Apart from governance and risk management, internal control is a third major component of corporate governance. Proper corporate governance relies upon risk management in order to identify the problems faced by the organization and on internal control in order to achieve its objectives. Internal auditors, apart from supporting the organization and enabling it to identify and monitor the risks lying ahead, must also understand and monitor the functioning of the internal control system which is the key to implementing the corporate governance principles. Internal control is a process implemented by the management of the public organization and directed at providing reasonable assurance in terms of meeting the organizational goals, which are grouped in the following categories: operating effectiveness and efficiency; reliability of financial reporting; compliance with the laws and regulations.

The design of the control system is highly significant when the system is used, and the part it plays in the management of the business entity is fundamental. For instance, budget control is a measure of performance. A supervisor can use this variation with difficulty or with ease. Used differently, the same measuring system may convey different benefits.

The organization of the internal control system in a manner that is divergent with the principles of planned economy has led managers to believe that control activities are discretionary, and the subsequent lack of management responsibility has weakened the efficiency of internal control systems during the first years after 1989.