References
- Abbasi, A., Sarker, S., & Chiang, R. H. (2016). Big Data research in information systems: Toward an inclusive research agenda. Journal of the Association for Information Systems, 17(2), 1–22. https://doi.org/https://doi.org/10.17705/1jais.00423
- Acquisti, A., Friedman, A., & Telang, R. (2006). Is there a cost to privacy breaches? An event study. Proceedings of the International Conference on Information Systems (ICIS) 2006.
- Anderson, S. W., Christ, M. H., Dekker, H. C., & Sedatole, K. (2014). The use of management controls to mitigate risk in strategic alliances: Field and survey evidence. Journal of Management Accounting Research, 26(1), 1–32. https://doi.org/https://doi.org/10.2308/jmar-50621
- Ashbaugh, H., LaFond, R., & Mayhew, B. W. (2003). Do nonaudit services compromise auditor independence? Further evidence. The Accounting Review, 78(3), 611–639. https://doi.org/https://doi.org/10.2308/accr.2003.78.3.611
- Ashbaugh-Skaife, H., Collins, D. W., Kinney Jr, W. R., & LaFond, R. (2008). The effect of SOX internal control deficiencies and their remediation on accrual quality. The Accounting Review, 83(1), 217–250. https://doi.org/https://doi.org/10.2308/accr.2008.83.1.217
- Balsam, S., Krishnan, J., & Yang, J. S. (2003). Auditor industry specialization and earnings quality. Auditing: A Journal of Practice and Theory, 22(2), 71–97. https://doi.org/https://doi.org/10.2308/aud.2003.22.2.71
- Becker, C., DeFond, M., Jiambalvo, J., & Subramanyam, K. R. (1998). The effect of audit quality on earnings management. Contemporary Accounting Research, 15(1), 1–24. https://doi.org/https://doi.org/10.1111/j.1911-3846.1998.tb00547.x
- Bell, T. B., Causholli, M., & Knechel, W. R. (2015). Audit firm tenure, non-audit services, and internal assessments of audit quality. Journal of Accounting Research, 53(3), 461–509. https://doi.org/https://doi.org/10.1111/1475-679X.12078
- Benaroch, M., & Chernobai, A. (2017). Operational IT failures, IT value-destruction, and board-level IT governance changes. Available at SSRN: https://ssrn.com/abstract=2887773
- Benaroch, M., Chernobai, A., & Goldstein, J. (2012). An internal control perspective on the market value consequences of IT operational risk events. International Journal of Accounting Information Systems, 13(4), 357–381. https://doi.org/https://doi.org/10.1016/j.accinf.2012.03.001
- Berezina, K., Cobanoglu, C., Miller, B. L., & Kwansa, F. A. (2012). The impact of information security breach on hotel guest perception of service quality, satisfaction, revisit intentions and word-of-mouth. International Journal of Contemporary Hospitality Management, 24(7), 991–1010. https://doi.org/https://doi.org/10.1108/09596111211258883
- Bernard, T. S., Hsu, T., Perlroth, N., & Lieber, R. (2017). Equifax Says Cyberattack May Have Affected 143 Million in the U.S.. New York Times (September 7, 2018). Retrieved December 8, 2018, from https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html
- Bertrand, M., Duflo, E., & Mullainathan, S. (2004). How much should we trust differences- in-differences estimates? The Quarterly Journal of Economics, 119(1), 249–275. https://doi.org/https://doi.org/10.1162/003355304772839588
- Blankley, A. I., Hurtt, D. N., & MacGregor, J. E. (2012). Abnormal audit fees and restatements. Auditing: A Journal of Practice & Theory, 31(1), 79–96. https://doi.org/https://doi.org/10.2308/ajpt-10210
- Burgstahler, D., & Dichev, I. (1997). Earnings management to avoid earnings decreases and losses. Journal of Accounting and Economics, 24(1), 99–126. https://doi.org/https://doi.org/10.1016/S0165-4101(97)00017-7
- Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448. https://doi.org/https://doi.org/10.3233/JCS-2003-11308
- Caramanis, C., & Lennox, C. (2008). Audit effort and earnings management. Journal of Accounting and Economics, 45(1), 116–138. https://doi.org/https://doi.org/10.1016/j.jacceco.2007.05.002
- Carcello, J. V., Hermanson, D. R., & Huss, H. F. (1995). Temporal changes in bankruptcy-related reporting. Auditing, 14(2), 133.
