Sustainability and Risk Disclosure : An Exploratory Study on Sustainability Reports

Recent policy changes in sustainability reporting, such as the ones related to the new European Directive on non-financial disclosure (2014/95/EU), the standards issued by the American Sustainability Accounting Standard Board (SASB), the G4 guidelines issued by the Global Sustainability Standard Board (GSSB), and the framework of the International Integrated Reporting Council (IIRC) stress the importance of extending the disclosure of ethical, social, and environmental risks within financial and social-environmental reporting. Institutional pressure has notably increased among organizations, in setting up risk management tools to understand sustainability risks within managerial and reporting practices. Given such institutional pressure, the corporate reaction in providing additional sustainability risk disclosure calls for attention and scrutiny. Therefore, this study aims at addressing such issues from an exploratory perspective. We based our analysis on a sample of large Italian organizations that issued sustainability disclosure in accordance with the Global Reporting Initiative (GRI), G4 guidelines, and we tested the relationship between their level of risk disclosure and other relevant variables. Consistently with the literature, we found that “experienced” sustainable reporters provide a significant volume of disclosure, and that disclosure quality on risk is positively influenced by their international presence and reporting experience. However, when accounting for specific risk-related areas of disclosure, only a few of them seem to adopt a managerial perspective linking strategy, risk metrics, and disclosure.


Introduction
In the last three decades, different scholars have focused their efforts on arguing about the role of business in fulfilling realistic social and environmental issues.As such, the assumption under which corporations might recognize their social responsibilities towards their stakeholders and society requires new managerial and communication tools to address such responsibilities.Several studies have focused on the features and aims of sustainability disclosure within voluntary and mandatory reporting schemes, in order to give concreteness to the institutional role of corporate social responsibility (CSR).As a matter of fact, several sustainability guidance bodies and new standard setters are currently shaping the boundaries between voluntary and mandatory disclosure in such areas.For instance, the 2014/95/EU Directive is mandating that large EU companies include social and environmental information within their annual reports.In the US, since 2011, the Sustainability Accounting Standards Board (SASB) has provided mandatory industry guidelines for the disclosure of sustainability issues within mandatory Securities and Exchange Commission (SEC) companies' filings.In South Africa, the Johannesburg Stock Exchange required the adoption of integrated reporting since 2011.As recently reported by the Task Force on Climate-related Financial Disclosures [1], the disclosure and recognition of climate risks is useful for the identification of consistent opportunities.Of course, relevant scandals, such as the VW Diesel-gate in the automotive industry, Trashzilla wasting issues, or Rana Plaza's collapse, show that there are evident discrepancies between a corporation's communication and disclosure and its actual behaviour, actions, and sustainable performances.Moreover, scholars have argued that the failure of such managerial tools is due to the challenging features of today's environment for the organizations, practitioners, and consultants, addressing such features as "VUCA", which stands for "volatility, uncertainty, complexity, and ambiguity" [2,3].Within a VUCA scenario, business operations and transactions involve interconnected parts and variables, challenges are unexpected or unstable, and causal relationships are completely unclear, though changes are still possible.Consequently, information retrieval throughout different channels and networks is an essential part of the risk assessment process, and in case of mitigation, it is essential to appraise the "true cost" of such impacts [4].Despite this scenario, few scholars have focused their studies on the risk disclosure required by such a new large set of sustainability reporting guidelines and policies.To reduce the risk of corporate "window dressing" and "green washing", innovative research and predictive models are needed.The risk that corporations might produce reports that will be slight, unreal, or possess a "vague semblance of something-especially when the reporting guidelines are requiring very detailed information about risk disclosure-is indeed too high to face.For instance, according to a recent survey by KPMG (the KPMG name derives from predecessor company founders: Piet Klijnveld, William Barclay Peat, James Marwick, and Reinhard Goerdeler) [5] on the world's largest 250 corporations, the number of companies that clearly define and discuss trends, risks, and strategic responses (as opposed to simply referencing them) is growing.The survey highlights that companies that are aware of and discuss their risks are also the ones that try to deal with such risks.Financial capital's providers agree with the need for additional and better information on businesses' value creation and risks identification, as well as the related mitigation strategies.Furthermore, the importance of risks identification is already perceived as paramount by business leaders, politicians, and governments [6], that in the next ten years foresee a significant negative impact on several countries and industries, and global trends that could contribute to the amplification of such global risks.
These issues call for attention and scrutiny, and therefore, our paper aims at providing an exploratory study on social and environmental risk disclosure.Specifically, our research question can be summarized as: What are the main variables affecting risk disclosure within the corporate practice of sustainability reporting?Our evidence is based on a sample of sustainability reports prepared by large public and private organizations.
The remainder of the paper is structured as follows: first it discusses the state of the art of sustainability accounting and reporting tools as well as of risk assessment and disclosure, providing literature insights related to social, environmental, and ethical risks; furthermore, it presents the research design, followed by an exploratory study of sustainability risk disclosure based on the entire sample of Italian public and private organizations applying the G4 sustainability reporting guidelines issued by the GSSB in 2014 reports.The research methodology relies first on presenting a relational semantic map of the sustainability risks reported in the disclosure collected, which is then used to carry out the development and testing of a structural equation model with partial least squares (PLS-SEM).Finally, the paper presents the discussion of the results and argumentation about the importance of sustainability-related risks disclosures.

