Adopting a QCA Approach to Investigating the Risks Involved in Megaprojects from Auditing Perspective

There is an increase of megaproject construction worldwide. At the same time, risks involved in megaprojects have also become a wide concern. Extending from the macrolevel of qualitative analysis focusing on complexity, politics, and morality, the research conducted themicroscopic empirical analysis on twenty-two typical cases by adopting the quality comparative analysis (QCA) from the auditing perspective.Different from the traditional analysis method taking each causation as independent variable, the results in the study revealed that there was complexmultiple concurrent causation among eight conditions; additionally, the configuration of those would be divided into six types, among which, the coverage of the three types, namely, project management risk, preliminary and construction risk, and tendering and contractmanagement related risk, was almost eighty percent. Finally, megaproject risks in China were caused by complicated and changeable combination conditions, which would provide a new breakthrough for seeking analyzing megaproject risks through this quantitative analysis method, and indicate the researchers and practitioners to control the megaproject risks from a more systematic way.


Introduction
As a special means of economic control, megaproject auditing provides an opportunity to uncover those misconduct issues by financial and compliance audits, which detect and combat those unethical practices in those megaprojects, to ensure fundamental project principles with appropriate practices.Megaproject auditing is a cornerstone of good megaproject governance, which is an "immune system" and watchdog of megaprojects.It plays a significant role in improving the ability of megaproject management, preventing the risks, and ensuring fundamental project management principles among megaproject design, tender, construction, and settlement phase [1].Furthermore, it helps public organization achieve accountability and integrity, as well as improving operation [1].
In China, with megaproject construction entering a new era of "the biggest investment boom in history," the whole nation has been emphasizing the importance of megaproject auditing [2].However, unlike some other developed countries that place significant importance to the performance audit, China's megaproject auditing plays an important role in oversight and insight of megaproject, and many misconducts and its risks are disclosed; i.e., auditing shows that over one-third of megaproject investment from 1991 to 1995 was ineffective [3].For example, in the Beijing-Shanghai highspeed railway, the intercepting embezzlement funds, unstandardized procurement, the idle construction materials, and unpaid labor services were discovered with amount over 10 billion Yuan [4].
Thus, although megaproject auditing is the postmortem supervision, it could supervise and manage megaprojects effectively, prevent the emergence of misconduct risk, and further improve the investment efficiency of audit supervision.More importantly, megaproject auditing is no longer a matter of reviewing misconduct but could also analyze the cause and typology of the misconduct problems, which could gradually develop from traditional auditing to the modern performance audit.However, there is still a "black box" for systemic classification of megaproject risks through auditing, and the existing classification guidelines always focus on one aspect, such as quality, investment, or corruption.Furthermore, to uphold auditing megaprojects, it is suggested to measure its functions and effect, especially the relationship of the megaproject risk and its effect from auditing.
It is indicated that, with the whole world entering a new "tera age" of megaprojects [5], more attention has been paid on the discussion of megaproject auditing risk.Most of the existing literature is based on the authors' experience from observation and theoretical induction according to individual case analysis.However, due to lack of representativeness and the results are not universal, their conclusion is not suitable for a wider implication because it cannot handle multicase analysis, so individual case analysis has fallen far short of the research needs.Furthermore, to reveal the mechanism of megaproject risks, the conventional statistical analysis is not enough, nor could it explain the complex causality.Therefore, a holistic and systematic approach is needed to explore the complex interaction between those risks.
The paper contributes several ways to give a more systematic analysis on the risks of megaprojects.First, the research is based on the deep analysis of auditing reports from government instead of observation and theoretical induction, which makes the result more objective and valuable.Second, twenty-two typical cases are analyzed by QCA method, combining the qualitative case study and quantitative statistical analysis together, which makes the methodology more reasonable and advanced compared to the previous studies.Third, different from the independent relationship analysis between the single variables with result dependent variables, the research integrates complicated and changeable combination conditions, and more comprehensive influencing factors have been identified.The study revealed that there was complex multiple concurrent causation among eight conditions for megaproject risk; additionally, the configuration of those would be divided into six types, among which, project management risk, preliminary and construction risk, and tendering and contract management related risk were almost eighty percent.