- Carey, P., & Simnett, R. (2006). Audit partner tenure and audit quality. The Accounting Review, 81(3), 653–676. https://doi.org/https://doi.org/10.2308/accr.2006.81.3.653
- Cassell, C. A., Dreher, L. M., & Myers, L. A. (2013). Reviewing the SEC’s review process: 10-K comment letters and the cost of remediation. The Accounting Review, 88(6), 1875–1908. https://doi.org/https://doi.org/10.2308/accr-50538
- Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70–104. https://doi.org/https://doi.org/10.1080/10864415.2004.11044320
- Cereola, S. J., & Cereola, R. J. (2011). Breach of data at TJX: An instructional case used to study COSO and COBIT, with a focus on computer controls, data security, and privacy legislation. Issues in Accounting Education, 26(3), 521–545. https://doi.org/https://doi.org/10.2308/iace-50031
- Cheng, Q., & Farber, D. B. (2008). Earnings restatements, changes in CEO compensation, and firm performance. The Accounting Review, 83(5), 1217–1250. https://doi.org/https://doi.org/10.2308/accr.2008.83.5.1217
- Chernobai, A., Jorion, P., & Yu, F. (2011). The determinants of operational risk in U.S. financial institutions. Journal of Financial and Quantitative Analysis, 46(6), 1683–1725. https://doi.org/https://doi.org/10.1017/S0022109011000500
- Cisco. (2017). Cisco 2017 Annual Cyber security Report. Retreived December 8, 2018, from https://www.cisco.com/c/m/en_au/products/security/offers/annual-cybersecurity-report-2017.html
- Committee of Sponsoring Organisations of the Treadway Commission (COSO). (2004). Enterprise risk management—Integrated framework. AICPA.
- Committee of Sponsoring Organisations of the Treadway Commission (COSO). (2013). Internal control—Integrated framework. AICPA.
- Das, S., Mukhopadhyay, A., & Anand, M. (2012). Stock market response to information security breach: A study using firm and attack characteristics. Journal of Information Privacy and Security, 8(4), 27–55. https://doi.org/https://doi.org/10.1080/15536548.2012.10845665
- DeAngelo, L. E. (1981). Auditor size and audit quality. Journal of Accounting and Economics, 3(3), 183–199. https://doi.org/https://doi.org/10.1016/0165-4101(81)90002-1
- Dechow, P. M., & Dichev, I. D. (2002). The quality of accruals and earnings: The role of accrual estimation errors. The Accounting Review, 77(1), 35–59. https://doi.org/https://doi.org/10.2308/accr.2002.77.s-1.35
- Dechow, P. M., Hutton, A. P., Kim, J. H., & Sloan, R. G. (2012). Detecting earnings management: A new approach. Journal of Accounting Research, 50(2), 275–334. https://doi.org/https://doi.org/10.1111/j.1475-679X.2012.00449.x
- Dechow, P. M., Lawrence, A., & Ryans, J. P. (2016). SEC comment letters and insider sales. The Accounting Review, 91(2), 401–439. https://doi.org/https://doi.org/10.2308/accr-51232
- Dechow, P. M., Sloan, R. G., & Sweeney, A. P. (1995). Detecting earnings management. The Accounting Review, 70(2), 193–225.
