The Value of Auditors’ Cross-Client Learning in Preventing Data Breaches
65 Pages Posted: 15 Jan 2021
Date Written: December 30, 2020
I examine whether auditors generalize their knowledge across different clients (cross-client learning) to prevent data breaches. I focus on two audit mistakes. One relates directly to data breaches, and the other is severe restatements (indirect experiences strongly related to auditors’ reputational incentives), to gauge the extent to which auditors generalize their mistakes across clients to deter data breaches. I find that cross-client learning is stronger when learning experiences are similar, when these experiences directly relate to monitoring technologies (i.e., when auditors inspect a firm’s internal controls in integrated audits, including IT controls), when mistakes are more severe, and when clients are more receptive (i.e., in the presence of increased reputational risks and good internal controls). I also conduct interviews and an anonymous survey to collect information not captured by the empirical analyses. Collectively, my paper uses cross-client learning to explain whether and how third-party monitors can deter data breaches and quantifies the economic significance of this learning.
Keywords: Data breaches, auditing, internal control, information learning, reputation risk
JEL Classification: C81, C82, D83, L14, M15, M42
Suggested Citation: Suggested Citation