Businesses today rely on the work being done by staff using personal computers. The proliferation of personal computers has led to widespread implementation of end-user computing applications. As their name implies, end-user applications are designed, implemented, and controlled by users rather than by IT professionals. End-user applications can be risky for organizations, both with respect to management decision making and to financial reporting. For public companies, the risk involved in these applications has been increased by the requirements of the Sarbanes-Oxley Act of 2002, which call for management to document end-to-end financial operations and internal control structures. This article review the reasons for the prevalence of end-user applications and their inherent problems, as well as the strategies for the internal control of these applications for various-sized businesses. For all companies, a policy should be put in place and communicated to employees about the use of end-user applications.