TY - JOUR
T1 - The impact of audit firms’ characteristics on audit fees following information security breaches
AU - Yen, Ju Chun
AU - Lim, Jee Hae
AU - Wang, Tawei
AU - Hsu, Carol
N1 - Publisher Copyright:
© 2018 Elsevier Inc.
PY - 2018/11/1
Y1 - 2018/11/1
N2 - Given the importance of auditors’ assessing business risks and evaluating internal controls, we investigate whether an audit firm's industry expertise, tenure, and size can help its auditors better understand external and internal threats faced by the client with less effort. Using reported information security breach incidents from 2004 to 2013, we find that, consistent with prior studies, audit fees are higher after the occurrence of an information security breach. However, such an association is negatively moderated when the audit firm has industry-specific expertise, longer experience with the client, and is one of the Big 4 firms. Our results suggest that because of their better knowledge about a specific industry, increased familiarity with the client's operations, and more resources to understand a client's vulnerabilities and/or information security policies and procedures, these auditors are more capable of assessing the potentially changing information security risks implied by the occurrence of information security breach incidents. Our results are robust to a variety of sensitivity checks.
AB - Given the importance of auditors’ assessing business risks and evaluating internal controls, we investigate whether an audit firm's industry expertise, tenure, and size can help its auditors better understand external and internal threats faced by the client with less effort. Using reported information security breach incidents from 2004 to 2013, we find that, consistent with prior studies, audit fees are higher after the occurrence of an information security breach. However, such an association is negatively moderated when the audit firm has industry-specific expertise, longer experience with the client, and is one of the Big 4 firms. Our results suggest that because of their better knowledge about a specific industry, increased familiarity with the client's operations, and more resources to understand a client's vulnerabilities and/or information security policies and procedures, these auditors are more capable of assessing the potentially changing information security risks implied by the occurrence of information security breach incidents. Our results are robust to a variety of sensitivity checks.
KW - Audit fees
KW - Audit-firm industry expertise
KW - Audit-firm size
KW - Audit-firm tenure
KW - Information security breach
UR - http://www.scopus.com/inward/record.url?scp=85055190367&partnerID=8YFLogxK
U2 - 10.1016/j.jaccpubpol.2018.10.002
DO - 10.1016/j.jaccpubpol.2018.10.002
M3 - 期刊論文
AN - SCOPUS:85055190367
SN - 0278-4254
VL - 37
SP - 489
EP - 507
JO - Journal of Accounting and Public Policy
JF - Journal of Accounting and Public Policy
IS - 6
ER -