The paper also effectively faces up to the practical concerns.The government and owners should pay more attention to control the risks in project process management, enhance the effectiveness of preliminary and construction management period, and design transparent and strict regulations for tendering and contract management; they should distribute more human and technology resources to these facets.The study also indicates for the contractors and designers from the industries that risks should be monitored and controlled by integrated methods since the risk types are diverse and many factors may interconnect during the life cycle of megaproject.All the entities in the market should work together to handle the various risks from megaprojects.

Literature Review
. .Megaproject Risk.Megaproject, as multiactor and multitechnology constellations [6], considered to be the most complex of all different types of projects, is a large-scale project characterized by uncertainty and ambiguity [7].
Due to its high volume of investment, great community involvement, complex decision-making processes, and many stakeholders involvement, megaproject is the wild beasts in the project world and hard to tame [8,9], and those projects are exposed to high levels of risks [10].Many megaprojects such as airport, bridge, and highway are usually money pits where funds are simply "swallowed up" without delivering sufficient returns as a result of unbalanced subjective beliefs and information in assessing risks and uncertainties, and taking corrective actions to effectively control and manage the identified risks at the right time [11].So identifying and analyzing megaproject risks are currently considered a mandatory part for their great impact on megaproject [8].With the expansion of size and scale, the associated megaproject risk would increase [12].
Identifying megaproject risks is particularly effective for risk management.Bruzelius and Rothengatter [13] proposed four megaproject risk categories, namely, cost risk, demand risk, financial market risk, and political risk; Bing et al. [14] proposed a distinction of megaproject risks between macro-, meso-, and microlevels.Little [15] developed a wider classification which included political risks, construction risks, operation and maintenance risks, legal and contractual risks, and financial risks.Within the misconduct risk for megaproject, three main illegal behavior risks are lack of supervision, imperfect laws and regulations, and lack of enterprise internal management.Risk analysis, construction on-site management, the usage of constructive funds, tendering and bidding phase, and environmental protection are the four most influences [16] . .Megaproject Auditing.Auditing plays a key role in helping understand risks and initiate risk assessments, including identifying, assessing, and managing risks, ensuring that the audit resources are used effectively to address the areas of greatest exposure [1].The nature of risks identified would vary according to the audit objective; audit may look "upstream" to how decisions are made within government departments and agencies or look "downstream" to how services are delivered and perhaps trick to prove a causal link between audit and performance.Megaproject auditing provides an opportunity to uncover the challenges and risks encountered in execution phases, including project governance, activities, cost estimations, and so on [10].
In China, the megaproject auditing is mainly paying attention to compliance of construction project, the cost authenticity, budget execution, and accounting statements supervision and examination; the key points of megaproject auditing includes decision making and supervision of budget and bidding procedure [17].For example, the Guidelines on Synchronous Prevention of Auditing Risk in Megaprojects of Foshan City involved nine risk areas including tendering and bidding procedure, subcontracting, and change management.Furthermore, 38 supervision points were also listed [18].Its work modes were mainly in three types: governmental auditing, internal auditing, and social auditing [19].
Megaproject auditing is a complicated activity, involving many units and personnel with complicated procedures, especially the variety of problems.Therefore, identifying and assessing risk of megaproject are a basic element for auditing.However, the existing megaproject risk classifications remain insufficient to identify types of risks in practice.Specifically, those analyses often lack context and systematization.There is limited evidence of a consensus on risk classification in literature.Those classifications are merely a guide to risk identification [8].Furthermore, the most commonly employed methodology for analyzing megaproject risk is case study, which represented over 40 percent of articles, of which 67.65 percent are a single case study [8].

Research Method and Data Description
. .QCA Method.There are some well-known difficulties in empirical research on megaproject risks via auditing.Firstly, it is difficult to obtain real data.Secondly, the public data is often fragmented and difficult to analyze systematically because of selective bias.The current research leans towards the qualitative aspects.It aims to provide a feasible way by selecting the multiple typical cases published by authorities.
