An Examination of the Audit Implications of Third-Party Risk

dc.contributor.authorFilosa, Jessica Roseen
dc.contributor.committeechairStein, Sarah E.en
dc.contributor.committeememberAcito, Andrew A.en
dc.contributor.committeememberPittman, Jeffrey Arthuren
dc.contributor.committeememberLowry, Michelle Reneen
dc.contributor.departmentBusiness, Accounting and Information Systemsen
dc.description.abstractgeneralThis study explores whether companies that engage in outsourcing suffer negative audit-related consequences. Outsourcing exposes companies to third-party risk, which is the risk associated with outsourcing IT systems and/or business operations to external companies. Publicly traded companies in the United States are required to file a financial report with the Securities and Exchange Commission each year that includes a discussion of significant risks the company faces. I use this disclosure to identify companies that reveal third-party risk as a major threat to their organization and use machine learning to develop a measure that distinguishes companies exposed to third-party risk from those that are not. Using this measure, I examine whether companies exposed to third-party risk arrangements are more likely to suffer from low quality internal controls, to experience a cybersecurity incident, or to pay higher fees to their external auditor. The results do not show an association between my measure of third-party risk and the likelihood that a company reports a problem with internal controls. However, I do find that companies exposed to third-party risk are more likely to experience a cybersecurity incident. Lastly, I find that companies exposed to third-party risk pay higher fees to their external auditors in the initial year that this risk appears in their annual report. Overall, these results provide initial empirical evidence on the existence and consequences of third-party risk. The findings may be of interest to accounting professionals and managers who are in the early stages of learning to identify and manage their third-party risk exposure. Regulators may also benefit from this study as they contemplate updating the auditing standards related to outsourcing.en
dc.description.degreeDoctor of Philosophyen
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.subjectthird-party risken
dc.subjectinternal controlen
dc.subjectaudit feesen
dc.subjectoperational efficiencyen
dc.titleAn Examination of the Audit Implications of Third-Party Risken
dc.typeDissertationen, Accounting and Information Systemsen Polytechnic Institute and State Universityen of Philosophyen


Original bundle
Now showing 1 - 1 of 1
3.49 MB
Adobe Portable Document Format