Sustainability Accounting and Reporting
Within the last two decades, an increasing number of corporations and businesses have started focusing on social and environmental issues, and more generally on sustainability, both in private and public sectors [7][8][9][10].While the definition of sustainable development is clear [11], corporations might apply several definitions of sustainability, mainly identifying some common denominators in economic, social, and environmental issues [12].Over the last years, the focus on sustainability issues has also become a relevant feature within the accounting discipline, namely by dividing them into sustainability oriented managerial accounting tools and sustainability accounting and reporting at large.
Bebbington and Thomson [13] discussed the role of social and environmental accounting and reporting (SEAR) studies by citing works of Beck [14,15].Authors stressed the correlation demonstrated by Beck [14,15] between scientific and industrial development and social and ecological risks and hazards, with the need to introduce a risk culture of social environmental accounting (SEA) because of the ability of accountants to fully capture their dimension in time and space, measurement, evaluation, and calculation.Such risks are the consequence of the organizations' operation in a risky world and society, where promises of risk management are expressed in terms of maximizing predictability, which frequently underestimates the occurrence of unexpected events in terms of both the frequency and the severity of hazards [14,15].The discourses and practices of SEAR are an attempt to respond to these perceived weaknesses towards risk identification and disclosure, by making visible impacts that are currently ignored or hidden by mainstream accounting [13].
More recently, Bebbington and Larrinaga [16] reinforced the role of accounting studies within sustainability science, stressing the importance of such disciplines in fully understanding actions to prevent SEA's risks brought by corporations.To identify, predict, and mitigate such risks, organizations should adopt different tools and derive robust information related to the sustainability of the business itself and to the impacts of the business towards society and the environment.Gond et al. [17] confirmed that information-based management accounting strategies can reduce strategic uncertainties and reveal strategic risks under a sustainability perspective.
Bouten and Hoozée [18] investigated how environment-related management accounting practices and environmental reporting may interact in the process of responding to disturbances of the natural environment.They demonstrated the potential of environmental management accounting in fostering and stifling the organizational path towards sustainability.In this sense, it is possible to make a distinction between internal and external accounting tools about their main recipients.The first group includes strategic planning and managerial systems that-starting from the strategic guidelines-identify the goals and the roadmap to follow at various organizational levels.The second group refers to external non-financial communication and reporting tools.Regarding the first group, welcoming the suggestions of several authors, such planning and control systems have begun to account for sustainability goals and related risk indicators [19][20][21][22].For instance, Gond et al. [17] discussed a theorisation of management control systems in addressing sustainability issues, creating the so-called model of a sustainability control system.Henri and Journeault [23] presented the notion of "eco-control" as the application of financial and strategic control methods to environmental management.Bonacchi and Rinaldi [24] presented a discussion over the role of planning a sustainable strategy.Roth [25] discussed the introduction of specific environmental budgeting techniques, while Herzig et al. [26] presented cases on environmental/material cost accounting systems and environmental investment appraisal.Accordingly, Burritt et al. [27] have argued consistently about the role of environmental management accounting as a decision-making and measurement system.Despite tools such as the balanced scorecard, internal performance measurement, reporting, and management control mechanisms integrating financial and non-financial strategic measures [28], few studies have focused their application on sustainability management [21,29].Figge et al. [20] argued that the balanced scorecard can help to account for all relevant aspects of sustainability issues in a balanced way.An evolution of this tool is the so-called sustainability balanced scorecard (SBC), with a focus on sustainability-oriented competitive strategy [30].The SBC provides a broader scope by showing the causal links among the economic, social, and ecological key factors and related business performances.The SBC may not only help detect important strategic environmental and social objectives of the business, but may also enhance the transparency of value-added potentials emerging from social and environmental aspects, as well as preparing the strategy's implementation process [31].Accordingly, Epstein and Wisner [32] suggest a list of social and environmental indicators to include within the four classical perspectives of the SBC.For instance, Figge and Hahn [33] propose the inclusion of an additional perspective (i.e., the non-market perspective), especially for businesses significantly influenced by social and environmental issues.
Turning now to external reporting, several social and environmental reporting frameworks were developed in the last part of the twentieth century.Organizations can choose to disclose selected information about their social and environmental impacts as well as their policies in separate stand-alone reports or as part of their annual reports by managing interactions between the organization and the external environment [34,35].There are many reasons for adopting sustainability-oriented reporting, ranging from external pressures from local communities, media, and consumers, or coming from the responsiveness of management.Another motivation could be the search for greater workplace legitimacy [36,37].Motivations vary depending on the nature of each organization [38,39].The Global Reporting Initiative (GRI) appears to be one of the most widely implemented set of guidelines for corporate sustainability reporting around the world [40][41][42], receiving support by the most renewed consulting firms worldwide.Recently, several studies focused on sustainability disclosure, applying specific guidelines such as those issued by the GRI [43][44][45][46][47].However, some authors are arguing that these guidelines are insufficient conditions for letting organizations contribute to sustaining the Earth's ecosystem [43,48].
Several reporting organizations and regulatory bodies responded to the challenge of providing a more holistic picture within sustainability reporting by letting materials, social aspects, environmental aspects, economic actions, and impacts interact, therefore leading to the adoption of the integrated report.According to the International Integrated Reporting Council (IIRC) guidelines, an integrated report is-in most countries-a voluntary tool that requires the preparation of a public report under a holistic perspective of the business, the management activities, the risks, and their impacts, taking into account social, environmental and financial disclosure in a context of value creation over the short, medium, and long term.Accordingly, many authors stressed the relevance of including the themes of sustainability within strategy and related critical success factors in order to create an organizational sustainability-oriented culture [22,49,50].When properly arranged, sustainability reporting can bring together business strategy, internal strategic planning, and management control systems.Consequently, the entire organization can benefit from such a learning tool, implementing a sustainability-oriented strategy that is ready to be externally communicated [51].