Considering megaproject risks are generally complex causal system.Its cause mechanism is complex.There are numerous factors contributing to megaproject risks.Previous research [20,21] based on qualitative discussion mostly failed to provide a comprehensive explanation.It is important to find a new and effective way to explore the gap of causation path of serious megaproject risks via auditing.The use of qualitative comparative analysis (QCA) in management research highlights that the complexity of management phenomena contains parsimonious causal paths that research can unveil.Thus, QCA can improve the understanding of management realities while preserving their holistic nature [22].For the above reasons, this research uses QCA method to understand the influence factors and formation mechanism of megaproject risks via auditing, which could combine the advantages of qualitative and quantitative analysis.China's first megaproject auditing report was published in 2005; in the past ten years, its tasks and priorities on megaproject auditing of National Audit Office have taken place; although the identified megaproject risks via auditing have multiple orientations, the compliance auditing is still the focus and priority of the megaproject auditing [23].Megaproject risks discovered by auditing could combine a diversity of occurrence paths and the same adoption result; there may be multiple equifinal causal chains that lead to the same compliance auditing results, which is more suitable for QCA method.Although this research adopts the multicase analysis, the case sample cannot size up to the level of the large sample; this would make it hard to get solid results by statistical method, so considering QCA is good at small sample analysis between 10 and 40 cases for deep understanding of actual phenomenon with combination of quantitative statistical analysis and qualitative analysis [24].The aim of QCA method is to find out the causal relationships between the conditional configuration and the result through case comparison, answering which configuration of condition can lead to the expected result and which configuration could induce results in the absence with considering the interdependence of influencing factors.
QCA methods constitute promising methodological tools addressing the gap between variable-oriented and caseoriented research [25].There are three main analysis methods in QCA, namely, crispy set QCA (csQCA), fuzzy set QCA (fsQCA), and multivalue QCA (mvQCA), among which csQCA is the first QCA technique developed and the most widely used so far [26].csQCA is a comparative case-oriented research technique based on set theory and Boolean algebra, aiming to develop explanatory models on the basis of a systematic comparison of a limited number of cases (less than 100), and its conditions range from 2 to 13, so csQCA could integrate the best features of the case-oriented approach with the best features of the variable-oriented approach [27].This research applies csQCA to analyze the megaproject risks via auditing, which would reveal the complex relationships of risks in the conditions of multivariate and multidimension, and achieve scientific method support for megaproject risk analysis.
. .Data Selection.In recent years, with the increasing emphasis on megaproject auditing at the national level in China, a large number of typical megaproject auditing reports have been published, especially the megaproject auditing report issued by National Audit Office; those auditing reports usually consist of three parts, that is, megaproject implementation and major achievements, major problems and risks identified, and preliminary rectification feedback, which provides an unprecedented opportunity for quantitative case analysis on megaproject risks via auditing.
Due to numerous risk factors and conditions in megaproject auditing report, to ensure the rationality and accuracy of the csQCA analysis results, this research applied the Law of Common Auditing Qualitative Description and Applicable Regulation Guide-Fixed Assets Investment Auditing (Trail), which is a summary of the National Audit Office on the auditing discover problems and risks of government projects including megaprojects.Afterwards, by the China Auditing Common Qualitative Expressions and Applicable Regulations Guide-Fixed Assets Investment Audit [28], eight classification and forms of those discovery risks were determined; more importantly, each classification lists the specific manifestation and problem characteristics; to some extent, those eight classifications are systematic analysis, induction, and classification; this is suitable as conditions for QCA analysis, so the eight categories would be selected as conditions for megaproject risks via auditing (Table 1); furthermore, considering csQCA provides a set of tools for analyzing the necessary and sufficient conditions explaining outcomes, mapping out similarities and differences between various configurations of conditions and cases [29]; the outcome of the csQCA analysis would select the proportion of illegal expenditure; the higher the indicator, the lower the compliance of its expenditure, and the greater of megaproject risk [23] and then collecting and sorting out 42 auditing reports from 2005 to 2017 on the National Audit Office website (http://www.audit.gov.cn/).Finally, a total of 22 cases were selected as research cases according to its integrity; this complete information includes the following: megaproject name, value amount submitted for auditing, value amount of megaproject risk found, and the megaproject risks.
