1977 publicly held companies came under legislation to adequately implement controls to protect their financial information. A report by the Committee of Sponsoring Organizations in 1992 and the Sarbanes-Oxley Act of 2002 are more recent documents defining internal controls.


Internal controls help a company present reliable financial reports to stakeholders, comply with laws and regulations, and have efficient and effective operations. For example, controls can limit the number of activities one employee completes in the company or require management authorization or review of financial statements and reports.


Companies use internal controls to ensure individuals within the company do not attempt to use information for personal use and to inhibit individuals who may attempt to embezzle funds or steal inventory, which can increase a company’s operating costs and lower its profit.