Sustainability Risk Assessment and Disclosure
Recent business scandals and environmental disasters emphasize dislocations with the current model of capitalism and the need to understand the inherent social nature of markets, as well as the need for a better way to forecast and mitigate risks and relate social and environmental performance to traditional financial performance [52,53].The Task Force on Climate-related Financial disclosure [1] divided climate-related risks into two major categories: risks related to the transition to a lower-carbon economy and risks related to the physical impacts of climate change.The former may include extensive policy, legal, technology, and market changes to address mitigation and adaptation requirements related to climate change.The latter results in event-driven (acute) or longer-term shifts (chronic) in climate patterns.Both categories may also have direct and indirect financial and social impacts.Changes in water availability, sourcing, and quality; food security; and extreme temperature changes may involve organizations' premises, operations, supply chain, transport needs, and employee safety.
Environmental risk is the area which received most attention from scholars, as also confirmed by the literature [54][55][56][57].In the survey conducted by KPMG, carbon-related risks are the most reported sustainability issues [5].Furthermore, Dobler et al. [58] were among the first to investigate the relationship between environmental performance, environmental risk, and risk management.They found a negative relationship between environmental performance and environmental risk.In addition, social risk and its effect on firm reputation has also been investigated by several studies [59,60].
The adoption of managerial tools to prevent risk occurrence may be translated in different communication practices.Although ethical codes and codes of conduct operate at a normative level in risk prevention areas and reflect the precise policy of an organisation, these codes should theoretically list possible hazardous events in dealing with business partners [61], even though they have not been designed for communication and accounting purposes.The participation in voluntary global movements for defending human rights and environmental protection such as the UN Global Compact has demonstrated the validity of coordinating the efforts towards the governance of sustainable development orientation of organizations, civil society, government, and all other stakeholders [62].Additionally, the formal commitment of an organisation requires it to sign and communicate the progress made towards the achievement of the UN Global Compact's Ten Principles, but this formal commitment does not directly imply a risk analysis [63].Conversely, the normative introduction of juridical tools such as the 231/2001 legislative decree in the Italian normative system provide to all companies a detailed list of possible business-related risk identification practices that also comprise social and environmental impacts (e.g., corruption, pedo-pornography risks, environmental damage, etc.).This normative approach related to business, financial, ethical, social, and environmental risks requires companies to adopt proper risk management practices and enterprise risk management (ERM) governance models to analyse the business core processes, also including the downstream supply chain [64,65].Usually, the links between sustainability and risk management have been addressed using a precautionary principle approach [66].For instance, increasing attention is devoted to sustainability risks along the supply chain and the linked social and environmental risks-especially in politically, socially, and environmentally high-risk unstable countries [67][68][69].Social and environmental management systems (EMAS, ISO14001, SA8000) and integrated guidelines such as the ISO26000 are mostly oriented to mitigate risks related to operations [70][71][72].The accounting duties related to the adoption of such integrated management systems may vary from the downsized sites-level as in the case of EMAS and ISO14001 certifications, to supply chain assessment, as in the case of SA8000 and ISO26000 [73,74].Although the adoption of such integrated systems imply communication efforts, the publication of a sustainability report covering all the triple bottom line indicators is not mandatory, nor are third-party assurances [75].On the other hand, LCA (life cycle assessment) and Social-LCA evaluate environmental, social, and socioeconomic aspects of products and services in regard of their potential positive and negative impacts along their life cycle, including an evaluation of the risk related to business operations [76].
Among the existing reporting framework, guidelines, and schemes, the new G4 issued by the GRI requires companies to provide a detailed narrative of the risks identification, impact, and opportunities over a wide range of social, ethical, and environmental topics.Moreover, it requires the management approach used to tackle such risks in up-stream and down-stream business perspectives to be disclosed.On the other hand, the Carbon Disclosure Project (CDP) is mainly focused on the precise identification of risks over forest, water, and climate change issues.Furthermore, IIRC guidelines focus on risk disclosure related to describing the process of corporate value creation without giving a minimum set of contents.Consequently, companies adhering to IIRC can decide which kind of information to disclose and how to deepen the narrative.UN Global Compact self-assessment requires an Excel file providing risk-related questions over a broad range of topics issued by the framework itself.Total Impact Measurement and Management (TIMM) presents macro-categories of risks that could be suddenly deepened by companies.Full cost accounting (FCA), environmental profit and loss, social capital protocol, natural capital protocol (assessment), and common good balance sheet partially include a dissertation over risk management, most of the time without giving an a priori set of identifiable risks, or in that case, they focus on the economic manifestation of Social and Environmental (SE) risks provision or contingent cost accounting.An outline of the most relevant non-financial reporting tools and their social environmental risk areas is presented in Table 1.Therefore, although sustainability disclosure has been broadly studied and investigated, there is little evidence focused on how risk management practices are depicted in sustainability disclosure.Therefore, the motivation for our study lies in finding preliminary answers to these questions: Are there explicit or implicit references to corporate strategy, tools, or procedures within risk disclosure?To what extent does the information provided illustrate the attention of the company towards risks and impacts?

