The most popular of internal control models today, the COSO model is based upon a model published by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. That report defined internal controls as, according to a business article on eNotes.com, "a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the ... effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations."
The COSO model outlines five components of an internal control system: the control environment, risk assessment, control activities, information and communication, and monitoring.
The COSO model is often depicted as a pyramid, with "the control environment" forming the base. "The control environment" is related to the environment formed by all levels of employees of the company, particularly regarding competence, integrity, operating style, etc. The remaining four components are rather interrelated.
"Risk assessment" refers to the methods by which risks are identified and monitored and whether risks have been accurately identified. Related to "risk assessment," "control activities" are the actual policies and procedures in place to mitigate risk.
"Information and communications" can be defined as how the information regarding data integrity is actually captured, the timeliness of that capture, etc. Similar but different, "monitoring" refers more to the quality of the internal controls and the methods that contribute to that quality.