- DeFond, M. L., & Jiambalvo, J. (1994). Debt covenant violation and manipulation of accruals. Journal of Accounting and Economics, 17(1–2), 145–176. https://doi.org/https://doi.org/10.1016/0165-4101(94)90008-6
- DeFond, M. L., Raghunandan, K., & Subramanyam, K. R. (2002). Do non–audit service fees impair auditor independence? Evidence from going concern audit opinions. Journal of Accounting Research, 40(4), 1247–1274. https://doi.org/https://doi.org/10.1111/1475-679X.00088
- Degeorge, F., Patel, J., & Zeckhauser, R. (1999). Earnings management to exceed thresholds. The Journal of Business, 72(1), 1–33. https://doi.org/https://doi.org/10.1086/209601
- Dichev, I. D., & Skinner, D. J. (2002). Large–sample evidence on the debt covenant hypothesis. Journal of Accounting Research, 40(4), 1091–1123. https://doi.org/https://doi.org/10.1111/1475-679X.00083
- Donohoe, M. P., & Knechel, R. W. (2014). Does corporate tax aggressiveness influence audit pricing? Contemporary Accounting Research, 31(1), 284–308. https://doi.org/https://doi.org/10.1111/1911-3846.12027
- Doyle, J. T., Ge, W., & McVay, S. (2007a). Determinants of weaknesses in internal control over financial reporting. Journal of Accounting and Economics, 44(1), 193–223. https://doi.org/https://doi.org/10.1016/j.jacceco.2006.10.003
- Doyle, J. T., Ge, W., & McVay, S. (2007b). Accruals quality and internal control over financial reporting. The Accounting Review, 82(5), 1141–1170. https://doi.org/https://doi.org/10.2308/accr.2007.82.5.1141
- Eshleman, J. D., & Guo, P. (2014). Do Big 4 auditors provide higher audit quality after controlling for the endogenous choice of auditor? Auditing: A Journal of Practice & Theory, 33(4), 197–219. https://doi.org/https://doi.org/10.2308/ajpt-50792
- Ettredge, M. L., Li, C., & Sun, L. (2006). The impact of SOX Section 404 internal control quality assessment on audit delay in the SOX era. Auditing: A Journal of Practice & Theory, 25(2), 1–23. https://doi.org/https://doi.org/10.2308/aud.2006.25.2.1
- Fama, E. F., & French, K. R. (1992). The cross-section of expected stock returns. The Journal of Finance, 47(2), 427–465. https://doi.org/https://doi.org/10.1111/j.1540-6261.1992.tb04398.x
- Feldmann, D. A., Read, W. J., & Abdolmohammadi, M. J. (2009). Financial restatements, audit fees, and the moderating effect of CFO turnover. Auditing: A Journal of Practice & Theory, 28(1), 205–223. https://doi.org/https://doi.org/10.2308/aud.2009.28.1.205
- Feng, M., Li, C., McVay, S. E., & Skaife, H. (2015). Does ineffective internal control over financial reporting affect a firm's operations? Evidence from firms’ inventory management. The Accounting Review, 90(2), 529–557. https://doi.org/https://doi.org/10.2308/accr-50909
- Fernando, G. D., Abdel-Meguid, A. M., & Elder, R. J. (2010). Audit quality attributes, client size and cost of equity capital. Review of Accounting and Finance, 9(4), 363–381. https://doi.org/https://doi.org/10.1108/14757701011094571
- Francis, J. R. (2004). What do we know about audit quality? The British Accounting Review, 36(4), 345–368. https://doi.org/https://doi.org/10.1016/j.bar.2004.09.003
- Francis, J. R. (2011). A framework for understanding and researching audit quality. Auditing: A Journal of Practice & Theory, 30(2), 125–152. https://doi.org/https://doi.org/10.2308/ajpt-50006
- Francis, J. R., & Wang, D. (2008). The joint effect of investor protection and Big 4 audits on earnings quality around the world. Contemporary Accounting Research, 25(1), 157–191. https://doi.org/https://doi.org/10.1506/car.25.1.6
- Francis, J. R., & Yu, M. D. (2009). Big 4 office size and audit quality. The Accounting Review, 84(5), 1521–1552. https://doi.org/https://doi.org/10.2308/accr.2009.84.5.1521
- Frankel, R. M., Johnson, M. F., & Nelson, K. K. (2002). The relation between auditors’ fees for nonaudit services and earnings management. The Accounting Review, 77(s-1), 71–105. https://doi.org/https://doi.org/10.2308/accr.2002.77.s-1.71
