Problem solve Get help with specific problems with your technologies, process and projects.

Is Word document-comparison software SOX compliant?

The SOX audit process can be daunting, especially when it comes to finding SOX-compliant software. In this expert response, learn whether Word document-comparison software is SOX compliant.

Is there any Sarbanes-Oxley issue with using document-comparison software to compare an original unsigned contract in Word (.doc format) to a signed contract (returned in .tif format)?
The short answer is: Ask your auditor. The long answer is: I'm not sure. I can see why it wouldn't be a problem from a theoretical perspective. After all, the main point of the Sarbanes-Oxley Act (SOX) is to ensure executives can, with certainty, assert that their financial records are accurate. Certainly, there are cases where financially relevant contracts will regularly be passed back and forth between organizations and legal departments, and other groups will want to know if unapproved changes were made. This can be particularly challenging with contracts that are more then a couple of pages long, not to mention those that are hundreds or thousands of pages long, which is not unheard of. Given this situation, document-comparison tools would likely be accepted by auditors in a general sense.

Where this question gets interesting is in the details. As a security practitioner, I'd want to have a much deeper understanding of how the software you reference works. Comparing two files of the same format is a relatively straightforward proposition, However, comparing multiple formats becomes a much more challenging issue, which gets even more interesting when one of those formats is an image.

In order to compare the text from a .doc (or .docx) to a .tif, it's necessary to do some sort of optical character recognition (OCR) and then compare it to the text in the .doc(x) file. This is, to say the least, not the easiest thing to do. So before I'd sign off on this, I'd want a strong assurance from the vendor that the tool is actually capable of performing the necessary comparisons so that I would be comfortable telling a CEO or CFO they can rely on such a technology. Similarly, I know a lot of other auditors that would need the same level of confidence. So, to summarize: Ask your auditor.

For more information:

  • Does SOX provision email archiving? Read more.
  • Get more information on internal audits for Sarbanes Oxley and internal IT support.
  • This was last published in August 2009

    Dig Deeper on Security audit, compliance and standards

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.