The Impact of Persuasive Response Sequence and Consistency When Information Technology Service Providers Address Auditor-Identified Issues in System and Organization Control 2 Reports

Abstract

ABSTRACT We examine how an IT service provider’s persuasive communication related to SOC2 report findings influences management’s (i.e., user-entities’) perceptions of the outsourced services. Within SOC2 reports, service providers can attempt to influence management’s impressions of auditor-identified issues and, due to the report’s limited audience, also follow up with management about these issues. Using dual-process theories of persuasion, we predict the type of persuasion used by a service provider in a SOC2 report (contend or concede), and its consistency with follow-up persuasive appeals (contend or concede), will influence management’s perceptions of the services provided. In an experiment, only when the service provider first contends the auditor’s findings does a follow-up concession (rather than contention) result in more favorable perceptions. Persuasion tactics also influence management’s processing of risk factors, which impact their trust in the service. Thus, IT service providers’ initial and follow-up persuasive communications influence management’s assessment of SOC2 auditor-identified issues. Data Availability: Data used in this study are available upon request.