Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - June 5, 2026

Available Issues

April 10, 2013 - June 5, 2026

Financial Statement Audits and Data Breaches

Published Online:1 Nov 2024https://doi.org/10.1287/mnsc.2023.01357

References

  • Altamuro J, Beatty A (2010) How does internal control regulation affect financial reporting? J. Accounting Econom. 49(1–2):58–74.CrossrefGoogle Scholar
  • Altonji JG, Elder TE, Taber CR (2005) Selection on observed and unobserved variables: Assessing the effectiveness of Catholic schools. J. Political Econom. 113(1):151–184.CrossrefGoogle Scholar
  • Alves MDCG (2010) Information technology roles in accounting tasks: A multiple-case study. Internat. J. Trade Econom. Finance 1(1):103.CrossrefGoogle Scholar
  • American Institute of Certified Public Accountants (AICPA) (1984) The effects of computer processing on the audit of financial statements. Statement on Auditing Standard No. 48. Accessed September 14, 2019, https://core.ac.uk/reader/288029780.Google Scholar
  • Amir E, Levi S, Livne T (2018) Do firms underreport information on cyber-attacks? Evidence from capital markets. Rev. Accounting Stud. 23(3):1177–1206.CrossrefGoogle Scholar
  • Angrist JD, Pischke JS (2009) Mostly Harmless Econometrics: An Empiricist’s Companion, 1st ed. (Princeton University Press, Princeton, NJ).CrossrefGoogle Scholar
  • Aobdia D (2018) The impact of the PCAOB individual engagement inspection process—Preliminary evidence. Accounting Rev. 93(4):53–80.CrossrefGoogle Scholar
  • Aobdia D (2019) Do practitioner assessments agree with academic proxies for audit quality? Evidence from PCAOB and internal inspections. J. Accounting Econom. 67(1):144–174.CrossrefGoogle Scholar
  • Aobdia D, Dou Y, Kim J (2021) Public audit oversight and the originate-to-distribute model. J. Accounting Econom. 72(1):101420.CrossrefGoogle Scholar
  • Ashraf M (2022) The role of peer events in corporate governance: Evidence from data breaches. Accounting Rev. 97(2):1–24.CrossrefGoogle Scholar
  • Ashraf M, Michas PN, Russomanno D (2020) The impact of audit committee information technology expertise on the reliability and timeliness of financial reporting. Accounting Rev. 95(5):23–56.CrossrefGoogle Scholar
  • Asthana SC, Kalelkar R, Raman KK (2021) Does client cyber-breach have reputational consequences for the local audit office? Accounting Horizons 35(4):1–22.CrossrefGoogle Scholar
  • Azarmsa E, Liu LY, Noh S (2022) How does internal communication technology affect internal information: Theory and evidence. Preprint, submitted December 16, https://dx.doi.org/10.2139/ssrn.4292147.Google Scholar
  • Baker AC, Larcker DF, Wang CC (2022) How much should we trust staggered difference-in-differences estimates? J. Financial Econom. 144(2):370–395.CrossrefGoogle Scholar
  • Ball R (1980) Discussion of accounting for research and development costs: The impact on research and development expenditures. J. Accounting Res. 18:27–37.CrossrefGoogle Scholar
  • Barrios JM (2021) Staggeringly problematic: A primer on staggered DiD for accounting researchers. Preprint, submitted March 17, https://dx.doi.org/10.2139/ssrn.3794859.Google Scholar
  • Barrios JM, Lisowsky P, Minnis M (2019) Measurement matters: Financial reporting and productivity. Working paper, University of Chicago, Chicago and Boston University, Boston.Google Scholar
  • Bauer TD, Estep C (2019) One team or two? Investigating relationship quality between auditors and IT specialists: Implications for audit team identity and the audit process. Contemporary Accounting Res. 36(4):2142–2177.CrossrefGoogle Scholar
  • Beck MJ, Gunn JL, Hallman N (2019) The geographic decentralization of audit firms and audit quality. J. Accounting Econom. 68(1):101234.Google Scholar
