Do IT matters matter? IT-related key audit matters in Dutch annual reports

Abstract

After the recent financial crises, regulators have started reform projects for the auditor’s report, the part of a company’s financial statements that presents the auditor’s opinion. One of the reforms is the transition from a standardised auditor’s report without any company-specific information to a report that discloses company-specific information in the so-called key audit matters, significant risks of material misstatement in the company’s financial statements. In this paper, we investigate whether a specific subset of the key audit matters, namely those that are IT-related, can be a useful source of company-specific information. Information on IT is important for stakeholders: research in the past decades has shown that IT can potentially disrupt industries, affect a company’s stock market value, create risks for a company’s continuity, or endanger the integrity of the financial statements. Company-specific information on IT is therefore relevant, but it is also scarce, as there are hardly any mandatory disclosures and companies do not frequently disclose IT-related information voluntarily. IT-related key audit matters could fill a gap in information availability for stakeholders such as investors, auditors and academics. We study the auditor’s reports in the financial statements of the companies list on the main Dutch stock market, the AEX. This Dutch market regulator has been a frontrunner for the implementation of the new auditor’s report: disclosure of key audit matters has been voluntary in 2012, and mandatory since 2013. In the 75 annual reports, we identify 255 key audit matters, 39 of which were IT-related. We find that the IT-related key audit matters already contain useful information for investors. However, both auditors and academics can play a role in further development of the value of key audit matter disclosures. We argue that auditors may need to pay more attention to high-risk areas such as cyber security. We encourage academics to identify and design innovations of the auditor’s report proactively.