This paper was previously titled “Do Auditors Help Prevent Data Breaches?” The author greatly appreciates the guidance and support of the dissertation committee: Philip G. Berger, Hans Christensen (chair), Christian Leuz, Mark Maffett, and Mike Minnis. The author thanks Ionela Andreicovici, Ehsan Azarmsa, Thomas Bourveau, Matthias Breuer, Yiwei Dou, Raphael Duguay, Mihir Gandhi, Jon Glover, Luzi Hail, Katharina Hombach, Sudarshan Jayaraman, W. Robert Knechel, Sehwa Kim, Kalin Kolev, Gemma Lee, Shirley Lu, Maximilian Muhn, Jordan Schoenfeld, Doug Skinner, Abbie Smith, Chad Syverson, Joanna Wu, Martin Wu, and participants at the 2019 American Accounting Association/Deloitte Foundation/J. Michael Cook Doctoral Consortium, the 2019 Carnegie Mellon University Accounting Mini Conference emerging scholar session, the 2021 Global Artificial Intelligence Finance Research Conference, the 2022 Financial Accounting and Reporting Section Midyear Meeting, the 2023 Professional Accounting Center Research Conference at the University of Toronto, Columbia University, London Business School, London School of Economics, New York University, Northwestern University, NYCU International Finance Conference, Rochester University, Stanford University, the University of Chicago, the University of Pennsylvania, and the University of Toronto for helpful comments and suggestions; Kamay Lafalaise (an attorney in the Office of the General Counsel from the Federal Trade Commission) for providing the information about Federal Trade Commission data; Martha Van Haitsma (co-director of the University of Chicago Survey Laboratory) and Sona Margaryan (director of Strategic Initiatives at the University of Chicago) for help with survey design; the Accounting Research Center at the University of Chicago Booth School of Business for research support; Daniel Chavez, Cagdas Okay, Georgios Tzortzis, Benjamin Levine, Chanho Moon, and Dhuv Baid for double-checking the data matching process; and Ian Nachman for research assistance. This study was exempt from further review by the Institutional Review Board at the University of Chicago (IRB19-1066) under Federal Regulation (45 Code of Federal Regulations 46.101(b)). The author appreciates discussions with various industry professionals, including Mark Lavalle, audit partner at KPMG; Len Jui, board member of International Auditing and Assurance Standards Board and partner at KPMG; Jodilia Vasanji, managing director at Deloitte & Touche Limited Liability Partnership; Paulo Blanc, IT audit supervisor at ArcelorMittal; Rashesh Patel, principal examiner, IT risk and controls at FINRA FINANCIAL INDUSTRY REGULATORY AUTHORITY; Vishal Dalal, consulting, internal audit, and Sarbanes Oxley professional at Vonya Global; Rong Liu, IT audit, compliance, risk and internal control at Wolters Kluwer; Vincent Banks, Certified Public Accountant (CPA), Chartered Global Management Accountant (CGMA), vice president internal audit at GreenSky; Chris G. Nicholson, FCA Certified Public Accountant (CPA), audit committee member; Dan Gaffney, Master of Business Administration (MBA), Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), internal audit and IT audit consultant; and many anonymous audit partners, internal auditors, external auditors, and legal counsels.
