网络安全风险管理审查和网络安全事件对投资者认知和决策的影响

IF 2.7 3区管理学 Q2 BUSINESS, FINANCE

Auditing-A Journal of Practice & Theory Pub Date : 2020-07-29 DOI:10.2308/ajpt-18-010

Rebecca R. Perols, Uday S. Murthy

{"title":"网络安全风险管理审查和网络安全事件对投资者认知和决策的影响","authors":"Rebecca R. Perols, Uday S. Murthy","doi":"10.2308/ajpt-18-010","DOIUrl":null,"url":null,"abstract":"\n In response to cybersecurity risk and demand for information about organizations' cybersecurity risk management programs, the American Institute of Certified Public Accountants (AICPA) recently released a cybersecurity risk management examination service. We examine the effect of joint or separate provisioning of this service on investors' perceptions and decisions, and whether these effects differ when a subsequent cybersecurity incident occurs. We find that the negative signal of a subsequent cybersecurity incident reverses investors' positive perceptions of auditor competence and increases investors' sensitivity to potential independence impairments when the cybersecurity is jointly provisioned, leading to lower perceptions of audit quality. We also find that investors are less willing to invest when the examination is jointly provisioned compared to separately provisioned. Our results provide important insights to the literature and to purchasers and regulators by examining an emerging non-audit service and how a signal of non-audit service quality can affect perceptions of audit quality.","PeriodicalId":48142,"journal":{"name":"Auditing-A Journal of Practice & Theory","volume":"23 1","pages":""},"PeriodicalIF":2.7000,"publicationDate":"2020-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"The Impact of Cybersecurity Risk Management Examinations and Cybersecurity Incidents on Investor Perceptions and Decisions\",\"authors\":\"Rebecca R. Perols, Uday S. Murthy\",\"doi\":\"10.2308/ajpt-18-010\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\n In response to cybersecurity risk and demand for information about organizations' cybersecurity risk management programs, the American Institute of Certified Public Accountants (AICPA) recently released a cybersecurity risk management examination service. We examine the effect of joint or separate provisioning of this service on investors' perceptions and decisions, and whether these effects differ when a subsequent cybersecurity incident occurs. We find that the negative signal of a subsequent cybersecurity incident reverses investors' positive perceptions of auditor competence and increases investors' sensitivity to potential independence impairments when the cybersecurity is jointly provisioned, leading to lower perceptions of audit quality. We also find that investors are less willing to invest when the examination is jointly provisioned compared to separately provisioned. Our results provide important insights to the literature and to purchasers and regulators by examining an emerging non-audit service and how a signal of non-audit service quality can affect perceptions of audit quality.\",\"PeriodicalId\":48142,\"journal\":{\"name\":\"Auditing-A Journal of Practice & Theory\",\"volume\":\"23 1\",\"pages\":\"\"},\"PeriodicalIF\":2.7000,\"publicationDate\":\"2020-07-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Auditing-A Journal of Practice & Theory\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.2308/ajpt-18-010\",\"RegionNum\":3,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"BUSINESS, FINANCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Auditing-A Journal of Practice & Theory","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.2308/ajpt-18-010","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}

引用次数: 3

摘要

为了应对网络安全风险以及对组织网络安全风险管理项目信息的需求，美国注册会计师协会(AICPA)最近发布了一项网络安全风险管理考试服务。我们研究了联合或单独提供此服务对投资者的看法和决策的影响，以及当后续网络安全事件发生时，这些影响是否会有所不同。我们发现，后续网络安全事件的负面信号逆转了投资者对审计师能力的积极看法，并增加了投资者对共同提供网络安全时潜在独立性损害的敏感性，导致对审计质量的看法降低。我们还发现，与单独设置考试相比，联合设置考试时投资者的投资意愿更低。我们的研究结果通过研究新兴的非审计服务以及非审计服务质量的信号如何影响审计质量的感知，为文献、购买者和监管机构提供了重要的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

The Impact of Cybersecurity Risk Management Examinations and Cybersecurity Incidents on Investor Perceptions and Decisions

In response to cybersecurity risk and demand for information about organizations' cybersecurity risk management programs, the American Institute of Certified Public Accountants (AICPA) recently released a cybersecurity risk management examination service. We examine the effect of joint or separate provisioning of this service on investors' perceptions and decisions, and whether these effects differ when a subsequent cybersecurity incident occurs. We find that the negative signal of a subsequent cybersecurity incident reverses investors' positive perceptions of auditor competence and increases investors' sensitivity to potential independence impairments when the cybersecurity is jointly provisioned, leading to lower perceptions of audit quality. We also find that investors are less willing to invest when the examination is jointly provisioned compared to separately provisioned. Our results provide important insights to the literature and to purchasers and regulators by examining an emerging non-audit service and how a signal of non-audit service quality can affect perceptions of audit quality.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Auditing-A Journal of Practice & Theory BUSINESS, FINANCE-

CiteScore

4.30

自引率

10.70%

发文量

期刊介绍： AUDITING contains technical articles as well as news and reports on current activities of the association.