Sample Selection
A sample of sustainability reports has been examined and analysed.The sample is selected from multinational and large public and private organisations located in Italy that in 2015 have published a sustainability report according to the GRI G4 guidelines.To give robustness to the sample, the accesses to the GRI database occurred twice: first in November 2015 and a second time on 21 January 2016.To ensure the consistency and comparability of data, banks and insurance companies have been excluded from the sample, given that financial services organisations are subjected to specific financial and market risks, thus resulting in a hindrance of comparability with other industries.In addition, the GRI disclosure database also included the case of four corporate consortia that have been deleted from the sample, as they represent a peculiar legal configuration more similar to mission-driven association than to market-driven corporations.No small-to-medium-sized enterprises (SME) have published sustainability reports according to GRI G4 guidelines, as also demonstrated by a survey conducted in 2016 by the GRI itself (For further information on the GRI G4 applicability for SMEs, please check the following website: https://www.globalreporting.org/information/news-and-press-center/Pages/Small-Business,-Big-Impact-Making-the-case-for-SME-Sustainability-Reporting.aspx).
Therefore, for the reporting year 2015, our sample includes all Italian organizations that published a sustainability report according to GRI G4 guidelines and uploaded it to the GRI official database.As such, our evidence may give the reader a snapshot of the state-of-the-art of such sustainability risk signals in non-financial reporting documents.Although limited in number, this sample is peculiar, as it is composed of companies aware of sustainability reporting practices and the duties linked to the implementation of such processes.In fact, one third (among the existing environmental, social, and governance (ESG) rating agencies, we considered the following sustainability indexes: FTSE4GOOD, Standard and Poor's ESG, Dow Jones Sustainability Index, ECPI Ethical Index) of the sample selected is listed in socially responsible indexes as a driver of the propensity to disclose non-financial information related to risks as required by such investing methodologies.The focus on the Italian context is explained by two main reasons: Firstly, we wanted to be aware of the influence that a national law such as the Italian Legislative Decree n. 231/2001 may have on the semantic approach of the risk-related disclosure.In this sense, such a contextual factor may influence the awareness of companies towards the categorization of risks between social and environmental concerns.Secondly, as 2014 was the year the GRI G4 guidelines were introduced, there might be the possibility of language bias in the interpretation of such innovative guidelines (i.e., polysemy bias).The focus on Italian-translation reports helped us to revise the meaning of sentences related to risk.In this regard, our study can be considered exploratory in nature.Furthermore, we have decided to focus on the GRI G4 guidelines, as they are the result of a substantial effort by the GRI to provide a comprehensive framework, proving to be relevant and significant for risk management strategies and related disclosure-not only in the environmental, social, and sustainability areas.GRI G4 introduces the materiality concept, requiring organizations to report only what matters and where it matters.Moreover, GRI G4 requires an organization to determine its boundary during the materiality assessment.Therefore, lack of risk impact is the only thing that can exclude an entity from an organization's boundary within GRI G4.Scope is a question about impact, risk, and opportunity, and an organization's boundary might be different for each material topic because the entities the organizations will affect are may be different for every reporting topic.
Our final sample is composed of 30 organizations.Table 2 provides a breakdown of the sample composition by industry and type of disclosure.

