The impact of audit firms’ characteristics on audit fees following information security breaches

Ju Chun Yen, Jee Hae Lim, Tawei Wang, Carol Hsu

Research output: Contribution to journalArticlepeer-review

21 Scopus citations


Given the importance of auditors’ assessing business risks and evaluating internal controls, we investigate whether an audit firm's industry expertise, tenure, and size can help its auditors better understand external and internal threats faced by the client with less effort. Using reported information security breach incidents from 2004 to 2013, we find that, consistent with prior studies, audit fees are higher after the occurrence of an information security breach. However, such an association is negatively moderated when the audit firm has industry-specific expertise, longer experience with the client, and is one of the Big 4 firms. Our results suggest that because of their better knowledge about a specific industry, increased familiarity with the client's operations, and more resources to understand a client's vulnerabilities and/or information security policies and procedures, these auditors are more capable of assessing the potentially changing information security risks implied by the occurrence of information security breach incidents. Our results are robust to a variety of sensitivity checks.

Original languageEnglish
Pages (from-to)489-507
Number of pages19
JournalJournal of Accounting and Public Policy
Issue number6
StatePublished - 1 Nov 2018


  • Audit fees
  • Audit-firm industry expertise
  • Audit-firm size
  • Audit-firm tenure
  • Information security breach


Dive into the research topics of 'The impact of audit firms’ characteristics on audit fees following information security breaches'. Together they form a unique fingerprint.

Cite this