- Garrison, C. P., & Ncube, M. (2011). A longitudinal analysis of data breaches. Information Management & Computer Security, 19(4), 216–230. https://doi.org/https://doi.org/10.1108/09685221111173049
- Gatzlaff, K. M., & McCullough, K. A. (2010). The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1), 61–83. https://doi.org/https://doi.org/10.1111/j.1540-6296.2010.01178.x
- Gietzmann, M. B., & Pettinicchio, A. K. (2014). External auditor reassessment of client business risk following the issuance of a comment letter by the SEC. European Accounting Review, 23(1), 57–85. https://doi.org/https://doi.org/10.1080/09638180.2013.774703
- Goldstein, J., Chernobai, A., & Benaroch, M. (2011). An event study analysis of the economic impact of IT operational risk and its subcategories. Journal of the Association for Information Systems, 12(9), 606–631. https://doi.org/https://doi.org/10.17705/1jais.00275
- Gordon, L. A., Loeb, M. P., & Sohail, T. (2010). Market value of voluntary disclosures concerning information security. MIS Quarterly, 34(3), 567–594. https://doi.org/https://doi.org/10.2307/25750692
- Gordon, L. A., Loeb, M. P., & Zhou, L. (2011). The impact of information security breaches: Has there been a downward shift in costs? Journal of Computer Security, 19(1), 33–56. https://doi.org/https://doi.org/10.3233/JCS-2009-0398
- Gore, J. P. O., Pope, P. F., & Singh, A. (2001). Non-audit services, auditor independence and earnings management. (Working Paper 2001/014). Lancaster University Management School.
- Gujarati, D. N. (2003). Basic Econometrics. McGraw-Hill.
- Gul, F. A., & Goodwin, J. (2010). Short-term debt maturity structures, credit ratings, and the pricing of audit services. The Accounting Review, 85(3), 877–909. https://doi.org/https://doi.org/10.2308/accr.2010.85.3.877
- Haislip, J. Z., Masli, A., Richardson, V. J., & Sanchez, J. M. (2016). Repairing organizational legitimacy following information technology (IT) material weaknesses: Executive turnover, IT expertise, and IT system UPGRADES. Journal of Information Systems, 30(1), 41–70. https://doi.org/https://doi.org/10.2308/isys-51294
- Han, K., & Mithas, S. (2013). Information technology outsourcing and non-IT operating costs: An empirical investigation. MIS Quarterly, 37(1), 315–331. https://doi.org/https://doi.org/10.25300/MISQ/2013/37.1.14
- Han, S., Rezaee, Z., Xue, L., & Zhang, J. H. (2016). The association between information technology investments and audit risk. Journal of Information Systems, 30(1), 93–116. https://doi.org/https://doi.org/10.2308/isys-51317
- Hardies, K., Breesch, D., & Branson, J. (2016). Do (fe)male auditors impair audit quality? Evidence from going-concern opinions. European Accounting Review, 25(1), 7–34. https://doi.org/https://doi.org/10.1080/09638180.2014.921445
- Healy, P. M., & Wahlen, J. M. (1999). A review of the earnings management literature and its implications for standard setting. Accounting Horizons, 13(4), 365–383. https://doi.org/https://doi.org/10.2308/acch.1999.13.4.365
- Higgs, J. L., Pinsker, R. E., Smith, T. J., & Young, G. R. (2016). The relationship between board-level technology committees and reported security breaches. Journal of Information Systems, 30(3), 79–98. https://doi.org/https://doi.org/10.2308/isys-51402
- Hogan, C. E., & Wilkins, M. S. (2008). Evidence on the audit risk model: Do auditors increase audit fees in the presence of internal control deficiencies? Contemporary Accounting Research, 25(1), 219–242. https://doi.org/https://doi.org/10.1506/car.25.1.9
- Hovav, A., & Gray, P. (2014). The ripple effect of an information security breach event: A stakeholder analysis. Communications of the Association for Information Systems, 34, 894–913. https://doi.org/https://doi.org/10.17705/1CAIS.03450
