Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters

Abstract

This study investigates the impact of cyber-security incidents on audit fees. Using a sample of 5,687 firms, we find that (i) breached firms are charged 12% higher audit fees, and (ii) firms operating in the same industry of a breached firm are charged 5% higher fees. Finally, using a difference-in-difference regression on a propensity score matched sample, we provide evidence suggesting that auditors do not revise their audit risk assessment following a breach. Overall, these results suggest that the increase in audit fees in the year of a breach is only temporary, and that auditors include cyber-security risk in their audit risk assessment even before an incident occurs. Higher cyber-security risk is ultimately reflected in higher audit fees paid by auditees.

Metadata

Item Type:	Article
Authors/Creators:	Rosati, P Gogolin, F Lynn, T
Copyright, Publisher and Additional Information:	This article is protected by copyright. This is an author produced version of a journal article published in The International Journal of Accounting. Uploaded in accordance with the publisher's self-archiving policy.
Keywords:	Audit risk; audit fees; cyber security; SEC comment letters
Dates:	Published: September 2019 Published (online): 19 September 2019 Accepted: 30 July 2019
Institution:	The University of Leeds
Academic Units:	The University of Leeds > Faculty of Business (Leeds) > Accounting & Finance Division (LUBS) (Leeds)
Depositing User:	Symplectic Publications
Date Deposited:	07 Aug 2019 12:43
Last Modified:	19 Sep 2020 00:38
Status:	Published
Publisher:	World Scientific Publishing
Identification Number:	10.1142/S1094406019500136
Open Archives Initiative ID (OAI ID):	oai:eprints.whiterose.ac.uk:149378

CORE (COnnecting REpositories)

Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters

Abstract

Metadata

Download

Accepted Version

Export

Statistics