While the importance of addressing cybersecurity risks and cyber incidents is widely acknowledged, there is no explicit requirement by regulators or audit standard setters for auditors to do so. This paper investigates 1) whether external auditors respond to cyber incidents by charging higher...

This study investigates how students incorporate information integrity impairments into judgments and judgment confidence. The effects of four information integrity attributes (completeness, currency, accuracy and authorization) were examined. Our results show that accounting students...

The Sarbanes-Oxley Act (SOX) mandates managers and auditors to assess the effectiveness of internal controls over financial reporting. Our study investigates two methods that organizations commonly use to document their business processes – descriptive narrative (hereafter, textual) and...

Growing customer privacy concerns are resulting in companies paying increased attention to privacy. The main challenge to e-commerce companies is to balance the competitive advantages provided by the use of personal information with the privacy concerns that customers may have regarding the use...

In this paper we provide a synthesis of the research that has been performed on business models and business model descriptions. We address a series of seven research questions aimed at exploring the nature of business models and business model descriptions to better understand how they are and...

This study examines all SOX 404 reports issued between 2004 and 2014 to determine their readability as measured by the FOG index after controlling for report size. We find that managements' reports are more readable than auditors' reports. Big 6 reports are less readable than non-Big 6 reports....

A number of papers have attempted to study firm-specific characteristics of the participants in the SEC-administered XBRL Voluntary Filing Program (VFP). However, to date their findings have been conflicting, contrary to the underlying theory or inconclusive due to methodological limitations....

An effective audit plan starts with understanding of the client's business risks. Though business risk assessment is a required component of audit risk assessment (ISA 315), there is little guidance regarding the best format for documenting business risks to support audit risk assessment; as a...

By analysing auditors' SOX 404 reports from 2004 to 2011 we find that after 2006 Big 4 reporting of both information technology control weaknesses (ITWs) and non-ITWs in reports with ITWs decreased significantly. This change appears to reflect Big 4 reporting practices in response to a change in...

Restatements of audited financial statements are used for evaluating reporting quality, audit quality and for other evaluative purposes. Prior research shows that restatements that correct unintentional errors have different implications for statement preparers, users, auditors and regulators...