- Hribar, P., & Nichols, G. D. (2007). The use of unsigned earnings quality measures in tests of earnings management. Journal of Accounting Research, 45(5), 1017–1053. https://doi.org/https://doi.org/10.1111/j.1475-679X.2007.00259.x
- International Federation of Accountants (IFAC). (2010). Guide to using international standards on auditing in the audits of small- and medium-sized entities. Retrieved December 8, 2018, from https://www.ifac.org/system/files/publications/files/guide-to-using-internationa-1.pdf
- Jaeger, J. (2020, January 21). Equifax must spend ‘a minimum of $1B’ for data security. Reuters. Retrieved September 20, 2020, from https://www.complianceweek.com/cyber-security/equifax-must-spend-a-minimum-of-1b-for-data-security/28329.article
- Jaggi, B., & Lee, P. (2002). Earnings management response to debt covenant violations and debt restructuring. Journal of Accounting, Auditing and Finance, 17(4), 295–324. https://doi.org/https://doi.org/10.1177/0148558X0201700402
- Johnston, R., & Petacchi, R. (2017). Regulatory oversight of financial reporting: Securities and Exchange Commission comment letters. Contemporary Accounting Research, 34(2), 1128–1155. https://doi.org/https://doi.org/10.1111/1911-3846.12297
- Kamiya, S., Kang, J. K., Kim, J., Milidonis, A., & Stulz, R. M. (2020). Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics. https://doi.org/https://doi.org/10.1016/j.jfineco.2019.05.019.
- Khurana, I. K., Lundstrom, N., & Raman, K. K. (2020). PCAOB Inspections and the Differential audit quality effect for Big 4 and Non-Big 4 US auditors. Contemporary Accounting Research. https://doi.org/https://doi.org/10.1111/1911-3846.12636.
- Kim, J. B., Liu, X., & Zheng, L. (2012). The impact of mandatory IFRS adoption on audit fees: Theory and evidence. The Accounting Review, 87(6), 2061–2094. https://doi.org/https://doi.org/10.2308/accr-50223
- Kinney, W. R., Palmrose, Z. V., & Scholz, S. (2004). Auditor independence, non-audit services, and restatements: Was the U.S. government right? Journal of Accounting Research, 42(3), 561–588. https://doi.org/https://doi.org/10.1111/j.1475-679X.2004.t01-1-00141.x
- Klamm, B. K., Kobelsky, K. W., & Watson, M. W. (2012). Determinants of the persistence of internal control weaknesses. Accounting Horizons, 26(2), 307–333. https://doi.org/https://doi.org/10.2308/acch-10266
- Klamm, B. K., & Watson, M. W. (2009). SOX 404 reported internal control weaknesses: A test of COSO framework components and information technology. Journal of Information Systems, 23(2), 1–23. https://doi.org/https://doi.org/10.2308/jis.2009.23.2.1
- Knechel, W. R., & Sharma, D. S. (2012). Auditor-provided nonaudit services and audit effectiveness and efficiency: Evidence from pre-and post-SOX audit report lags. Auditing: A Journal of Practice & Theory, 31(4), 85–114. https://doi.org/https://doi.org/10.2308/ajpt-10298
- Knechel, W. R., & Vanstraelen, A. (2007). The relationship between auditor tenure and audit quality implied by going concern opinions. Auditing: A Journal of Practice & Theory, 26(1), 113–131. https://doi.org/https://doi.org/10.2308/aud.2007.26.1.113
- Kothari, S. P., Leone, A. J., & Wasley, C. E. (2005). Performance matched discretionary accrual measures. Journal of Accounting and Economics, 39(1), 163–197. https://doi.org/https://doi.org/10.1016/j.jacceco.2004.11.002
- Lawrence, A., Minutti-Meza, M., & Vyas, D. (2018). Is operational control risk informative of financial reporting deficiencies? Auditing: A Journal of Practice & Theory, 37(1), 139–165. https://doi.org/https://doi.org/10.2308/ajpt-51784
- Lechner, M. (2010). The estimation of causal effects by difference-in-difference method sestimation of spatial panels. Foundations and Trends® in Econometrics, 4(3), 165–224. https://doi.org/https://doi.org/10.1561/0800000014
- Li, H., No, W. G., & Boritz, J. E. (2016). Are external auditors concerned about cyber incidents? Evidence from audit fees. (Working Paper. SSRN: 2880928).
