Is Word document-comparison software SOX compliant?

Is Word document-comparison software SOX compliant?

Is there any Sarbanes-Oxley issue with using document-comparison software to compare an original unsigned contract in Word (.doc format) to a signed contract (returned in .tif format)?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The short answer is: Ask your auditor. The long answer is: I'm not sure. I can see why it wouldn't be a problem from a theoretical perspective. After all, the main point of the Sarbanes-Oxley Act (SOX) is to ensure executives can, with certainty, assert that their financial records are accurate. Certainly, there are cases where financially relevant contracts will regularly be passed back and forth between organizations and legal departments, and other groups will want to know if unapproved changes were made. This can be particularly challenging with contracts that are more then a couple of pages long, not to mention those that are hundreds or thousands of pages long, which is not unheard of. Given this situation, document-comparison tools would likely be accepted by auditors in a general sense.

Where this question gets interesting is in the details. As a security practitioner, I'd want to have a much deeper understanding of how the software you reference works. Comparing two files of the same format is a relatively straightforward proposition, However, comparing multiple formats becomes a much more challenging issue, which gets even more interesting when one of those formats is an image.

In order to compare the text from a .doc (or .docx) to a .tif, it's necessary to do some sort of optical character recognition (OCR) and then compare it to the text in the .doc(x) file. This is, to say the least, not the easiest thing to do. So before I'd sign off on this, I'd want a strong assurance from the vendor that the tool is actually capable of performing the necessary comparisons so that I would be comfortable telling a CEO or CFO they can rely on such a technology. Similarly, I know a lot of other auditors that would need the same level of confidence. So, to summarize: Ask your auditor.

For more information:

  • Does SOX provision email archiving? Read more.
  • Get more information on internal audits for Sarbanes Oxley and internal IT support.

    • This was first published in August 2009

    Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.
      Back to top