  • Bloom N, Garicano L, Sadun R, Van Reenen J (2014) The distinct effects of information technology and communication technology on firm organization. Management Sci. 60(12):2859–2885.LinkGoogle Scholar
  • Borusyak K, Jaravel X, Spiess J (2024) Revisiting event study designs: Robust and efficient estimation. Rev. Econom. Stud., rdae007.CrossrefGoogle Scholar
  • Cai Y, Kim Y, Park JC, White HD (2016) Common auditors in M&A transactions. J. Accounting Econom. 61(1):77–99.CrossrefGoogle Scholar
  • Center for Audit Quality (2016) Understanding cybersecurity and the external audit. Accessed July 14, 2019, https://www.thecaq.org/wp-content/uploads/2019/03/cybersecurity_and_external_audit_final.pdf.Google Scholar
  • Center for Audit Quality (2017) The CPA’s role in addressing cybersecurity risk: How the auditing profession promotes cyber preparedness. Retrieved July 14, 2019, https://www.thecaq.org/wp-content/uploads/2019/03/caq_cpa_role_in_addressing_cybersecurity_risk_2017-05.pdf.Google Scholar
  • Chen S, Sun SY, Wu D (2010) Client importance, institutional improvements, and audit quality in China: An office and individual auditor level analysis. Accounting Rev. 85(1):127–158.CrossrefGoogle Scholar
  • Cheng M, Dhaliwal D, Zhang Y (2013) Does investment efficiency improve after the disclosure of material weaknesses in internal control over financial reporting? J. Accounting Econom. 56(1):1–18.CrossrefGoogle Scholar
  • Conley T, Gonçalves S, Hansen C (2018) Inference with dependent data in accounting and finance applications. J. Accounting Res. 56(4):1139–1203.CrossrefGoogle Scholar
  • DeFond ML, Lennox CS (2017) Do PCAOB inspections improve the quality of internal control audits? J. Accounting Res. 55(3):591–627.CrossrefGoogle Scholar
  • DeFond M, Zhang J (2014) A review of archival auditing research. J. Accounting Econom. 58(2–3):275–326.CrossrefGoogle Scholar
  • DeFond M, Erkens DH, Zhang J (2017) Do client characteristics really drive the Big N audit quality effect? New evidence from propensity score matching. Management Sci. 63(11):3628–3649.LinkGoogle Scholar
  • Dhaliwal DS, Lamoreaux PT, Litov LP, Neyland JB (2016) Shared auditors in mergers and acquisitions. J. Accounting Econom. 61(1):49–76.CrossrefGoogle Scholar
  • Duffie D, Younger J (2019) Cyber Runs (Brookings, Washington, DC).Google Scholar
  • Feng M, Li C, McVay S (2009) Internal control and management guidance. J. Accounting Econom. 48(2–3):190–209.CrossrefGoogle Scholar
  • Feng M, Li C, McVay SE, Skaife H (2015) Does ineffective internal control over financial reporting affect a firm’s operations? Evidence from firms’ inventory management. Accounting Rev. 90(2):529–557.CrossrefGoogle Scholar
  • FitchRatings (2020) ESG in credit. White paper, Fitch Ratings Inc., New York.Google Scholar
  • Fung SYK, Raman K, Zhu X (2017) Does the PCAOB international inspection program improve audit quality for non-US-listed foreign clients? J. Accounting Econom. 64(1):15–36.Google Scholar
  • Furnham A (1986) Response bias, social desirability and dissimulation. Personality Individual Differences 7(3):385–400.CrossrefGoogle Scholar
  • Gipper B, Leuz C, Maffett M (2019) Public audit oversight and reporting credibility: Evidence from the PCAOB inspection regime. Rev. Financial Stud. 33(10):4532–4579.Google Scholar
  • Haislip J, Kolev K, Pinsker R, Steffen T (2019) The economic cost of cybersecurity breaches: A broad-based analysis. Proc. Workshop Econom. Inform. Security (Baruch College, New York), 1–37.Google Scholar
  • Hanlon M, Shroff N (2022) Insights into auditor public oversight boards: Whether, how, and why they “work.” J. Accounting Econom. 74(1):101497.Google Scholar
  • Hoffman BW, Sellers RD, Skomra J (2018) The impact of client information technology capability on audit pricing. Internat. J. Accounting Inform. Systems 29:59–75.Google Scholar