- Masli, A., Peters, G. F., Richardson, V. J., & Sanchez, J. M. (2010). Examining the potential benefits of internal control monitoring technology. The Accounting Review, 85(3), 1001–1034. https://doi.org/https://doi.org/10.2308/accr.2010.85.3.1001
- Menon, K., & Williams, D. D. (2004). Former audit partners and abnormal accruals. The Accounting Review, 79(4), 1095–1118. https://doi.org/https://doi.org/10.2308/accr.2004.79.4.1095
- Messier, W. F., Eilifsen, A., & Austen, L. A. (2004). Auditor detected misstatements and the effect of information technology. International Journal of Auditing, 8(3), 223–235. https://doi.org/https://doi.org/10.1111/j.1099-1123.2004.00092.x
- Myers, J. N., Myers, L. A., & Skinner, D. J. (2007). Earnings momentum and earnings management. Journal of Accounting, Auditing and Finance, 22(2), 249–284. https://doi.org/https://doi.org/10.1177/0148558X0702200211
- National Conference of State Legislature (NCSL). (2017). Security breach notification laws. Retrieved July 26, 2017, from http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
- Ponemon Institute. (2016). Cost of data breach study: Global analysis. Retrieved December 8, 2018, from https://www-01.ibm.com/marketing/iwm/dre/signup?source=mrs-form-1995&S_PKG=ov49542
- Privacy Rights Clearinghouse (PRC). (2017). Chronology of data breaches: FAQ. Retrieved July 29, 2017, from https://www.privacyrights.org/chronology-data-breaches-faq
- Public Company Accounting Oversight Board (2OB). (2010). Identifying and assessing risks of material misstatement. AS No. 12..
- Public Company Accounting Oversight Board (PCAOB). (2013). Considerations for audits of internal control over financial reporting.
- Public Company Accounting Oversight Board (PCAOB). (2014). Auditing standard no. 2 - An audit of internal control over financial reporting performed in conjunction with an audit of financial statements.
- Raghunandan, K., & Rama, D. (1995). Audit opinions for companies in financial distress: Before and after SAS No. 59. Auditing: A Journal of Practice & Theory, 14, 50–63.
- Reynolds, J. K., & Francis, J. R. (2000). Does size matter? The influence of large clients on office-level auditor reporting decisions. Journal of Accounting and Economics, 30(3), 375–400. https://doi.org/https://doi.org/10.1016/S0165-4101(01)00010-6
- Richardson, S., Tuna, I., & Wu, W. (2002). Predicting earnings management: The case of earnings restatements. (Working paper). University of Pennsylvania.
- Rogers, W. (1993). Regression standard errors in clustered samples. Stata Technical Bulletin, 13, 19–23.
- Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach litigation. Journal of Empirical Legal Studies, 11(1), 74–104. https://doi.org/https://doi.org/10.1111/jels.12035
- Romanosky, S., Telang, R., & Acquisti, A. (2011). Do data breach disclosure laws reduce identity theft? Journal of Policy Analysis and Management, 30(2), 256–286. https://doi.org/https://doi.org/10.1002/pam.20567
- Rosati, P., Deeney, P., Cummins, M., Van der Werff, L., & Lynn, T. (2019a). Social media and stock price reaction to data breach announcements: Evidence from US listed companies. Research in International Business and Finance, 47, 458–469. https://doi.org/https://doi.org/10.1016/j.ribaf.2018.09.007
- Rosati, P., Deeney, P., Gogolin, F., Cummins, M., van der Werff, L., & Lynn, T. (2017). The effect of data breach announcements beyond the stock price: Empirical evidence on market activity. International Review of Financial Analysis, 49, 146–154. https://doi.org/https://doi.org/10.1016/j.irfa.2017.01.001
- Rosati, P., Gogolin, F., & Lynn, T. (2019b). Audit firm assessments of cyber-security risk: Evidence from audit fees and SEC comment letters. The International Journal of Accounting, 54(03), 1950013. https://doi.org/https://doi.org/10.1142/S1094406019500136
- Rosati, P., & Lynn, T. (2016). AIS: Challenges to technology implementation. In M. Quinn & E. Strauss (Eds.), AIS companion (pp. 272–291). Routledge.
