Your search keyword '"Perols, Rebecca R."' showing total 2 results

1. The Impact of the Type of Cybersecurity Assurance Service and Cybersecurity Incidents on Investor Perceptions and Decisions.

Author

Perols, Rebecca R.

Abstract

SUMMARY: Regulators, investors, and boards of directors are increasingly demanding information about organizations' cybersecurity risk management. I examine the effect of the AICPA's voluntary cybersecurity examination service on investor perceptions and decisions. Similar to a previous AICPA IT-related assurance service called WebTrust that failed in the marketplace, cybersecurity examinations face competition from less comprehensive and less costly assurance services in a nonstandardized assurance market, and it is unclear whether investors will recognize the value provided by the more comprehensive assurance service. I find that investors are more willing to invest when management disclosures describe a cybersecurity examination compared with a less comprehensive assurance service but only if the assurance is in response to a cybersecurity incident. I also find that this effect is mediated by investor perceptions of assurance quality. I, however, do not find support for these same effects when the assurance is disclosed in the absence of an incident. [ABSTRACT FROM AUTHOR]

Published

2024

2. The Impact of Cybersecurity Risk Management Examinations and Cybersecurity Incidents on Investor Perceptions and Decisions.

Author

Perols, Rebecca R. and Murthy, Uday S.

Subjects

AUDITING, ACCOUNTANTS, INTERNET security, QUALITY of service, INVESTORS, INFORMATION organization

Abstract

SUMMARY: In response to cybersecurity risk and demand for information about organizations' cybersecurity risk management programs, the American Institute of Certified Public Accountants (AICPA) recently released a cybersecurity risk management examination service. We examine the effect of joint or separate provisioning of this service on investors' perceptions and decisions, and whether these effects differ when a subsequent cybersecurity incident occurs. We find that the negative signal of a subsequent cybersecurity incident reverses investors' positive perceptions of auditor competence and increases investors' sensitivity to potential independence impairments when the cybersecurity is jointly provisioned, leading to lower perceptions of audit quality. We also find that investors are less willing to invest when the examination is jointly provisioned compared to separately provisioned. Our results provide important insights to the literature and to purchasers and regulators by examining an emerging non-audit service and how a signal of non-audit service quality can affect perceptions of audit quality. [ABSTRACT FROM AUTHOR]

Published

2021