Data Analysis
The semantic identification of social and environmental risks has been conducted by analysing the collected reports with the aim of understanding the narrative methodology associated with risk disclosure.The use of a relational semantic map is justified by the need to represent new knowledge in terms of sustainability risks disclosure, identification, and rationalization [77,78].The relational semantic map is effective in representing knowledge as idealization of data.While writing is considered as the most prevalent knowledge representation system, many others exist, such as pictures, graphs, diagrams, maps, and flowcharts.The analysis carried out is integrative in the sense of having considered multiple sources of knowledge in the reports analysed.The entire sample behaves accordingly with the identification of three distinct categories of risks: external risk, strategic risk, and operational risk.External risks refer to those risks whose manifestation is outside the sphere of influence of the company (pure risks).This category involves risks related to macroeconomic tendencies, changes in demand, competitor actions, technological innovation, new laws, and country-specific risks.Strategic risks are linked to a specific business sector and usually include market risk, product and process innovation risks, human resources risk, price risk, industrial risk and financial risk.About these kinds of risks, it is relevant to properly manage them within planning systems to allow the achievement of short-, medium-, and long-term goals.The third category, operational risks, refers to the organizational and corporate processes.This type of risk includes information technology, business interruption, legal and compliance, supply chain, and security risks.Transverse to these risks, there are social, environmental, and business ethics responsibility risks, as well as reputational risks.Social and environmental risks have been described for their transversal impacts over the other three above-mentioned categories, while reputational risks have been recognized as risk deriving from unethical behaviour, and they have been clustered under ethical risks (per the evidence collected).As our sample is composed of Italian corporations, the risk-related disclosure of the three above-mentioned categories is influenced by Legislative Decree n. 231/2001, inspired by the Committee of Sponsoring Organizations of the Tread way Commission (COSO) report to disclose the enterprise risk management model and related tools [79,80].As such, our exploratory analysis is focused on those social and environmental risks explicitly stated in corporate reports; the Italian decree even lists a whole range of possible risks, including social and environmental adverse events that might influence the identification of such risks.To give robustness and rigor to the discussion of such data, the study considers the relevant contribution given by integrated management systems such as EMAS and/or ISO 14000, and SA8000 in risk disclosure.While companies must disclose an environmental declaration or a social statement in order to comply with EMAS and SA8000 standards, those sites certified under ISO14000 have no accountability duties to fulfil.The sample under investigation is composed as follows: 11 out of 30 companies with at least one ISO14001 site certified; 5 out of 30 have at least one site registered by EMAS; and 2 out of 30 have a SA8000 certification.
Figure 1 presents a rationalisation of the social and environmental risks collected throughout the semantic analysis of the sample.The mental map highlights the risks disclosed in all the reports analysed.Figure 1 has no all-embracing purpose, conversely, it functions as a visual interpretation from general meaning to grounded disclosure.
According to the content of GRI G4-2, G4-14, and G4-EC2, we have prepared a checklist of relevant risk disclosure items.Consistent with the previous literature in the field [81] such items have been scored and weighted by the authors, with the aim of achieving a total maximum final score of 10.Table 3 presents the composition details of the sustainability disclosure score (SRD) according to the investigated items and their assigned weights.
The different paragraphs and sentences of the reports have been investigated to find the items composing the score.The result of the scoring is then used as a proxy for the level of risk disclosure (SRD score).
Furthermore, in the preliminary stage of the study, we applied descriptive statistics to address the relevant features of our sample.Further on, we applied multivariate analysis to understand which items and related variables were significant.Due to the limitations of some data analysis techniques (e.g., multiple regressions) [82], we adopted a structural equation modelling approach (SEM).SEM is a statistical technique that focuses on the analysis of variance; it is designed to simplify the relationships among the variables to define and find significant predictors and influences on some latent variables of study.SEM statistical models represent causal relationships as paths.A path is a hypothesized correlation between variables representing the causal and consequent constructs of a theoretical proposition [83].
Specifically, there are two common types of structural equation modelling approaches; namely, covariance-based SEM (CB-SEM) and partial least squares-based SEM (PLS-SEM).However, we decided to apply PLS-SEM because compared to the CB-SEM model, which requires a set of assumptions to be fulfilled, it is more suitable for our data.For instance, PLS-SEM methodology can be used when there are no assumptions about data distribution, applications have little available theory, sample sizes are small, and predictive accuracy is paramount [4,[84][85][86].Moreover, the PLS approach to prediction occurs iteratively-each step minimizes the residual variance of the theoretical and observed dependent variables to obtain parameter estimates.Once PLS has obtained the parameter estimates, it calculates the significance of each path in the model using a t-test.However, unlike the use of other statistical techniques (i.e., means' tests, ANOVA, OLS regressions, etc.), PLS does not need to assume that the dependent variables conform to any particular distributions [83].Accordingly, we used SmartPLS 3.0 software [87] to estimate the path model by means of empirical data.To validate the properties of a construct, both measurement and structural models have been analysed simultaneously.

Investigated Items
Weights Maximum Score (i) A description of the most important risks and opportunities for the organization arising from sustainability trends; (ii) Prioritization of key sustainability topics as risks and opportunities according to their relevance for long-term organizational strategy, competitive position, qualitative, and (if possible) quantitative financial value drivers; (iii) Table(s) summarizing: targets, performance against targets, and lessons learned for the current reporting period; targets for the next reporting period and medium-term objectives and goals (i.e., 3-5 years) related to key risks and opportunities; (iv) Concise description of governance mechanisms in place to manage these risks and opportunities, and identification of other related risks and opportunities.
Each individual item (i-iv) weighted 1. 4 Report (i) whether and (ii) how the precautionary approach or principle is addressed by the organization.
Each individual item (i,ii) weighted 0.5. 1 Report risks and opportunities posed by climate change that have the potential to generate substantive changes in operations, revenue, or expenditure, including: (i) A description of the risk or opportunity and its classification as either physical, regulatory, or other; (ii) A description of the impact associated with the risk or opportunity; (iii) The financial implications of the risk or opportunity before action is taken, (iv) The methods used to manage the risk or opportunity; (v) The costs of actions taken to manage the risk or opportunity.

Maximum Score 10
Figure 1.A rationalization of the social, environmental, and ethical risks disclosed in the sample.Figure 1.A rationalization of the social, environmental, and ethical risks disclosed in the sample.

Findings and Discussion
To answer to the research question what are the main variables affecting sustainability risk disclosure?We firstly investigated the corporate reports used to disclose sustainability information.
The first preliminary outcome of this study is the acknowledgement that the organizations included in our sample-consistently selected from the GRI database even if just based in Italy-are disclosing sustainability information by different means of corporate reports.The majority provide such information by issuing a sustainability report; however, a slight minority-specifically those who achieved several years of experience in sustainability reporting-is now including such information in their annual report.Another slight minority provides sustainability disclosure within an integrated report according to the IIRC guidelines.
A great majority of the organisations in our sample belongs to the Energy/Utilities sector-an industry that has often been challenged by its environmental and sustainability outcomes.Another interesting finding is that all the selected organisations are private corporations except for the University of Torino, a public university, which is the first in Italy to have issued a sustainability report according to GRI4.
The average organisation produces a report which is 150 pages long and is written in English; however, there were some organisations (i.e., 7 out of 30, accounting for the ones linked via the GRI sustainability database) whose reports are just 18 pages long or only published in Italian.
Most of the sample (66%) stated a "Core" accordance with the GRI G4 guidelines, while a minority states a "comprehensive" accordance, and one did not state anything about its level of adherence.Only nine organisations used the service provided by GRI in the preparation of their report, and mainly in the areas of materiality disclosure and content indexing.
The presence of an external assurance provider is outlined by most the sample, with a preference for the service of the Big 4 accounting firms.However, for the majority of such organisations, the external assurance level has been only limited/moderate.Table 4 provides information about the nature of the external assurance provider involved.A minor number of organisations (only three of them) requested the opinion of a group of stakeholders, expert in the preparation of their disclosure.
In addition to GRI G4, most reports stated the compliance of their organizations to UN Global Compact, whose principles include a strong business orientation to prevent possible harmful direct and indirect behaviour towards several violations of human rights, labour rights, environmental protection, and unethical behaviour.Interestingly, none of the organizations in our sample adopted the sustainability framework developed by the International Finance Corporation (IFC), an entity which is part of the World Bank Group.A large number of organisations were compliant with CDP's reporting framework as well as the ISO 26000 guidance on social responsibility (of course, several companies have adopted social and environmental management systems such SA8000, ISO14001, and EMAS, with related risk disclosures).
Figure 2 provides a chart outlining the guidelines/frameworks adopted by the organisations in our sample, as well as the presence of the opinion of a stakeholder or expert panel.
which is part of the World Bank Group.A large number of organisations were compliant with CDP's reporting framework as well as the ISO 26000 guidance on social responsibility (of course, several companies have adopted social and environmental management systems such SA8000, ISO14001, and EMAS, with related risk disclosures).
Figure 2 provides a chart outlining the guidelines/frameworks adopted by the organisations in our sample, as well as the presence of the opinion of a stakeholder or expert panel.The content analysis of the reports allowed the computation of a sustainability risk disclosure score according to the content items presented in the previous section.We analysed the Shapiro-Wilk test for normality, and the SRD score was negatively skewed, and therefore not normally distributed.
The descriptive statistics of the SRD score, together with the other variables included in the multivariate analysis, are provided in Table 5.Specifically, we developed a PLS-SEM model according to the relevant features arising from the study.The model tests the effect of the presence of external assurance, international presence, and sustainability experience on the level of risk sustainability disclosure (measured by the SRD score) The content analysis of the reports allowed the computation of a sustainability risk disclosure score according to the content items presented in the previous section.We analysed the Shapiro-Wilk test for normality, and the SRD score was negatively skewed, and therefore not normally distributed.
The descriptive statistics of the SRD score, together with the other variables included in the multivariate analysis, are provided in Table 5.Specifically, we developed a PLS-SEM model according to the relevant features arising from the study.The model tests the effect of the presence of external assurance, international presence, and sustainability experience on the level of risk sustainability disclosure (measured by the SRD score) by moderating/controlling the effect of the industry and financial performance (in terms of return on assets, ROA).In detail, we tested if a latent concept like International Presence could be explained by indicators such as the number of countries where the organisation is located, and by the percent of overseas revenue compared to the Italian one; or the concept of Sustainability Experience, measured by the total periods of sustainability reporting and the number or pages of the last report.We tested for the collinearity of such indicators using SPSS software, and we found that the variance inflation factors (VIF) values were lower than 5 and their tolerance values were higher than 0.2 [88].
Therefore, the analysis of such latent concepts' different variables had high loadings on their respective construct, confirming convergent validity.Moreover, all items had low cross-loadings, which verified discriminant validity, ensuring that a construct has the strongest relationships with its own indicators (e.g., in comparison with than any other construct).Moreover, in order to test for the reliability of the model, it is possible to compute the composite reliability index (CR) rather than Cronbach alpha because the latter is criticized for its lower bound value, which underestimates the true reliability [89].In our case, all CR indexes exceeded 0.8 that means that all constructs have internal consistency [90].Furthermore, we computed the average variances extracted (AVE) as the sum of each squared factor loading divided by the number of indicators, in order to test for the convergent validity of the model.AVE's results were all higher than the recommended value of 0.5 [91], confirming convergent validity.These PLS-SEM results are presented in Table 6, providing the different indicator loadings, reliability, and latent variables' composite reliability and AVE scores, while the resulting model and its paths are provided in Figure 2. Therefore, the model presented in Figure 3 highlights that the latent exogenous constructs significantly explain more than 25% of the variance of the SRD score (adjusted R2 0.254).Specifically, the presence of external assurance does not have a significant effect on the SRD score, while both International Presence (coefficient of +0.17, p <0.05) and relevant Sustainability Experience (coefficient of +0.29, p <0.01) have significant positive influence on the SRD Score.In other words, the greater the number of sustainability reports published during the last twenty years and the larger the international presence of the organisation, the greater the likelihood of a higher level of sustainability risk disclosure.