  • Hogan CE, Wilkins MS (2008) Evidence on the audit risk model: Do auditors increase audit fees in the presence of internal control deficiencies? Contemporary Accounting Res. 25(1):219–242.CrossrefGoogle Scholar
  • Huang HH, Wang C (2021) Do banks price firms’ data breaches? Accounting Rev. 96(3):261–286.CrossrefGoogle Scholar
  • Jiang J, Wang IY, Wang KP (2019) Big N auditors and audit quality: New evidence from quasi-experiments. Accounting Rev. 94(1):205–227.CrossrefGoogle Scholar
  • Jin GZ (2018) Artificial intelligence and consumer privacy. NBER Working Paper No. 24253, National Bureau of Economic Research, Cambridge, MA.Google Scholar
  • Kamiya S, Kang JK, Kim J, Milidonis A, Stulz RM (2021) Risk management, firm reputation, and the impact of successful cyberattacks on target firms. J. Financial Econom. 139(3):719–749.CrossrefGoogle Scholar
  • Kim J (2024) The effect of PCAOB inspections on corporate innovation: Evidence from deficiencies about the valuation of intangibles. Rev. Accounting Stud. 29(2):1491–1523.Google Scholar
  • Lawrence A, Minutti-Meza M, Vyas D (2018) Is operational control risk informative of financial reporting deficiencies? Auditing 37(1):139–165.CrossrefGoogle Scholar
  • Lecic D, Kupusinac A (2013) The impact of ERP systems on business decision-making. TEM J. 2(4):323.CrossrefGoogle Scholar
  • Li H, No WG, Boritz JE (2020) Are external auditors concerned about cyber incidents? Evidence from audit fees. Auditing 39(1):151–171.CrossrefGoogle Scholar
  • Li B, Li Y, Pittman J, Wang W (2022) Auditors’ response to cybersecurity risk: Human capital investment and cross-client influence. Preprint, submitted August 29, https://dx.doi.org/10.2139/ssrn.4192802.Google Scholar
  • Li C, Peters GF, Richardson VJ, Weidenmier Watson M (2012) The consequences of information technology control weaknesses on management information systems: The case of Sarbanes-Oxley internal control reports. Management Inform. Systems Quart. 36(1):179–203.CrossrefGoogle Scholar
  • Liu LY, Strahilevitz L (2024) Cash substitution and deferred consumption as data breach harms. J. Legal Stud. Forthcoming.Google Scholar
  • Mansi SA, Maxwell WF, Miller DP (2004) Does auditor quality and tenure matter to investors? Evidence from the bond market. J. Accounting Res. 42(4):755–793.CrossrefGoogle Scholar
  • McKenna F (2017) Equifax auditors are on the hook for data security risk controls. MarketWatch (October 3), https://www.marketwatch.com/story/equifax-auditors-are-on-the-hook-for-data-security-risk-controls-2017-10-02.Google Scholar
  • Minnis M (2011) The value of financial statement verification in debt financing: Evidence from private US firms. J. Accounting Res. 49(2):457–506.CrossrefGoogle Scholar
  • Moeller R (2014) COSO issues: Guidance on internal control over IT. J. Accountancy (May 1), https://www.journalofaccountancy.com/issues/2014/may/coso-it-controls-20138951.html.Google Scholar
  • Morris JJ (2011) The impact of enterprise resource planning (ERP) systems on the effectiveness of internal controls over financial reporting. J. Inform. Systems 25(1):129–157.CrossrefGoogle Scholar
  • Murfin J (2012) The supply‐side determinants of loan contract strictness. J. Finance 67(5):1565–1601.CrossrefGoogle Scholar
  • Oster E (2019) Unobservable selection and coefficient stability: Theory and evidence. J. Bus. Econom. Statist. 37(2):187–204.CrossrefGoogle Scholar
  • Public Company Accounting Oversight Board (PCAOB) (2010) Identifying and assessing risks of material misstatement. Auditing Standard No. 12. Appendix B–Consideration of Manual and Automated Systems and Controls. Accessed December 13, 2018, https://pcaobus.org/oversight/standards/archived-standards/pre-reorganized-auditing-standards-interpretations/details/Auditing_Standard_12_Appendix_B.Google Scholar
