An Examination of the Audit Implications of Third-Party Risk
| dc.contributor.author | Filosa, Jessica Rose | en |
| dc.contributor.committeechair | Stein, Sarah E. | en |
| dc.contributor.committeemember | Acito, Andrew A. | en |
| dc.contributor.committeemember | Pittman, Jeffrey Arthur | en |
| dc.contributor.committeemember | Lowry, Michelle Rene | en |
| dc.contributor.department | Business, Accounting and Information Systems | en |
| dc.date.accessioned | 2024-05-24T08:02:23Z | en |
| dc.date.available | 2024-05-24T08:02:23Z | en |
| dc.date.issued | 2024-05-23 | en |
| dc.description.abstractgeneral | This study explores whether companies that engage in outsourcing suffer negative audit-related consequences. Outsourcing exposes companies to third-party risk, which is the risk associated with outsourcing IT systems and/or business operations to external companies. Publicly traded companies in the United States are required to file a financial report with the Securities and Exchange Commission each year that includes a discussion of significant risks the company faces. I use this disclosure to identify companies that reveal third-party risk as a major threat to their organization and use machine learning to develop a measure that distinguishes companies exposed to third-party risk from those that are not. Using this measure, I examine whether companies exposed to third-party risk arrangements are more likely to suffer from low quality internal controls, to experience a cybersecurity incident, or to pay higher fees to their external auditor. The results do not show an association between my measure of third-party risk and the likelihood that a company reports a problem with internal controls. However, I do find that companies exposed to third-party risk are more likely to experience a cybersecurity incident. Lastly, I find that companies exposed to third-party risk pay higher fees to their external auditors in the initial year that this risk appears in their annual report. Overall, these results provide initial empirical evidence on the existence and consequences of third-party risk. The findings may be of interest to accounting professionals and managers who are in the early stages of learning to identify and manage their third-party risk exposure. Regulators may also benefit from this study as they contemplate updating the auditing standards related to outsourcing. | en |
| dc.description.degree | Doctor of Philosophy | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:39883 | en |
| dc.identifier.uri | https://hdl.handle.net/10919/119084 | en |
| dc.language.iso | en | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | third-party risk | en |
| dc.subject | outsourcing | en |
| dc.subject | internal control | en |
| dc.subject | cybersecurity | en |
| dc.subject | audit fees | en |
| dc.subject | operational efficiency | en |
| dc.title | An Examination of the Audit Implications of Third-Party Risk | en |
| dc.type | Dissertation | en |
| thesis.degree.discipline | Business, Accounting and Information Systems | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | doctoral | en |
| thesis.degree.name | Doctor of Philosophy | en |
Files
Original bundle
1 - 1 of 1