Rosati, P, Gogolin, F and Lynn, T (2019) Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters. International Journal of Accounting, 54 (03). 1950013. ISSN 1094-4060
Abstract
This study investigates the impact of cyber-security incidents on audit fees. Using a sample of 5,687 firms, we find that (i) breached firms are charged 12% higher audit fees, and (ii) firms operating in the same industry of a breached firm are charged 5% higher fees. Finally, using a difference-in-difference regression on a propensity score matched sample, we provide evidence suggesting that auditors do not revise their audit risk assessment following a breach. Overall, these results suggest that the increase in audit fees in the year of a breach is only temporary, and that auditors include cyber-security risk in their audit risk assessment even before an incident occurs. Higher cyber-security risk is ultimately reflected in higher audit fees paid by auditees.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | This article is protected by copyright. This is an author produced version of a journal article published in The International Journal of Accounting. Uploaded in accordance with the publisher's self-archiving policy. |
Keywords: | Audit risk; audit fees; cyber security; SEC comment letters |
Dates: |
|
Institution: | The University of Leeds |
Academic Units: | The University of Leeds > Faculty of Business (Leeds) > Accounting & Finance Division (LUBS) (Leeds) |
Depositing User: | Symplectic Publications |
Date Deposited: | 07 Aug 2019 12:43 |
Last Modified: | 19 Sep 2020 00:38 |
Status: | Published |
Publisher: | World Scientific Publishing |
Identification Number: | 10.1142/S1094406019500136 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:149378 |