Investigating risk disclosures in Italian integrated reports

Purpose – The paper identi ﬁ es the types of risks disclosed by Italian organisations using integrated reporting(IR). This paper aims to understandthelevel andfeaturesof risk disclosurewith theadoptionof IR. Design/methodology/approach – The authors use risk classi ﬁ cations already provided in the literature to developa contentanalysisof Italian organisations ’ integrated reportspublished. Findings – The content analysis reveals that most of the Italian organisations incorporate many types of risk disclosure into their integrated reports. Organisations use this alternative form of reporting to communicate risk differently from how they disclose risks in traditional annual ﬁ nancial reporting. That is, the study ﬁ nds that the organisations use their integrated reports to disclose a broader group of risks, related to theenvironmentandsociety,anddoso usingnarrative andvisual representation. Originality/value – The paper contributes to a narrow stream of research investigating risk disclosure providedthrough IR,contributing to theunderstandingofthe role ofIR in representing anorganisationalrisk.


Introduction
Risk reporting is considered a "cornerstone of accounting and investment practice" (Abraham and Cox, 2007, p. 228). Prior empirical research mostly investigates risk disclosure in annual reports, observing a common tendency to disclose mainly qualitative, backward-looking and boilerplate risk information (Lajili and Zéghal, 2005;Linsley and Lawrence, 2007;Oliveira et al., 2011;Abraham and Shrives, 2014). The adequacy of such reports in meeting users' information needs is questionable Steyn, 2014;Moolman et al., 2016). Several studies emphasise the pivotal role of risk disclosure in reducing uncertainty and improving organisational transparency, investors' decision-making processes and market discipline Abraham and Cox, 2007;Oliveira et al., 2011;Leopizzi et al., 2019). In focussing only on financial risk, however, traditional financial reports overlook other types of risk that are a threat to organisational sustainability and that of society more broadly. However, this broader disclosure of risk is of interest to a range of stakeholders and is one of the goals of the IR project.
In combining financial and non-financial information in an interconnected and forwardlooking perspective, integrated reporting (IR) is expected to overcome the shortcomings of traditional financial reports, providing stakeholders, including investors, with more informed and better resource allocation and decision-making processes; better alignment of reporting information with investor needs; reduced uncertainty; and higher levels of confidence with stakeholders (Frías-Aceituno et al., 2013a;Steyn, 2014;Pavlopoulos et al., 2019).
In particular, IR is expected: to support organisations in managing various risks; identify opportunities; connect risks with organisational strategies; develop business models; and understand the non-financial dimensions that contribute to the value creation process (Atkins and Maroun, 2015;Pavlopoulos et al., 2019).
These goals mean that IR has the potential to act as a stimulus for expanding corporate risk disclosure discourse from financial to non-financial risks, also called "bigger risks" (Steyn, 2014). By disclosing these more significant risks, which have widespread implications for organisations and society, IR shines a "spotlight on corporate governance practices" (Dumay and Hossain, 2019, p. 3). Further, EU regulations governing non-financial disclosures, coupled with the UN's sustainable developments goals, create pressure for companies to provide more disclosure about the different type of risks they face.
As the creation of the international integrated reporting council (IIRC) and the publication of its integrated reporting framework (<IRF>) in 2013, both researchers and consultants have emphasised the challenges companies face when developing risk-related disclosure strategies for integrated reports (Eurosif and ACCA, 2013;PwC, 2013;Moolman et al., 2016). The <IRF> states that: [. . .]integrated thinking takes into account the connectivity and interdependencies between the range of factors that affect an organisation's ability to create value over time, including how the organisation tailors its business model and strategy to respond to its external environment and the risks and opportunities it faces (IIRC, 2013, p. 2). As highlighted by de Villiers et al. (2014), risks and opportunities should be a critical area of disclosure in IR practices. Thus, further research on risk disclosure practices benefits standard setters and regulators in the development of guidelines and standards, encompassing the relationship between risk disclosures and the value creation process.
Mainstream risk disclosure literature still focusses on traditional annual reports, while, to date, a dearth of studies investigating risk disclosure in integrated reports appears. The few research conducted on IR (Marx and Mohammadali-Haji, 2014;Moolman et al., 2016; MEDAR 28,6 Raemaekers et al., 2016) mainly focus on South African context, where IR is a listing requirement. They evidence several limitations which pave the way for more in-depth research examining the level and how risk disclosure is provided.
The present study examines risk disclosure practices and representation of risk in a sample of 18 early Italian adopters of IR. We pay particular attention to what we call "bigger" risk that is a broader set of traditional and non-traditional forms of risks, such as environmental, social and sustainability issues that have an impact beyond a single organisation over communities and societyour aim to develop insights into the potential of IR to change corporate disclosure practices.
The rest of this paper is organised as follows. Section 2 provides background on IR, including both the European Directive (2014/94/EU) and its member state legislation. Section 3 outlines the theoretical background while Section 4 offers a brief literature review of risk disclosure and IR practices. Section 5 provides the context for the empirical analysis and the methods used. The results are presented and discussed in Sections 6 and 7. Finally, Section 8 concludes and identifies further research areas.

Integrated reporting: an overview
Corporate reporting has multiple functions and includes different reporting tools to address stakeholder information needs. According to Eccles and Spiesshofer (2015), financial reporting aims to inform investors, whereas sustainability and IR are aimed at all stakeholders, and may incorporate both financial and non-financial information. For this reason, the content of financial reports tends to be limited to mandatory financial details, while voluntary reporting practices, such as sustainability and IR, tend to focus on either just non-financial information or integrated, as the name suggests, with financial data ( Table 1).
The <IRF> (IIRC, 2013, p. 4), states that the primary purpose of an integrated report is to: [. . .] explain to providers of financial capital how an organization creates value over time. An integrated report benefits all stakeholders interested in an organization' s ability to create value over time, including employees, customers, suppliers, business partners, local communities, legislators, regulators and policy-makers.
The <IRF> also states that an integrated report should include a description of the business model and the principal risks relating to all of these aspects, including any possible adverse impacts created by the business model (ACCA, 2016). Companies should be able to demonstrate how sustainability practices have been integrated into their business strategy, both to explain how value has been created over time and the future risks that may be faced. The <IRF> promotes the integrated thinking as the "the active consideration by an organisation of the relationships between its various operating and functional units and the capitals that the organisation uses or affects" (IIRC, 2013, p. 2). The integrated thinking Italian integrated reports requires an in-depth awareness and comprehension of the organisation's business model as a way to better identify and manage future risks and opportunities (La Torre et al., 2019). IR is intended to overcome the shortcomings of traditional annual reports based on backward-looking financial information, proposing a forward-looking perspective to corporate reporting focussed on crucial aspects of sustainable value creation process such as risks evolution and financial and non-financial capitals management (Atkins and Maroun, 2015;Maroun, 2017Maroun, , 2019. Although some studies argue that the <IRF> has shifted its initial focus from all stakeholders to mainly investors (Flower, 2015;Dumay et al., 2016Girella et al., 2019), a broader range of stakeholders is still part of the essential audience. As McNally et al. (2017, p. 5) advocate, IR should adopt a "stakeholder-centric" perspective. This entails that IR should offer a comprehensive picture of the social, environmental and economic issues which potentially generate risks and influence the sustainability of business models (Stubbs and Higgins, 2014;Raemaekers et al., 2016;McNally et al., 2017). The <IRF> can address several requirements set out in the EU's Non-Financial Reporting Directive 2014/94/EU (the Directive) (EC, 2014). The directive amends the previous Fourth (78/660/EEC) and seventh (83/349/EEC) accounting directives on annual and consolidated accounts to underline the importance of non-financial disclosure and intangible assets, such as branding and reputation (Eccles and Spiesshofer, 2015). The primary objective of the directive is to increase transparency on a variety of environmental and social matters. The approximately 6,000 public interest organisations affected by the new rules need to disclose information on policies, risks and results regarding ecological issues, social and employee-related issues, respect for human rights, anti-corruption and bribery issues and diversity on the board of directors (2014/94/EU). Also, companies must include a description of their business model, the policies and controls applied, the results obtained, and the risks associated with proprietary trading, third-party trading, and any product or services of the company that may impact these items. Companies must describe the way these items are managed (EC, 2014). Under the "comply or explain" principle, widely used in corporate governance codes, if a company does not disclose specific information, it must explain why. Several studies have already called for rules-based, rather than principles-based, guidelines "to make companies more responsible for disclosing sustainability risk information of substance" (Dumay and Hossain, 2019, p. 13). The directive does not specify any one particular format for reporting and disclosure (2014/94/EU). The European Commission guidelines (EC, 2017) introduce key indicators to facilitate "pertinent, useful and comparable" dissemination of their non-financial results. Nonetheless, these guidelines are not mandatory and organisations may opt to use various national and international frameworks and guidelines and a mix of these in preparing their reports. The only condition is that an organisation must indicate which frameworks and guidelines it is using.
Italian Legislative Decree no. 254 of 30 December 2016 transposed the directive into Italian law and became effective in the financial year beginning 1 January 2017. The decree applies to bodies or groups of bodies, of public interest of significant size (total net revenues greater than e40m or total assets of over e20m). Amongst others, bodies of public interest include listed companies with an average of more than 500 workers over the reporting year.
The regulatory changes in the EU represent an opportunity to understand whether and how the directive affects the organisational design and decision-making given the additional data that may become available as a result of these changesmainly in the areas of risk management, performance measurement and non-financial information (Wagenhofer, 2016).
With significant changes to reporting taking place, it is useful to examine the role of IR in risk disclosure, given its likely role under the new directive. Therefore, this study's investigation MEDAR 28,6 of how early adopters of IR in Italy disclose information, with a particular focus on risk disclosure relating to environmental and social issues, has implications for both research and policy-making, such as the UN's sustainable developments goals, as well as addressing critical issues of risk for both large and small investors and stakeholders more broadly.

Theoretical background
Previous studies highlight that analysis of risk disclosure should consider several quality dimensions, such as the metrics adopted to quantify risks (i.e. monetary or non-monetary), outlook (i.e. past, present or future) and tone of the sentence (i.e. good, neutral or bad news) Abraham and Shrives, 2014;Leopizzi et al., 2019). However, the theoretical perspective through which to discuss the motivations and determinants of risk disclosure varies among authors (Oliveira et al., 2011).
Several scholars have used proprietary cost theory to conceptualise reporting attitudes towards the cost and benefits of risk disclosure in terms of market response (Verrecchia, 1983;Healy and Palepu, 2001;Abraham and Shrives, 2014;Leopizzi et al., 2019). Following this theoretical perspective, the level of disclosure provided by an organisation strictly depends on the probability of incurring costs related to a reduction in competitive advantage and future cash flows (Abraham and Shrives, 2014). In particular, the disclosure of commercially or politically sensitive information such as specific monetary or bad news related to risk management may be detrimental for firms because it can be exploited by direct competitors to their advantage (Healy and Palepu, 2001;Abraham and Shrives, 2014;Leopizzi et al., 2019). As such, managers need to find the trade-off between confidentiality and transparency in terms of risk disclosure, trying to minimise any proprietary costs without neglecting investors and other stakeholders' information needs to organisational risks (Rajab and Handley-Schachler, 2009;Abraham and Shrives, 2014;Leopizzi et al., 2019). From an IR perspective, this implies that the level of disclosure an organisation provide should be evaluated balancing the pressures exercised by stakeholders and investors to obtain financial and non-financial information and the related costs (van Zijl et al., 2017). Therefore, if the pressures for information remain below a certain threshold organisations are not stimulated to increase the content of IR as it may attract further scrutiny from stakeholders and competitors (van Zijl et al., 2017).
Other studies examine reporting through the lens of stakeholder theory to explore the links between companies and their stakeholders, which includes an understanding of how organisations respond to stakeholder expectations for information relating to risk and opportunities (Deegan, 2000). According to stakeholder theory, any organisation is included in a broad ecosystem in which it influences and is influenced by other entities or stakeholders groups that exert social, economic and political pressures and have different expectations and viewpoints (Deegan, 2000;García-Sánchez et al., 2013). Stakeholders are considered as strategic resource providers, able to affect a firm's performance. As such, the success and survival of the organisation rely upon its ability to manage and balance relationships with stakeholders by conveying a satisfactory level of disclosure on both financial and non-financial issues (Gray et al., 1995;García-Sánchez et al., 2013). In particular, non-financial disclosure, including information on risks and their impact on the financial viability of the organisation, is pivotal to meet the expectations of stakeholders (Saggar and Singh, 2017;Dumay and Hossain, 2019). This particularly applies to risks arising from the social and environmental impacts of organisational activities (Dumay and Hossain, 2019;Leopizzi et al., 2019), what in this paper we term "bigger risks". Going beyond a mere combination of annual and sustainability reports, the IR proposes a multidimensional approach to corporate reporting in which organisation's strategy, risk assessment and managerial processes are interconnected with financial and non-financial performance to provide stakeholders with a comprehensive picture of organisational value creation process (Atkins and Maroun, 2015;Maroun, 2017Maroun, , 2019. We apply these theoretical lenses in our examination of IR and risk disclosure, examining how the Italian organisations we study undertake the careful balancing of risk disclosure vis-à-vis competitive advantage, as well as using disclosure to meet the needs of stakeholders. The following section briefly reviews the literature on risk disclosure and risk representation in IR. 4. Linking risk disclosure and integrated reporting IR can be seen as an alternative risk representation technology to offer a new understanding of how perceived risks are connected with the strategy and outlook of the company (Enslin et al., 2015). According to van Zijl et al. (2017, p. 73), IR should "provide users with a detailed explanation of how an organisation manages financial and non-financial risks to generate sustainable returns". Therefore, in recognising the interconnections between financial, environmental and social dimensions of corporate performance, IR may act as a stimulus for organisations' management and governance actors to adopt a forward-looking and strategic perspective in identifying related risk and opportunities (Eccles and Krzus, 2010;Brown and Dillard, 2014;van Zijl et al., 2017).
The IIRC has standardised the principles and core elements of the <IRF> to codify best practice by suggesting a risk management process that can support value creation (IIRC, 2013). However, to date, no empirical research examines the impact of applying the <IRF> and IR practices on risk-related representations.
Prior literature on risk disclosure discusses: The characteristics of risk disclosure and regulatory power (Beretta and Bozzolan, 2004;Lajili and Zéghal, 2005;Dumay and Hossain, 2019;Leopizzi et al., 2019). Possible determinants of risk disclosure (Beretta and Bozzolan, 2004;Abraham and Cox, 2007;Rajab and Handley-Schachler, 2009;Allini et al., 2016;Elamer et al., 2019;Kouloukoui et al., 2019). The effects of risk disclosure Dobler, 2008). Solomon et al. (2000) highlight the importance of disclosing firm-specific risks rather than generic ones because generic risks are more likely to remain constant over time and are therefore less relevant to stakeholders. However, firm-specific risks can change every year. Lajili and Zéghal (2005) analyse the annual reports of listed Canadian companies, finding that risk disclosure is embedded in both the management and discussion analysis (MDA) and the notes to the financial statements -financial risk being the most frequently disclosed. Moreover, their research also highlights that risk disclosure is almost always qualitative and somewhat vague. Beretta and Bozzolan's (2004) analysis of the MDAs of 85 Italian listed companies reveals a limited impact of risk disclosure in quantitative terms, particularly surrounding the potential effects of future risk. They argue that Italian companies are more inclined to disclose past rather than future risks.  reveal that risk disclosure is mainly qualitative because companies are reluctant to quantify the risks they face. Drawing on , Rajab and Handley-Schachler (2009) also find, from a sample of 52 UK companies, that risk disclosure is more qualitative, backwardlooking and non-time sensitive and mostly relates to operational risk. Oliveira et al. (2011) identify that Portuguese companies tend to publish vague risk disclosure. Again, the disclosures are mostly qualitative and backward-looking, which, they argue, is inadequate to satisfy the information needs of stakeholders. Abraham and Shrives (2014) confirm that MEDAR 28,6 risk disclosure in annual reports are often "boilerplate", making it difficult for readers to interpret actual risk. Dumay and Hossain (2019) investigate the extent to which the top 100 Australian listed companies disclosed economic, environmental and social sustainability risk information in their corporate governance report during the 2014/2015 financial year. They find that social and environmental sustainability risk disclosure is prevalent in firms that have a direct physical impact on the environment and society (sensitive industries), while economic sustainability risk disclosure is more widespread in firms with less physical impacts (nonsensitive industries). They also find that firms still prefer annual reports as their primary tool for disseminating sustainability risk information. Leopizzi et al. (2019) examine a sample of 202 Italian companies obliged to follow the Decree 254/2016, to assess the extent and the characteristics of non-financial risk disclosure provided through annual reports or, where present, in sustainability and integrated reports during the period 2016 to 2017. They find a prevalence of environmental, health and safety risk disclosure, past or presentoriented and neutral or positive information.
Kouloukoui et al. (2019) focus on non-financial risk disclosure, investigating the level and the determinants of climate risks information disclosure provided in the sustainability reports of a sample of 67 firms listed on the Brazilian Stock Exchange for the period 2009 to 2014. Although Brazilian companies tend to disclose information on climate risks, the level of this type of disclosure remains relatively low. Elamer et al. (2019) focus on the financial sector, investigating a sample of 100 banks listed on 14 the Middle East and North Africa stock exchanges to analyse the level and type of risk disclosure provided through the annual reports for the period 2006 to 2013, as well as its possible determinants. Their results demonstrate a continuous increase in risk disclosure over time and a focus on capital risks, credit risks and strategic risks by IFRS and Basel regulation and requirements.
This brief literature review highlights that risk disclosures are mainly qualitative, backward-looking and boilerplate-type information (Lajili and Zéghal, 2005;Linsley and Lawrence, 2007;Oliveira et al., 2011;Abraham and Shrives, 2014). This suggests that IR has the potential to address a need for more comprehensive risk disclosure, as stated in one of the <IRF>'s aims, which is to disclose.
[. . .] any real risks (whether they be in the short, medium or long term) that are fundamental to the ongoing ability of the organisation to create value and that could have extreme consequences (IIRC, 2013 p. 27).
However, to date, risk disclosure in IR has been the subject of only limited academic investigation.
Some studies specifically addressed challenges, barriers and opportunities arising from IR adoption, providing theoretical and practical insights from a disclosure perspective. Therefore, Stubbs and Higgins (2014) evidence that, while the adoption of IR has produced significant changes in some organisations, influencing their processes and structures, in other companies it exerted only a limited influence without promoting innovations in disclosure mechanisms. McNally et al. (2017) observed that the adoption of IR did not alter the financial imperative of some South African companies, resulting in a mere "cosmetic" change, still focussing on financial issues and conveying disaggregated information into distinct parts of the report. Both Stubbs and Higgins (2014) and McNally et al. (2017) call IR adopters for enhancing the understanding of stakeholders' information needs about sustainability issues. The same claims can be found in Atkins and Maroun's (2015) study which evidences the need to improve the stakeholders' engagement and reduce the length of the report to provide a concise IR focussed on the relevant financial and non-financial issues influencing an organisation's performance and sustainability. From a similar standpoint, Maroun (2017Maroun ( , 2019 highlights the need to enrich IR with a specific external assurance to improve the credibility, reliability and quality of both qualitative and quantitative non-financial information. A valid assurance framework may be particularly beneficial to improve the quality of inherently subjective information such as those related to strategy and risks identification and management (Maroun, 2017).
A further strand of research turned to the determinants and effects of IR (García-Sánchez et al., 2013;Frías-Aceituno et al., 2013a, 2013b, 2015Girella et al., 2019). Several studies discuss the effects of IR disclosures on investors and financial markets (Barth et al., 2016;Zhou et al., 2017), with some paying specific attention to risk disclosure (Marx and Mohammadali-Haji, 2014;Moolman et al., 2016;Raemaekers et al., 2016;Manes-Rossi et al., 2017). An analysis of South African companies pinpoints the "possibility of reporting on the governance of risk being a compliance-based exercise rather than an example of effective stakeholder communication" (Raemaekers et al., 2016, p. 41). van Zijl et al. (2017) highlight that South African listed firms operating in industry sectors characterized by a massive public scrutiny (e.g. banking and real estate) and a business model which clearly connect financial, social and environmental issues, tend to provide more risk-related disclosure than those (e.g. investment and financial instrument firms) that have a more abstract business model and are less engaged with the external ecosystem.
A further aspect that deserves investigation relates to the way in which risk disclosure is provided: there is a move from narrative disclosures to extensive use of visual tools that seem to be more attuned with delivering the message to all stakeholders, including those without accounting skills. Considering the call made by Quattrone (2009) for more attention to the media through which accounting information is released, it seems necessarywhile observing risk disclosure provided via integrated reports to identify the implications of the use of different media.
Our study intends to contribute to these strands of research exploring IR practices by analysing the extent to which risk disclosure appears in Italian integrated reports.
We set two research questions:

RQ1.
What is the level of risk disclosure provided through IR by Italian companies?
RQ2. What are the features of the risk representations found in Italian companies' integrated reports?
To answer these research questions, we analysed the integrated reports of 18 Italian companies for the 2015 financial year.

Research context, design and methods
To answer our research questions, we examined risk disclosure in the integrated reports of a group of Italian companies. It is essential to first outline the Italian legal system and ownership structure of Italian firms. The Italian judicial system falls under the Napoleonic code of law (Jaggi and Low, 2000) and sits within a tax-dominated cluster of continental European countries (Nobes, 2011). Small and medium-sized firms predominate. For the most MEDAR 28,6 part, these are family-owned firms (86%) with a smattering of medium and large-sized companies (Di Pietra et al., 2008;Melis et al., 2012), of which 280 companies are listed on the Italian Stock Exchange. With firm ownership concentrated in only a few families, the role of the stock market is limited visà-vis powerful banks in credit and financing (Alexander and Servalli, 2011;Jaggi et al., 2016). Listed Italian firms must produce financial statements according to the international accounting standards (IAS/IFRS), but none of these standards, beyond a 2010 IASB practice statement, require an accompanying management commentary (Haller and Van Staden, 2014;Enslin et al., 2015). The practice statement suggests the management commentary should include a description of the: Entity's principal risk exposures and changes in those risks, together with its plans and strategies for bearing or mitigating those risks, as well as disclosure of the effectiveness of its risk management strategies.
With a focus on operational, strategic, commercial and financial risk (IASB, 2010, p. 13). Additionally, Italian corporate disclosure is influenced by the Italian Civil Code and a national set of accounting standards designed for unlisted firms. Article 2428 of the Civil Code requires firms to provide a management commentary with a description of the principal risks and uncertainties to which the company is exposed, as well as any policies linked to financial instruments with particular regard for liquidity, credit and price risk exposure. Finally, pressures resulting from the UN's sustainable development goals are expected to cause an increase in risk disclosure relating to the "bigger" risks, such as environmental, social and sustainability issues (Truant et al., 2017).
To explore the research questions, we consider all Italian companies that published an integrated report in 2015. These firms were identified using the Thomson Reuters ASSET4 data set, which focusses on corporate social responsibility information. Companies were identified from the IIRC database and from referrals made by those engaged in IR. From this process, we found 18 companies, which is our study sample. The main features of the companies are shown in Table 2.
The reports were analysed using content analysis (Krippendorff, 2004), focussing on the meaning of the sentences (Smith and Taffler, 2000). Content analysis can push researchers beyond the written text to show the reliability of inferences in the messages (Weber, 1990). As Guthrie et al. (2006) states, content analysis of an annual report is a useful research technique to investigate whether companies are satisfying their stakeholders' expectations. Following previous studies that discuss how to communicate risk, we used sentences as a unit of analysis Amran et al., 2008;Rajab and Handley-Schachler, 2009;Oliveira et al., 2011;Saggar and Singh, 2017). Sentences: As a basis for coding sentences are far more reliable than any other unit of analysis [. . .] Individual words have no meaning to provide a sound basis for coding social and environmental disclosures without a sentence or sentences for context (Milne and Adler, 1999, p. 243).
Analysing the characteristics and categories of risk disclosure was performed manually. After performing an inter-rater consistency test, two people were charged with coding to ensure reliability (Milne and Adler, 1999). Linsley and Shrives's (2006, p. 389) coding tool was used, which operationalises the concept of risk representations to consider whether the reader is informed of any opportunity or prospect or of any hazard, danger, harm, threat or exposure, that has already impacted upon the company or may impact upon the enterprise in the future or of the management of any such opportunity, prospect, hazard, harm, threat or exposure.
The descriptions of risks were taken from Beretta and Bozzolan (2004),  and Oliveira et al. (2011). These include financial risks, which relate to financial transactions, company loans at risk of default and potential financial losses. Nonfinancial risks comprise operational risks, empowerment risks, information processing and technology risks, integrity risks and strategic risks. Operational risks cover changes in value caused by actual losses, as opposed to expected losses, resulting from inadequate or failed internal processes, people and systems or external events. This includes risks related to fraud, security, privacy protection, legal risks and physical risks. Operational risks also embed "bigger risks" related to environmental, social and sustainability issues. Empowerment risks are linked to giving employees a certain degree of autonomy or responsibility for decision-making. Information processing and technology risks can cause adverse impacts on the organisation's business processes or mission. Integrity risks relate to the design and delivery of corruption prevention programmes, due diligence transactions and agent screening, managing whistle-blowers and allegations of impropriety. Strategic risks arise from pursuing an unsuccessful business plan, making poor business decisions or poorly executing those decisions, inadequate resource allocation or a failure to respond to changes in the business environment.
Therefore, the risk is divided into six categories; one is financial, the other five are nonfinancial.
We also analysed the characteristics of risk disclosure following the approach used by Beretta and Bozzolan (2004),  and Oliveira et al. (2011). There are three characteristics of risk disclosure are as follows: (1) metrics (monetary or non-monetary); (2) outlook (past, present and future); and (3) tone (good, neutral or bad).
Each sentence containing a risk disclosure was coded according to the six categories and its three characteristics using the following procedure. Each disclosure was assigned a number from 1 to 6 to represent the category disclosed (1 financial; 2 operations; 3 empowerment; 4 information processing and technology; 5 integrity; 6 strategic). Then, a first letter was assigned according to the metrics of risk disclosed (a for monetary; b for non-monetary). A second letter was then assigned for the outlook orientation (c for the present; d for past; e for future). Finally, a third letter was attributed according to the tone of news disclosed (f for neutral; g for good; h for bad). Thus, in doing so, each disclosure sentence has been codified with a number and three letters (Table 3). Sentences with a generic or vague reference to risk were excluded. If a sentence included more than one risk category, the sentence was coded according to the dominant risk information (Steenkamp and Hooks, 2011). The content analysis was conducted in an interpretative, qualitative way (Solomon and Maroun, 2012) by analysing the specific meaning of selected sentences in relation to the context and purpose, which resulted in significant inferences from the disclosures. Table 3 clarifies the process followed in the risk disclosure sentences coding.

Results
This section explores the results of our content analysis. Table 4 shows the patterns found in the 2,731 risk disclosure sentences made by our group of companies. Each firm reported an average of 152 risk disclosure sentencesa higher result than found in similar studies on traditional annual reports (Lajili and Zéghal, 2005;Amran et al., 2008;Rajab and Handley-Schachler, 2009;Oliveira et al., 2011). According to prior research (Haller and Van Staden, 2014;Moolman et al., 2016;Saggar and Singh, 2017;Leopizzi et al., 2019), high levels of risk disclosure may be beneficial for helping investors to assess a company's risk profile, reduce uncertainty and improve resource allocation, all of which leads to a reduction in the firm's equity cost.
Therefore, our results provide evidence that the multidimensional approach of the IR has stimulated Italian companies to offer a high level of risk disclosure to the benefit of stakeholders at large (Atkins and Maroun, 2015;Maroun, 2017Maroun, , 2019. Our results are in contrast with Stubbs and Higgins (2014) who evidenced that IR has produced only limited innovations in disclosure mechanisms and Moolman et al. (2016), who contended that IR has not significantly amended the way in which the south African companies disclose risks and opportunities. Table 4 also shows that the least discussed risk was empowerment risk (less than 1%). the most disclosed type of risk was an operational risk (58.6%), a result consistent with previous studies Amran et al., 2008;Rajab and Handley-Schachler, 2009). However, 100% of the firms disclosed some form of operational risk. This result can be explained by the focus on disclosures of environmental, health and safety and customer satisfaction issues, showing an early movement towards the disclosure of "bigger" risks, even if this trend is only limited to a few entities. Of the firms in our group, 94% disclosed integrity risks. These results are likely because of the GRI G4 guidelines followed by several IR adopters, which encourage discussions on the management and prevention of risks associated with corruption, fraud and illegal acts (Flower, 2015;de Villiers and Sharma, 2017). Conversely, 88% of our group of firms disclosed financial risks. The attention to financial risks reflects a more traditional approach to risk disclosure and might be somewhat biased by the four financial firms analysed. Organisations in this sector are heavily focussed on risk related to financial instruments, monitoring and managing markets and liquidity and credit risk reporting due to Basel II/III and IFRS 7 requirements (Elamer et al., 2019). Consistent with previous studies, only a small portion of firms disclosed empowerment risks (22%) . This low level of disclosure may be the result of a certain reluctance to discuss risks related to outsourcing, change readiness, leadership and management and performance incentives. These issues are mainly of internal strategic importance and have less relevance for investors and external stakeholders, who are more interested in operational and financial risks Dumay and Hossain, 2019). Table 5 provides a more in-depth analysis of the operational risks disclosed concerning climate change, including matters related to health and safety, greenhouse gases, use of renewable energy, water and air pollution. Table 5 shows that 77.8% of firms disclosed information about the environmental impact of their activities. Most of the disclosures address gas, water, diesel and GPL consumption, along with narratives on policies to reduce consumption and greenhouse gas emissions. Other disclosures concerned risks relating to waste, hazardous substances and noise pollution. Only one firm did not include risk information related to climate change or environmental issues, while three firms only disclosed energy consumption information without any reference to pollution or emissions. These results are consistent with those observed by Kouloukoui et al. (2019), who highlight a significant and continuous increase in the number of Brazilian companies disclosing information on climate risks over the years, especially regarding greenhouse gas emissions. Viewed through a stakeholder theory lens, these results support attempts to increase the general level of organisational transparency, matching the information needs of a growing number of environmentally-conscious stakeholder groups (especially investors) particularly interested in "bigger" environmental risks information, including environmental and climate change issues (Depoers et al., 2016; Kouloukoui et al., 2019). These results signal that Italian firms are moving towards an "integrated business management and reporting approach" (McNally et al., 2017, p. 8) to ensure the sustainability of their business models and to provide high-quality reports based on a comprehensive disclosure of sustainability performance. Disclosing environmental risks is pivotal to evidence stakeholders and capital providers that the organisation is controlling its relevant risks, managing them through planned strategies (van Zijl et al., 2017). According to this perspective, it is worth noting that nine firms (50.0%) followed the greenhouse gas (GHG) protocol ISO 14064, which defines the principles and requirements for designing, developing, managing, monitoring, reporting and verifying of GHG inventories at the company level. A total of five companies (27.8%) participate in the carbon disclosure project, promoted by a UK-based organisation with the aim to disseminate information on climate-change gas emissions and develop appropriate strategies for their disclosure (Depoers et al., 2016). Table 6 presents the key findings of this overall analysis. Each company disclosed an average of five types of risk with a minimum of two and a maximum of six. While some firms devote a specific section of their integrated report to risk information in line with the <IRF>, other firms devote up to three sections and others devote none. Further, even when reports contain a dedicated risk information section, risk disclosure may be repeated or only disclosed in other sections of the document. Usually, these disclosures are closely associated with a specific capital, such as the environment, ethics or job security issues. Table 7 reports the results of the analysis on the characteristics of the risk disclosure, confirming results emerging from previous studies (Beretta and Bozzolan, 2004; Rajab and Handley-Schachler, 2009;Oliveira et al., 2011;Leopizzi et al., 2019). Many companies disclosed non-monetary risk information; however, only a few quantified that risk. Again, this result is consistent with previous studies by Beretta and Bozzolan (2004), , Rajab and Handley-Schachler (2009) and Oliveira et al. (2011) and, according to proprietary cost theory, underlines the inability or the reluctance of managers to provide quantitative or monetary risk assessments on the impacts of their activities which, being commercially sensitive information, can be strategically exploited by competitors causing serious damage in terms of competitive advantage (Leopizzi et al., 2019).
Notably, we found one exception to the findings of  study, who report that risk disclosure is frequently forward-looking. Our findings support Beretta and Bozzolan (2004) and Oliveira et al. (2011), who confirm the majority of disclosures are backward-looking. Forward-looking information is more relevant to stakeholders who wish to assess the future impact of the firm's risks as part of their decision-making process to invest (Beretta and Bozzolan, 2004;Abraham and Cox, 2007;Dobler, 2008;Rajab and Handley-Schachler, 2009;Enslin et al., 2015). Lower levels of forward-facing risk disclosure are also a signal that companies have only partially complied with the requirements set out in the <IRF>, which ask companies to provide information on future risks even in uncertain conditions (IIRC, 2013). Finally, as revealed in previous research analysing traditional annual reports Rajab and Handley-Schachler, 2009;Leopizzi et al., 2019), the majority of the risk disclosure sentences were neutral, followed by good news, then bad news. This finding is consistent with the proprietary cost theory perspective, in which organisations hide information that may have a negative impact in terms of reputation, image and future cash-flow reduction (Abraham and Shrives, 2014;Leopizzi et al., 2019). However, concealing negative news could be detrimental for companies as risk information provided may be perceived as biased, scarcely credible and thus not useful by stakeholders (Oliveira et al., 2011).
In exploring our research questions, many firms connected information about risks and opportunities to different capitals, which demonstrates "integrated thinking" (IIRC, 2013;Marx and Mohammadali-Haji, 2014;Moolman et al., 2016). In contrast with previous studies (Raemaekers et al., 2016), we detect evidence of the efforts made by Italian firms to connect risk information to other significant dimensions of value creation process such as strategies, business model and capitals, enhancing transparency and accountability (Atkins and Maroun, 2015;La Torre et al., 2019). However, the results also highlighted several weaknesses with IR, which deserve further attention. As noted in previous research (Solomon and Maroun, 2012;Marx and Mohammadali-Haji, 2014;Enslin et al., 2015;Moolman et al., 2016), companies still report limited quantifiable risk assessments, few use key performance indicators and most disclosures are backward-looking.

Visual risk representation in integrated report practices
We now turn to our second research question. To this end, this section presents visual and textual references illustrating approaches adopted in disclosing risk information. As mentioned, the guidelines in the <IRF> envisage a specific section devoted to "risk and opportunities". Only two companies (F and Q) did not include such a section. Then, although several firms did concentrate most of their risk disclosure in a risks and opportunities section (A, C, M, T, S), others chose also to disclose risk information in the capitals section (B, D, H, O) or the corporate sustainability section with a link to the six capitals (G, I, R) or without a link to the six capitals (E, F, L, N).
Company A is a leading operator in electricity production and transmission. It uses almost 4,000 people and owns more than 300 power stations and 8,000 power lines. Its 2015 annual report includes both an integrated report and traditional consolidated financial statements, along with a specific risk management section (13 pages). The risk management section describes all the types of risk the company faces. The discussion on operational risk focusses on the environment and workplace safety issues. Environmentally, sensitive firms provide comprehensive information on their risk exposures and related management practices linked to social and environmental issues to meet stakeholders' expectations (van Zijl et al., 2017). Integrity risk highlights fraud and illegal acts. Its financial, information processing and technology risks include information security and cyber risk. Company A pays less attention to strategic risks with no mention at all of the empowerment risks. The information is either neutral or good information. The bad news is avoided. The tendency to hide adverse details is common for firms operating in environmentally sensitive industries, as negative information can result in sanctions or a loss of reputation Rajab and Handley-Schachler, 2009;Dumay and Hossain, 2019). Additionally, the report includes a detailed risk map derived from the enterprise risk management system, along with a separate map devoted to fraud risks (Table 8) to clarify and visualise the risks for readers: The Risk Management division pursues the objective of continuous improvement of its action to assure stakeholders that the activities are carried out in accordance with the mandate and in an effective and efficient manner, creating added value and improving the company's operations. To Table 8. Company A's map of activities to protect themselves against the risk of fraud Activities carried out to protect against fraud risks Activity Description Enterprise risk management (ERM) -Fraud risk assessment Ideation and implementation of a specific fraud risk assessment, seeking to identify potential areas of fraud risk and assess existing controls to prevent such risks, as part of the extension of the Enterprise Risk Management (ERM) project, in the following Terna core processes: Grid development, design and construction, plant Maintenance, regulatory Affairs "Open and transparent site" portal Design and implementation of the "open and transparent site" portal, dedicated entirely to job sites, which contains complete information on agreements, contracts andfor the first timesubcontracts relating to works in progress for the construction of large and small electricity infrastructure in Italy "Subcontract Management" portal The "subcontract management" portal is a centralised electronic tool for the continuous management, analysis and monitoring of subcontracts, used to control the outsourcing process during the implementation phase of contracted works with existing suppliers and to improve process efficiency, guaranteeing its compliance and traceability, reducing exposure to fraud risk, illegal behaviour and criminal infiltration and mitigating 231 risk. Since 1 February 2015, contractors have been able to access the portal and request authorisation to subcontract directly to the system, indicatingin relation to a specific procurement contract and in line with the indications given during the tender phasewhich works they intend to subcontract, for what amount and to which firm, and attaching all the necessary documentation related to the subcontract In the same risk management section, Company A has developed a map of fraud risks (Table 8) in which it has identified the risks and the main activities carried out to protect the firm against this type of risk.
The section devoted to the six capitals only presents a limited amount of information, mostly quantitative data on infrastructure assets, staff and employee composition and funding sources, with no mention of risk. Companies C, P and S included similar capitals sections in their integrated reports, showing a stand-alone rather than an integrated thinking approach based on the connectivity of information.
Company C is a food and consumer goods distribution consortium with over 7,000 employees and has 10 companies. This enterprise produced two separate reports for the year 2015: an integrated report based on both the <IRF> and GRI G4 guidelines and a traditional financial statement. The integrated report included a risk section with a SWOT analysis, a description of their risk management system and a risk map divided into operational, compliance, market and financial risks. Some minor risk disclosure was also included in the capitals section. The section describing manufactured capital states: The increase in the quality controls carried out on the products on sale reinforces the importance of the implemented policy and allows to mitigate more punctually and efficiently the risks associated with [name of a product] safety [. . .] In case of detected non-compliance of the products, the [name of an office] withdraws them promptly from the market. (Company C, p. 65) Following a more integrated approach to risk disclosure, companies B, D, H and O provided specific and detailed capital sections where risk information was given more relevance.
Company B is a global player in the management of infrastructures for mobility with more than 15,000 employees worldwide and over 45 million passengers managed per year.
For the year 2015, it produced both the annual report and the integrated report. Company B is an example of a firm that follows an integrated approach to risk disclosure. Its integrated report includes a specific section devoted to "risk monitoring" where the identification, assessment and management of business risks relating to its strategic objectives and creating sustainable value is disclosed. Specific risk management information was also provided throughout the different capitals sections. For this reason, Company B's risk management section was much smaller and less detailed than Company A's. However, the capitals sections were more comprehensive. For instance, in the natural capital section, Company B considers the "bigger" risks, providing a picture of environmental impact issues that embrace several themes, including energy consumption and emissions, climate change, pollution, water, waste, etc. A specific subparagraph in this section discusses carbon emissions with a full illustration of its CO 2 and GHG emissions. This attention to environmental issues might be attributed to Company B's environmentally-sensitive industry where external stakeholders tend to exert more pressure on firms to be accountable for social and environmental issues (Dumay and Hossain, 2019). Company B seems to fully meet the cohesive and multidimensional approach advocated by the <IRF>, connecting strategies, risks and capitals to provide an integrated and comprehensive picture of risk exposures and management to stakeholders (Atkins and Maroun, 2015;Maroun, 2019).
The examples below illustrate the strategies, plans and activities management has established to face different risks related to environmental issues: Transport infrastructures (roads, airports and railways), and traffic represent the main sources of noise and sound pollution in urban areas. For this reason, the Group is committed to reducing noise pollution through the planning and design of new infrastructures, the development of new analytical methods, tools and innovative solutions to ensure ideal environmental conditions for citizens. (Company B, p. 103) The group's commitment to energy is reflected in the development of the significant synergies and actions implemented for the monitoring, management and reduction of CO 2 emission and, more generally, in its approach to fighting climate change: [Company's name] aims at preventing any type of risk as well as at managing emergencies with a view to guaranteeing the [main activity of the Company]. This requires the implementation of technical, managerial and organizational measures suitable for solving crisis situations and, meanwhile, taking the most appropriate actions regarding the [main activity of the Company], all through ongoing cooperation between internal and external functions. (Company B,p. 76) Company D is a European commercial bank operating in many countries with an international network that spans around 50 markets. The company published an annual sustainability report between 2000 and 2013. Since 2014, it has continued to report on sustainability through integrated reports based on both the <IRF> and GRI G4 guidelines. Company D also provides a specific and detailed section devoted to risk management disclosure, which largely consists of the "risk appetite framework", and risk information is included in the capitals sections. For example, the intellectual capital section describes its risk management strategy for information and communication technology and cybersecurity along with an infographic (Figure 1): Given the strategic importance of digitisation, it is essential for [Company's name] to strengthen the ability to manage ICT risks and ensure an adequate level of protection. For this reason, our ICT and Security departments merged in 2015 to create the first such combined unit in the European financial sector. (Company D,p. 68) Notably, the figure highlights the "four pillars of ICT security".
However, although Company D belongs to the financial services sector, the financial capital section solely focusses on financial and economic performance without any reference to risk. This is surprising as one would expect a financial firm to pay particular attention to this type of risk disclosure.
Conversely, Company H, which also operates in the financial sector, provides much more financial risk information. Company H is a bank that has been active in Italy for many years. Since 2012, it has produced an integrated report that includes a traditional financial statement. Curiously, its risk disclosure mainly appears in the financial statement and not in the financial capital section of the broader report. Financial risk information was the most disclosed type of risk, including quantitative and bad news. This increases the credibility and reliability of the information, improving the decision-making processes of stakeholders (Oliveira et al., 2011). The integrated report does contain a general section devoted to risk disclosure, which summarises all the types of risks faced by the bank, the measures adopted to mitigate them and stakeholder involvement in those activities. However, the traditional financial statement contains much more detailed risk disclosure in keeping with IFRS 7.
For instance: IFRS 7 Financial Instruments requires to provide additional information on the nature and extent of the financial risks to which the Bank is exposed. These are credit, market and liquidity risks. Credit risk [. . .] is the financial risk to which the Bank is most exposed and represents approximately [percentage]% of the entire capital absorbed. (Company H,p. 53) Risk information is also included as qualitative and quantitative insights within the explanatory notes. Company H's financial capital section not only contains illustrations of the company's economic and financial performance but also some of the other sections, particularly human and natural capital, do present some risk information, confirming the attempt to interconnect the information and provide stewardship for the capitals: In 2015, in addition to the regulatory activity carried out by the head of the prevention and protection service appointed and the updating of the risk assessment document and the program for the implementation of prevention and protection measures for all the Bank's branches, from the point of view of the job security, the Bank has realised a series of measures whose implementation contributes to improving the liveability of the workplace. (Company H,p. 203) Company O is a private banking group operating in different countries. It provides financial advisory services, develops banking products and services manages and distributes financial and insurance products and services. In 2015, Company O produced an integrated annual report including consolidated financial statements and a separate traditional financial report. The integrated report contains a specific section on three relevant risks, the measures adopted to mitigate those risks, their potential effects and stakeholder involvement in risk management activities. A further section focusses solely on financial and liquidity risk. Each capitals section provides a significant level of risk disclosure. Like the other companies, Company O's risk disclosure mostly concerns operational and integrity risk evidencing that also the banking sector specifically involved in the provision of financial services to consumers, is increasingly subject to societal pressures to improve the level of social and environmental risk related disclosure such as climate change, income inequality, gender policies and employee health and safety (van Zijl et al., 2017). In line with the findings of the entire sample, the disclosures tend not to be forward-looking and do not contain bad news. Although risk disclosure can support banks to improve their operational efficiencies, performance and smooth severe future financial crises (Elamer et al., 2019), the dissemination of sensitive forward-looking or bad news may negatively affect banks' reputation, discouraging current and potential investors (Abraham and Shrives, 2014 The approach followed by Companies G and I deserve attention because neither provided specific sections on capitals in their integrated report. However, both included a section on corporate sustainability, divided into internal and external stakeholder categories that contained the relevant capitals for each type of stakeholder. Company G is a public sector entity engaged in the management and maintenance of infrastructures. It has produced an integrated report, which includes a traditional financial statement, since 2012. Its 2015 report contains a section titled "risk factors, perspectives and other information" that mainly focusses on operational and integrity risks. Company G also pays great attention to the "bigger" risks with two sustainability section directed towards internal and external stakeholders, respectively. Within these sections, each capital is linked to one or more stakeholders' categories as shown in Figure 2. These sections provide a significant amount of risk disclosure, with a high degree of connectivity of information on key factors affecting organisation's ability to create value (i.e. capitals, stakeholder relationships, corporate strategies, risks and opportunities) to the benefit of stakeholders' decision-making process (Atkins and Maroun, 2015;La Torre et al., 2019).
For instance, the human resources section provides detailed descriptions covering staff composition, salary systems, recruitment plans and training initiatives, plus its strategies to manage job security issues and related risks: With regard to the construction sites, checks were carried out on the New Works. An auditing program has been drawn up with the verification, at the Compartments, of both the documentary requirements required by the current legislation and their application, verified through on-site inspections. 6 Construction Sites for New Works were selected and, for each construction site subject to verification, all the figures responsible for the respective part of the competence were interviewed. (Company G, p. 184). Similar to Companies A and B, Company G operates in an environmentally sensitive industry where stakeholders tend to demand more information on "bigger" risks. Being a public sector entity, Company G is more subject to external social and political pressures which motivate more transparency to demonstrate the commitment towards sustainable development (Andrade Peña and Jorge, 2019). As a result, the sections related to employees Infographic used by Company G to illustrate the connections between stakeholders and capitals MEDAR 28,6 and the environment contain the most detailed risk disclosure. Companies E, F and N each include a broad and dedicated section to sustainability but do not associate their disclosures with particular capitals. Rather, these companies divided their sustainability sections into different categories (e.g. social, environmental, economic section) and disclosed risks within each category.
Company F is a big player in the consumer tyre industry. Its integrated report, which includes a traditional financial statement, is largely based on the <IRF> but the social and environmental disclosures follow the GRI G4 guidelines. Company F addressed "bigger" risk management issues in two categoriesenvironmental and socialwith a high degree of detail and its related corporate strategies and processes to satisfy stakeholders' information needs about social and environmental impacts of its operations. A significant number of tables, diagrams and graphs were used to represent both qualitative and quantitative risks. The environmental category provides full disclosure of emissions impacts following the ISO 14064 and GHG protocols of the company. For example, the report states: With reference to the Carbon Footprint, the infographic (see the "Driver" range) also includes the breakdown of emissions in the three Scope categories from the GHG Protocol principles. The central part of the infographic shows the actual quantification in percentage terms, of the Carbon Footprint and Water Footprint. (Company F, p. 82) Figure 3 shows an example of an infographic developed by Company F to illustrate the different phases of the company's production process, the emission drivers, the impacts according to the carbon footprint parameters and the response strategies adopted.
Thus, in the case of Company F, explicit policies towards social and environmental issues management emerge from the integrated report. The choice to follow the GRI G4 guidelines, as well as the ISO 14064 and GHG protocol, signals a full commitment to these issues and a willingness to improve communication with stakeholders. Moreover, Company F's report includes a reasonable amount of bad news coupled with quantitative information, which confers greater reliability and credibility to the risk disclosure (Oliveira et al., 2011).
Overall, the integrated report for most companies includes at least one section specifically devoted to risk disclosure with few exceptions (2 firms out of 18). Some organisations concentrate their risk disclosure in these sections, while others follow a more integrated approach, disseminating risk information throughout the reports, especially in sections devoted to the six capitals. This in-depth analysis of IR practices reinforces previous claims that operational risks are the most disclosed. Social and environmental issues have gained relevance, requiring organisations to provide comprehensive disclosures, including risk exposure and management, to meet information needs of a wider range of stakeholders (van Zijl et al., 2017;Maroun, 2019). In contrast with previous studies (PwC, 2013;Stubbs and Higgins, 2014;Enslin et al., 2015;Raemaekers et al., 2016), the analysis provides evidence as to how IR is stimulating a new approach to risk disclosure where discourses on sustainability seem to be gaining attention, whereas, in traditional financial statements, economic and financial risks remain the prerogative. In many cases, in the sections related to social and environmental issues, the prevailing risk disclosure shows an increased emphasis on "bigger" risks as a result of a shared effort to improve the general level of transparency, satisfying stakeholders' information needs about social and environmental issues (Depoers et al., 2016;Kouloukoui et al., 2019).
Surprisingly, the sections devoted to financial capital do not seem to provide much risk information. None of the companies offered risk disclosure in this section. Instead, they favoured illustrations of financial performance and descriptions of their primary funding sources. In light of the different approaches adopted by firms in conveying risk information through IR, we conclude that risk disclosure has increased in comparison to findings from previous studies on traditional reports (Lajili and Zéghal, 2005;Amran et al., 2008;Rajab and Handley-Schachler, 2009;Oliveira et al., 2011). However, the reluctance to provide forward-looking and quantitative information and their potential effects of risk remains (Steyn, 2014;Moolman et al., 2016;Leopizzi et al., 2019). With the introduction of the IR, organisations appear to have increased the general level of risk Example infographic used by Company F to disclose environmental issues and impact management following the GHG Protocol MEDAR 28,6 disclosure but still remain trapped in the tension, depicted by proprietary cost theory, between improving transparency and accountability to stakeholders and revealing information that could compromise their market leadership or reputation (Steyn, 2014;Moolman et al., 2016;Leopizzi et al., 2019). This confirms the claim of van Zijl et al. (2017) that higher disclosure costs can be justified only by greater needs to reduce pressure and increase the confidence of stakeholders in social and environmental sensitive sectors.
