Do Auditors Price Breach Risk in Their Audit Fees?

ABSTRACT Data security breaches have been shown in the literature to negatively affect firm operations. Auditors serve as an important, external governance mechanism with respect to a firm's overall risk management protocol. Consequently, our study examines whether auditors price breach risk into their fees and if a firm's internal governance can mitigate the potential increases in audit fees. Using a sample of breached firms ranging from 2005–2014, we adapt the Houston, Peters, and Pratt (2005) model to explore how auditors view audit risk related to breach risk. We find that breaches are associated with an increase in fees, but the result is driven by external breaches. Our evidence suggests the presence of board-level risk committees and more active audit committees may help mitigate the breach risk audit fee premium. Additional evidence suggests that both past breach disclosures as well as future disclosures are associated with audit fees.