  • Public Company Accounting Oversight Board (PCAOB) (2012) Information for audit committees about the PCAOB inspection process. Accessed August 16, 2019, https://pcaobus.org/Inspections/Documents/Inspection_Information_for_Audit_Committees.pdf.Google Scholar
  • Public Company Accounting Oversight Board (PCAOB) (2013) Staff audit practice alert no. 11: Considerations for audits of internal control over financial reporting. Accessed November 13, 2018, https://pcaobus.org/Standards/QandA/10-24-2013_SAPA_11.pdf.Google Scholar
  • Public Company Accounting Oversight Board (PCAOB) (2019) Cybersecurity: Where we are; what more can be done? A call for auditors to lean in. Accessed July 15, 2019, https://pcaobus.org/news-events/speeches/speech-detail/cybersecurity-where-we-are-what-more-can-be-done-a-call-for-auditors-to-lean-in_700.Google Scholar
  • Rajgopal S, Srinivasan S, Zheng X (2021) Measuring audit quality. Rev. Accounting Stud. 26:559–619.CrossrefGoogle Scholar
  • Romanosky S, Telang R, Acquisti A (2011) Do data breach disclosure laws reduce identity theft? J. Policy Anal. Management 30(2):256–286.CrossrefGoogle Scholar
  • Rosati P, Gogolin F, Lynn T (2022) Cyber-security incidents and audit quality. Eur. Accounting Rev. 31(3):701–728.CrossrefGoogle Scholar
  • Roth J (2022) Pretest with caution: Event-study estimates after testing for parallel trends. Amer. Econom. Rev. Insights 4(3):305–322.CrossrefGoogle Scholar
  • Roth J, Sant’Anna PH, Bilinski A, Poe J (2023) What’s trending in difference-in-differences? A synthesis of the recent econometrics literature. J. Econometrics 235(2):2218–2244.CrossrefGoogle Scholar
  • Schoenfeld J (2024) Cyber risk and voluntary Service Organization Control (SOC) audits. Rev. Accounting Stud. 29(1):580–620.Google Scholar
  • Schroeder JH, Shepardson ML (2015) Do SOX 404 control audits and management assessments improve overall internal control system quality? Accounting Rev. 91(5):1513–1541.CrossrefGoogle Scholar
  • Seavey SE, Imhof MJ, Westfall TJ (2018) Audit firms as networks of offices. Auditing 37(3):211–242.CrossrefGoogle Scholar
  • Securities and Exchange Commission (SEC) (2018a) Report of investigation pursuant to Section 21(a) of the Securities Exchange Act of 1934 regarding certain cyber-related frauds perpetrated against public companies and related internal accounting controls requirements. Accessed December 3, 2018, https://www.sec.gov/files/litigation/investreport/34-84429.pdf.Google Scholar
  • Securities and Exchange Commission (SEC) (2018b) SEC investigative report: Public companies should consider cyber threats when implementing internal accounting controls. Accessed December 3, 2018, https://www.sec.gov/newsroom/press-releases/2018-236.Google Scholar
  • Sherif M, Taub D, Hovland CI (1958) Assimilation and contrast effects of anchoring stimuli on judgments. J. Experiment. Psych. 55(2):150.CrossrefGoogle Scholar
  • Shroff N (2017) Corporate investment and changes in GAAP. Rev. Accounting Stud. 22:1–63.CrossrefGoogle Scholar
  • Smith TJ, Higgs JL, Pinsker RE (2019) Do auditors price breach risk in their audit fees? J. Inform. Systems 33(2):177–204.CrossrefGoogle Scholar
  • Whited RL, Swanquist QT, Shipman JE, Moon JR Jr (2022) Out of control: The (over) use of controls in accounting research. Accounting Rev. 97(3):395–413.CrossrefGoogle Scholar
  • Wooldridge J (2010) Econometric Analysis of Cross Section and Panel Data, 2nd ed. (MIT Press, Cambridge, MA).Google Scholar
  • Yang DC, Guan L (2004) The evolution of IT auditing and internal control standards in financial statement audits: The case of the United States. Management Auditing J. 19(4):544–555.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree