Internal Control (IC) — IDM / IAM / IGA Glossary

Definition

Process or mechanism implemented by management to provide reasonable assurance regarding effectiveness of operations, reliability of financial reporting, and compliance with laws/regulations. Identity-related internal controls: access provisioning workflows, periodic access certification, SoD enforcement, privileged access management, audit logging.

Application: SOX, SOC 2, ISO 27001, NIST 800-53 all enumerate internal control requirements. Identity controls typically classified as «IT General Controls» (ITGCs) — foundational to financial reporting reliability.

Standards & regulations

NIST SP 800-53 Rev. 5 «Internal control. A process, effected by an entity’s oversight body, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following »
NIST SP 800-37 Rev. 2 «Internal control. The policies, procedures, techniques, and mechanisms that organizations use to achieve their objectives and to ensure that appropriate actions are taken to address risks. Internal co»
NIST SP 800-39 «Internal control. A process, effected by an entity’s oversight body, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following »

Sources

NIST SP 800-53 Rev. 5 (csrc.nist.gov) primary source

Related terms

← Back to glossary · Open in main list

Internal Control IC

Definition

Related terms