IDEAS home Printed from https://ideas.repec.org/a/wsi/tijaxx/v54y2019i03ns1094406019500136.html
   My bibliography  Save this article

Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters

Author

Listed:
  • Pierangelo Rosati

    (Irish Institute of Digital Business, DCU Business School, Dublin City University, Collins Avenue, Glasnevin, Dublin 9, Ireland)

  • Fabian Gogolin

    (Leeds University, Business School, UK)

  • Theo Lynn

    (Irish Institute of Digital Business, DCU Business School, Ireland)

Abstract

This study investigates the impact of cyber-security incidents on audit fees. Using a sample of 5,687 firms, we find that (i) breached firms are charged 12% higher audit fees, and (ii) firms operating in the same industry of a breached firm are charged 5% higher fees. Finally, using a difference-in-difference regression on a propensity score matched sample, we provide evidence suggesting that auditors do not revise their audit risk assessment following a breach. Overall, these results suggest that the increase in audit fees in the year of a breach is only temporary, and that auditors include cyber-security risk in their audit risk assessment even before an incident occurs. Higher cyber-security risk is ultimately reflected in higher audit fees paid by auditees.

Suggested Citation

  • Pierangelo Rosati & Fabian Gogolin & Theo Lynn, 2019. "Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters," The International Journal of Accounting (TIJA), World Scientific Publishing Co. Pte. Ltd., vol. 54(03), pages 1-56, September.
    • Handle: RePEc:wsi:tijaxx:v:54:y:2019:i:03:n:s1094406019500136
    DOI: 10.1142/S1094406019500136
    as

    Download full text from publisher

    File URL: https://www.worldscientific.com/doi/abs/10.1142/S1094406019500136
    Download Restriction: Access to full text is restricted to subscribers
    File URL: https://libkey.io/10.1142/S1094406019500136?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zhang, Yimei & Smith, Thomas, 2023. "The impact of customer firm data breaches on the audit fees of their suppliers," International Journal of Accounting Information Systems, Elsevier, vol. 50(C).
    2. repec:thr:techub:10035:y:2022:i:1:p:18-28 is not listed on IDEAS
    3. Tran Nguen Bao Ngo & Andrea Tick, 2021. "Cyber-security risks assessment by external auditors," Interdisciplinary Description of Complex Systems - scientific journal, Croatian Interdisciplinary Society Provider Homepage: http://indecs.eu, vol. 19(3), pages 375-390.
    4. Asaad Mohammed Ali Wahhab & Baneen Hassoun Jawad & Emad Hamza Abd Alajeli, 2022. "Auditing cybersecurity risks considering the information renaissance and its impact on the continuity of companies," Technium Social Sciences Journal, Technium Science, vol. 35(1), pages 18-28, September.
    5. Alex Frino & Riccardo Palumbo & Pierangelo Rosati, 2023. "Does information asymmetry predict audit fees?," Accounting and Finance, Accounting and Finance Association of Australia and New Zealand, vol. 63(2), pages 2597-2619, June.
    6. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    7. Tran Nguen Bao Ngo & Andrea Tick, 2021. "Cyber-security risks assessment by external auditors," Interdisciplinary Description of Complex Systems - scientific journal, Croatian Interdisciplinary Society Provider Homepage: http://indecs.eu, vol. 19(3), pages 375-390.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wsi:tijaxx:v:54:y:2019:i:03:n:s1094406019500136. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Tai Tone Lim (email available below). General contact details of provider: https://www.worldscientific.com/worldscinet/tija .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.