Conclusions
Our study reveals the intricate relationships between sustainability reporting and ethical-socialenvironmental risk disclosure.The impossibility of tackling and planning strategies towards social and environmental risks is a consequence of companies' operations during VUCA times, or under Beck's definition of today's world risk society.However, the companies and organizations can improve their awareness of social and environmental issues (e.g., by applying and adhering to global sustainability movements, adopting codes of ethics and conduct, social and environmental management systems, or a sustainability control system).Of course, these tools do not guarantee a complete insurance towards pure Finally, controlling for industry effects and the financial performance of the organisation (average of the latest two ROA) did not provide any significant influence on the PLS model.The latent variables defined in the PLS-SEM model were discriminant valid.This test has been carried out by checking if the square root of the variables' AVE is larger than the correlation scores between the other latent variables [92].Accordingly, Table 7 provides the results of this test.Given these results, we were able to answer our research question and define which are the main variables that affect risk disclosure in sustainability reporting-namely the international presence of the organization and its experience in the practice of sustainability reporting.The presence of external assurance, the industry, or the financial performance did not play a relevant role in the level of risk disclosure.

Conclusions
Our study reveals the intricate relationships between sustainability reporting and ethical-social-environmental risk disclosure.The impossibility of tackling and planning strategies towards social and environmental risks is a consequence of companies' operations during VUCA times, or under Beck's definition of today's world risk society.However, the companies and organizations can improve their awareness of social and environmental issues (e.g., by applying and adhering to global sustainability movements, adopting codes of ethics and conduct, social and environmental management systems, or a sustainability control system).Of course, these tools do not guarantee a complete insurance towards pure risks and adverse events, otherwise they represent a competitive advantage to set up strategies to prevent or limit the negative impacts towards societies and the environment.The adoption of management systems does not imply the disclosure of strategic information or managerial strategies.Therefore, the paper deepens the knowledge of corporate disclosure behaviour over specific social and environmental risks.As such, our study does not include the disclosure of business risks, market risks, financial risks, business continuity risks, etc. Importantly, we addressed the main sustainability reporting features and related risk disclosure practices of a sample of 30 Italian organizations that-although limited-represent Italian organization in general.Furthermore, which variables influenced their sustainability risk disclosure was tested by computing a score based on the content analysis of their latest sustainability report.Findings show that international presence and sustainability experience are important factors contributing to the quality of risk disclosure in sustainability reporting; on the contrary, the presence of external assurance did not seem to affect risk disclosure quality.The international presence is one of the most important factors, in line with the relevant literature over sustainability risk management along supply chains-especially in developing countries.The sustainability experience is explained as the organizational learning dimension, involved in accounting the relations between the organization and the external environment.
Given its exploratory nature, our study is not free from limitations: above all, we need to increase the size of the sample and control for cross-country behaviours by including, for instance, other European organizations.Because our sample is composed of Italian companies adopting international reporting standard guidelines, it is slightly influenced by a normative approach towards risk management regulated by the legislative Decree n. 231/2001 that in Italy requires large companies to adopt environmental management systems that cover a wide range of ethical and SE issues.The collection of further evidence should relate to the disclosure of risk management tools, the typology of ethical, social, and environmental risks that have been illustrated in the reports and the typologies of social and environmental impact forecasts.

Figure 3 .
Figure 3. Model paths and coefficients for sustainability risk disclosure.ROA: return on assets.

Figure 3 .
Figure 3. Model paths and coefficients for sustainability risk disclosure.ROA: return on assets.

Table 1 .
Relationship between non-financial reporting tools and Social and Environmental risks.CDP: Carbon Disclosure Project; GRI: Global Reporting Initiative; IIRC: International Integrated Reporting Council.

Table 2 .
Sample breakdown by industry and reporting approach.

Table 3 .
Composition of the Sustainability Risk Disclosure score (SRD).

Table 4 .
Number and typology of external assurance provided.

Table 5 .
Descriptive statistics of the main variables of the study.

Table 5 .
Descriptive statistics of the main variables of the study.

Table 6 .
Partial least squares-based structural equation modelling (PLS-SEM) variables, analysis of reliability, and validity scores.

Table 7 .
Discriminant validity analysis of the PLS-SEM model's latent variables.

Table 7 .
Discriminant validity analysis of the PLS-SEM model's latent variables.