Research Article
Are External Auditors Capable of Dealing with Cybersecurity Risks?
@INPROCEEDINGS{10.1007/978-3-031-36574-4_19, author={Yueqi Li and Sanjay Goel and Kevin Williams}, title={Are External Auditors Capable of Dealing with Cybersecurity Risks?}, proceedings={Digital Forensics and Cyber Crime. 13th EAI International Conference, ICDF2C 2022, Boston, MA, November 16-18, 2022, Proceedings}, proceedings_a={ICDF2C}, year={2023}, month={7}, keywords={External Auditor Cybersecurity Performance Personality Operating Stress Risk Attitudes}, doi={10.1007/978-3-031-36574-4_19} }- Yueqi Li
Sanjay Goel
Kevin Williams
Year: 2023
Are External Auditors Capable of Dealing with Cybersecurity Risks?
ICDF2C
Springer
DOI: 10.1007/978-3-031-36574-4_19
Abstract
Cyber risk presents a significant threat to financial reporting systems and capital markets, regulatory authorities expect external auditors to obtain the competence necessary to deal with cyber risk. As an exploratory study, we aim to address the urgent question that whether current external financial auditors can deal with cybersecurity-related tasks, as well as what drives their performance in these emerging tasks related to cybersecurity. Based on the survey data of external auditors from accounting firms located in Shanghai, China, we found that these auditors did not consistently understand fundamental concepts related to cyber risk. Using partial least squares based structural equation modeling, results indicate that the personality trait of openness to experiences positively, while operating stress negatively impact auditor performance in cybersecurity. Auditors’ risk attitudes did not show significant influence on their cybersecurity performance. These findings can be used as a new source for regulators, researchers, and practitioners in their efforts of identifying audit quality drivers in the changing environments.
