There are many definitions of internal control in the public as well as the private sector, as it affects the various constituencies(stakeholder) of an organization in various ways and at different levels of aggregation. Internal controls within business entities are referred to as operational controls. Under the Combined Code on Corporate Governance framework, a widely-used framework in not only the United Kingdom but also around the world, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (i) Effectiveness and efficiency of operations; (ii) Reliability of financial reporting; and (iii) Compliance with laws and regulations. Internal control can provide reasonable, yet not absolute, assurance that the objectives of an organization will be met. The concept of reasonable assurance implies a high degree of assurance, constrained by the costs and benefits of establishing incremental control procedures. At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective(e.g., how to ensure that the organization's payments to third parties are for valid services rendered.) Effective internal control implies that the organization generates reliable financial reporting and substantially complies with the laws and regulations that apply to it. However, whether an organization achieves operational and strategic objectives may depend on factors outside the entity, such as competition or technological innovation. These factors are outside the scope of internal control; therefore, effective internal control provides only timely information or feedback on progress towards the achievement of operational and strategic objectives. In the modern world, government objectives and the environment in which agencies operate are constantly evolving. As a result, the risks facing organizations are also continually changing. A successful system of internal control must therefore be responsive to such changes - enabling adaptation quicker than its competitors. Effective risk management and internal control is therefore reliant on a regular evaluation of the nature and extent of risks. I believe this study will meet some challenges by providing genuine, practical lesson which, in my view, is as much about enabling performance as it is about embedding risk and control into the Korean public sector. A whole governmental body is required to prepare a standard, integrated rule to structure the internal controlling system. Lawmakers should pay attention to various elements in making the system, such as the purpose, impose clear liability to the subject authority, recognize the risk and the appropriate cost of its control, research on the policy efficiency, showing auditors corrections and consulting ability, development of human resources, etc.