Abstract
I examine whether auditors generalize their knowledge across different clients (cross-client learning) to prevent data breaches. I focus on two audit mistakes. One relates directly to data breaches, and the other is severe restatements (indirect experiences strongly related to auditors’ reputational incentives), to gauge the extent to which auditors generalize their mistakes across clients to deter data breaches. I find that cross-client learning is stronger when learning experiences are similar, when these experiences directly relate to monitoring technologies (i.e., when auditors inspect a firm’s internal controls in integrated audits, including IT controls), when mistakes are more severe, and when clients are more receptive (i.e., in the presence of increased reputational risks and good internal controls). I also conduct interviews and an anonymous survey to collect information not captured by the empirical analyses. Collectively, my paper uses cross-client learning to explain whether and how third-party monitors can deter data breaches and quantifies the economic significance of this learning.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