- Securities and Exchange Commission (SEC). (2011). CF disclosure guidance: Topic No. 2 – Cybersecurity. Retrieved December 8, 2018, from https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm
- Securities and Exchange Commission (SEC). (2018). Commission Statement and Guidance on Public Company Cybersecurity Disclosures. Retrieved December 8, 2018, from https://www.sec.gov/rules/interp/2018/33-10459.pdf
- Simunic, D. A. (1980). The pricing of audit services: Theory and evidence. Journal of Accounting Research, 18(1), 161–190. https://doi.org/https://doi.org/10.2307/2490397
- Stanley, J. D., & DeZoort, F. T. (2007). Audit firm tenure and financial restatements: An analysis of industry specialization and fee effects. Journal of Accounting and Public Policy, 26(2), 131–159. https://doi.org/https://doi.org/10.1016/j.jaccpubpol.2007.02.003
- Tang, T., Mo, P. L. L., & Chan, K. H. (2017). Tax collector or tax avoider? An investigation of intergovernmental agency conflicts. The Accounting Review, 92(2), 247–270. https://doi.org/https://doi.org/10.2308/accr-51526
- Volz, D., & Shepardson, D. (2017). Criticism of Equifax data breach response mounts, shares tumble. Reuters (September 8, 2017). Retrieved December 8, 2018, from https://www.reuters.com/article/us-equifax-cyber/equifax-shares-slump-after-massive-data-breach-idUSKCN1BJ1NF
- Walker, P. L., & Casterella, J. R. (2000). The role of auditee profitability in pricing new audit engagements. Auditing: A Journal of Practice and Theory, 19(1), 157–167. https://doi.org/https://doi.org/10.2308/aud.2000.19.1.157
- Wang, X. (2010). Increased disclosure requirements and corporate governance decisions: Evidence from chief financial officers in the pre-and post–Sarbanes-Oxley periods. Journal of Accounting Research, 48(4), 885–920. https://doi.org/https://doi.org/10.1111/j.1475-679X.2010.00378.x
- Wang, T., Kannan, K. N., & Ulmer, J. R. (2013). The association between the disclosure and the realization of information security risk factors. Information Systems Research, 24(2), 201–218.
- Warfield, T., Wild, J., & Wild, K. (1995). Managerial ownership, accounting choices, and informativeness of earnings. Journal of Accounting and Economics, 20(1), 61–91. https://doi.org/https://doi.org/10.1016/0165-4101(94)00393-J
- Whisenant, S., Sankaraguruswamy, S., & Raghunandan, K. (2003). Evidence on the joint determination of audit and non-audit fees. Journal of Accounting Research, 41(4), 721–744. https://doi.org/https://doi.org/10.1111/1475-679X.00121
- Wooldridge, J. M. (2010). Econometric analysis of cross section and panel data. MIT Press.
- Yayla, A. A., & Hu, Q. (2011). The impact of information security events on the stock value of firms: The effect of contingency factors. Journal of Information Technology, 26(1), 60–77. https://doi.org/https://doi.org/10.1057/jit.2010.4
- Yu, J., Kwak, B., Park, M. S., & Zang, Y. (2020). The impact of CEO/CFO outside directorships on auditor selection and audit quality. European Accounting Review. https://doi.org/https://doi.org/10.1080/09638180.2020.1807381
- Zhang, J. Z., & Yu, Y. (2016). Does board independence affect audit fees? Evidence from recent regulatory reforms. European Accounting Review, 25(4), 793–814. https://doi.org/https://doi.org/10.1080/09638180.2015.1117007