As signals of internal control weaknesses, cyber security incidents can represent significant
risk factors to the quality of financial reporting. We empirically assess the audit quality
implications of data breaches for a large sample of US firms. Using a difference-in-difference
approach based on a matched sample of breached and non-breached firms, we find no evidence
that cyber-security incidents result in a decline in audit quality. Instead, we observe positive
shifts in four widely-used proxies for audit quality. We document that breached firms (i)
experience a decrease in abnormal accruals, (ii) are less likely to report small profits or small
earnings increases, (iii) are more likely to be issued a going concern report, and (iv) are less
likely to restate their financial statements in the two years following a breach. Our results
indicate that auditors effectively offset increases in audit risk through additional substantive
testing and audit effort. Our evidence supports the view that auditors have increased their audit
risk awareness and put in place adequate procedures to deal with the consequences of cybersecurity incidents.
This item is licensed under a Creative Commons Attribution-NonCommercial-Share Alike 3.0 License. View License
Funders:
Irish Centre for Cloud Computing and Commerce, an Irish national Technology Centre funded by Enterprise Ireland and the Irish Industrial Development Authority, and by the Irish Institute of Digital Business
ID Code:
25939
Deposited On:
01 Jun 2021 10:31 by
Pierangelo Rosati
. Last Modified 15 Sep 2022 10:03