According to Steyn (2014, pp. 494-495): it is clear that the balance between transparency of disclosure of forward-looking information and business confidentially remains a challenging aspect of compiling the Integrated Report disclosure of strategic objectives are considered a risk to competitive advantage.
A consequence of this behaviour could be the phenomenon of the "involuntary disclosure" defined as "what stakeholders and stakeseekers disclose about an organisation" (Dumay and Guthrie, 2017, p. 30). More specifically, in the absence of relevant information disclosed by companies, external stakeholders discover "uncover private information held by managers" (Dumay and Guthrie, 2017, p. 35) through other media such as newspapers, the internet and social media, thus causing significant impacts on a corporation's value and reputation. In keeping with Dumay and Hossain (2019, p. 7), organisations should adopt a proactive approach to improving the disclosure of risk information to avoid a proliferation of involuntary disclosures which, invariably, entail adverse consequences.

Conclusions
Uncertainty about corporate activities has motivated an increased demand for risk-related information to assess the future performance of organisations. Further, EU regulations governing non-financial disclosures, coupled with the UN's sustainable developments goals, create pressure for companies to provide more disclosure about the different type of risks they faced. These risks include the "bigger" risks, such as environmental and sustainability issues, that have an impact beyond a single organisation to communities and society.
In this paper, we aimed to understand the interplay between risk representation and IR from the perspective of stakeholder theory and proprietary cost theory. We explored the types of risks outlined in the <IRF> according to several characteristics with the potential to change the way risk is represented. Risk disclosure in traditional financial reports tends to be limited to non-monetary, backward-looking, qualitative information. We investigated Italian firms to assess the extent to which IR has led to a shift in risk representation.
Our findings support McNally et al. (2017), highlighting that risk identification, management and analysis are crucial aspects of IR. We found evidence that the multidimensional approach proposed by the <IRF> is stimulating Italian companies in providing a broader risk disclosure to the benefit of stakeholders at large (Atkins and Maroun, 2015;Maroun, 2017Maroun, , 2019, overcoming the limitations of traditional annual reports. However, risk representation included in integrated reports by early Italian adopters still lacks in presenting full compliance with the guidance contained in the <IRF>. In line with Enslin et al. (2015), the study shows that Italian companies tend to distribute risk-related information throughout their integrated report, rather than focussing on risk in a particular section. While a few reports have a dedicated risk disclosure section, the majority try to emphasise the connectivity of information, incorporating risk disclosure in sections devoted to capitals and corporate sustainability.
We also found that risk was often represented through visual disclosures, especially risks related to the capitals involved in value creation. The Italian firms are mainly adopting a visual representation of risk linked with the capitals involved in the value creation process, making the disclosure accessible and more readily understandable. The type of risk represented overcome the boundaries of traditional risk disclosure, embracing the "bigger" risk, i.e. including risks related to the environment and society.
These findings support the call for a more comprehensive approach to corporate reporting that is primarily designed to offer relevant information to any stakeholder. Contrasting previous studies (PwC, 2013;Stubbs and Higgins, 2014;Enslin et al., 2015;Raemaekers et al., 2016), results provide arguments for a positive influence exerted by the adoption of IR on risk disclosure practices of Italian companies, despite the reluctance to provide forward-looking, quantitative information and their potential effects of risk remains, representing a challenge which deserves further attention (Steyn, 2014;Enslin et al., 2015;Moolman et al., 2016;Leopizzi et al., 2019;Maroun, 2019). Our results are coherent to some extent with the scenario depicted by proprietary cost theory, where transparency and accountability issues counterbalance the need to prevent damages in terms of loss competitive advantage and reputation potentially arising from the disclosure of sensitive and too detailed information (Steyn, 2014;Moolman et al., 2016;van Zijl et al., 2017;Leopizzi et al., 2019).

Research implications and limitations
From a theoretical perspective, our results offer useful insight in light of both stakeholder and proprietary cost theory. The overall level of risk disclosure provided by our sample of Italian companies suggests that IR may represent part of the dialogue between organisations and stakeholders. In particular, our results reveal that companies disclose operational, financial and integrity risk, with a strong focus on climate-related risk, namely, environment, sustainability and health and safety issue. The majority of the firms specifically disclose information about the environmental impact of their activities and information on policies to reduce consumption and greenhouse gas emissions. Only one firm did not include risk information related to climate change or environmental issues. This suggests that Italian early IR adopters are exploiting the potential of this innovative tool to overcome the limitations of annual reports and address "bigger risks" to meet the expectations of stakeholders successfully. Awareness about the relevance of managing and reporting sustainability-related risks shown by Italian companies may be beneficial to improve the diffusion of IR, its internalisation and the perceived usefulness from stakeholders; this may enhance, in turn, the potential of IR to promote positive changes on business models, processes and outcomes (McNally et al., 2017).
On the other hand, the persistent tendency to provide mainly non-monetary, neutral and backward-looking risk disclosure curbs, to some extent, the positive reach of the results obtained. In particular, from a proprietary cost theory perspective, this attitude demonstrates that managers are reluctant to show commercially sensitive information or negative news. An inability to make quantitative or monetary risk assessments on the impacts of organisational activities also emerge in disclosure practices.
From a practical perspective, our results can support a better understanding of risk disclosure provided through IR. Standard setters can determine whether and to what extent current standards support risk disclosure and provide further guidelines. The study offers insights enriching the debate on the need to develop an adequate, specific assurance framework for IR. Risk disclosure, primarily when conveyed in a forward-looking perspective, might be inherently subjective, undermining the overall credibility and quality of IR (Maroun, 2017(Maroun, , 2019. This study echoes the call of Maroun (2017Maroun ( , 2019 to develop specific standards to conduct a formal, external assurance on IR to improve the quality and credibility of the report and enhance stakeholders' confidence. Our results can also induce MEDAR 28,6 legislators to consider the need to pay more attention to "bigger" risks. In light of EU Directive 2014/95, companies should be explicitly encouraged to adopt a framework that encompasses these values. For scholars, this study provides an opportunity to further analyse the trends in, and the role of, integrated thinking in business strategies that combine sustainability, governance and risk management.
However, several limitations must be considered. Firstly, this empirical analysis only spans one year of reporting. A longitudinal study would offer greater scope to understand the evolution of risk representation through IR. Secondly, the study only considers one country, Italy. A comparative analysis would provide additional insights for regulatorsespecially in Europe where non-financial reporting is required. Thus, future research might replicate our analysis with a comparative approach or investigate the possible determinants of, and challenges to, risk representation in future IR to see if they change over time. Future studies may also consider the possibility to conduct surveys and interviews to explore indepth the challenges arising from forward-looking and quantitative information about risk disclosure, detecting possible areas for improvement.