Disclosures of cyber exposure and audit fees: Evidence from ASEAN-4 banking

Etikah Karyani; Ana Noveria; Taufik Faturohman; Raden Aswin Rahadi

Journal menu

Disclosures of cyber exposure and audit fees: Evidence from ASEAN-4 banking

Download This Article

Etikah Karyani , Ana Noveria , Taufik Faturohman , Raden Aswin Rahadi

https://doi.org/10.22495/cgobrv7i4sip8

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

This study examines how external auditors respond to the disclosure of cyber exposures by commercial banks and how the COVID-19 pandemic period accentuates the effect of voluntary cyber risk disclosures (CRDs) on audit fees. Our study is a preliminary study analysing the CRD of the financial industry in emerging economies in the Association of Southeast Asian Nations (ASEAN). It extends Calderon and Gao’s (2021) study one step further with respect to the COVID-19 pandemic and identifies items by using manually collected keywords to extract CRDs. During the period 2015–2020, our samples are 63 listed banks in four ASEAN members (Indonesia, Malaysia, Thailand, and the Philippines — ASEAN-4) and the one-step generalized method of moments (GMM) is used. The study found that audit fees are significantly associated with CRD, including risk causes and impacts. Meanwhile, cyber risk governance disclosures affect audit fees after a one-year lag. This indicates that voluntary CRD is informative. Audit fees are also significantly affected by the interaction between CRD and COVID-19. It suggests that auditors incorporate the nature and content of client CRDs into their fee structure and directly support regulatory reporting requirements in emerging ASEAN countries to include cyber risk factors in annual bank statements.

Keywords: Cyber Risk Governance, Audit Service, Cyber Attack, Generalized Method of Moments

Authors’ individual contribution: Conceptualization — E.K., A.N., T.F., and R.A.R.; Methodology — E.K. and A.N.; Formal Analysis — E.K.; Investigation — E.K. and A.N.; Writing — Original Draft — E.K.; Writing — Review & Editing — E.K.; Project Administration — T.F. and R.A.R.

Declaration of conflicting interests: The Authors declare that there is no conflict of interest.

JEL Classification: E50, E58, G21, M41, M42

Received: 06.03.2023
Accepted: 04.12.2023
Published online: 06.12.2023

How to cite this paper: Karyani, E., Noveria, A., Faturohman, T., & Rahadi, R. A. (2023). Disclosures of cyber exposure and audit fees: Evidence from ASEAN-4 banking [Special issue]. Corporate Governance and Organizational Behavior Review, 7(4), 299–312. https://doi.org/10.22495/cgobrv7i4sip8