. .Megaproject Types.In recent years, there have been a number of state-led megaprojects with complex types, in order to better understand which types of megaproject are found to be more risky.According to 22 cases, the megaprojects are divided into five types (Table 2).Among them, traffic megaprojects include two subtypes of highway and railway projects.
It is seen that there are 9 traffic megaprojects among the 22 cases involving megaproject risks, which is over 40% of the whole cases.Hence, traffic megaprojects are a major disaster area for megaproject risks, followed by hydraulic megaprojects, which account for more than 22% of all.For the other three types of megaprojects, postearth reconstruction projects refer to the megaproject investment made by the central and local governments after the Wenchuan earthquake in 2008; its total investment exceeds 1.5 trillion Yuan, while for government-subsidized housing projects, its massive construction began in 2011, would cost about 1.3 trillion Chinese Yuan (roughly $200 billion) furthermore, airport and stadiums are not being built across the country like other megaproject due to their financial constraint on local governments.Subject to its development time or financial constraints, fewer cases are disclosed.

csQCA Empirical Analysis
This csQCA analysis includes three stages, which is calibrating dichotomized sets, constructing the truth table and resolving contradictions, and configuration explanations.The main task of calibrating dichotomized sets is to determine the attribution of each condition and outcome.The task in this research is the distribution between 0 and 1.The role of constructing the truth table and resolving contradictions is a given combination of conditions associated with a given result according to consistency threshold and frequency threshold.The configuration explanations focus on simplifying selected conditional configuration by parsimonious solution and intermediate solution according to easy counterfactual and difficult counterfactual analysis.Then these three sections are carried out below.
. .Calibrating Dichotomized Sets.csQCA is based on the logic of Boolean algebra, which allow the minimal formulas that are parsimonious and its combination of conditions and outcome have values of 0 or 1 with dichotomous variables, so as to construct complex data structures using logical and holistic approaches.Considering there are two types of research data, i.e., continuous sample data and discrete sample data, the binary threshold is determined by two methods.For the discrete sample data, which focus on eight conditional variables, the threshold of dichotomous threshold is divided by whether or not there is violation of relevant provisions of the Law of Common Auditing Qualitative Description and Applicable Regulation Guide--Fixed Assets Investment Auditing (Trail); if violated, the value of the conditional variables is 1, and vice versa, while for continuous sample data, which focus on outcome, that is the proportion of illegal expenditure.It is seen that, for the 22 cases, and the minimum amount of problems auditing funding is 240 million Yuan, and the maximum amount is 56.73 billion Yuan.Furthermore, the minimum of the proportion of illegal expenditure is 0.014, the maximum amount of illegal expenditure is 0.206, and the mean of proportion of illegal expenditure is 0.07; according to the Rihoux and Ragin [25], the mechanical cutoff point (mean value) would be selected for threshold.If the proportion of illegal expenditure is over 0.07, the value of outcome is 1, and vice versa; the specific settings are shown in Table 3.
It is indicated that violating funds management and accounting regulations (Cap), violating quality management regulations (Qua), violating tendering and bidding and contract management regulations (Bid), and violating construction management regulations (Con) are the four important sectors of megaproject risks via auditing, over 70% of cases violated those regulations, especially for violating funds management and accounting regulations (Cap), and almost all the cases (except one) violated funds management and accounting regulations.

. . Constructing the Truth Table and Resolve Contradictions.
In order to use Boolean algebra as a technique of qualitative comparison, it is necessary to reconstruct a raw data matrix as a truth table [27].The truth table includes a binary configuration combination of all the conditions influencing the results, which could reconstruct data as a list of configurations, and each configuration might correspond to a few observed cases [30], so the different combinations of input condition values and their associated outcome values are summarized in a truth table, and the number of the truth tables of these 8 conditions is 256 (2 8 = 256).However, 256 configuration is ideal, in the actual analysis, due to the limitation of case scenario and conditional variables; there may be exhibiting contradictory configurations.Then, following the truth table, the key operation is the Boolean minimization, which is used to minimize the configurations and nonobserved cases; coverage and consistency are, respectively, used to determine whether the configuration is the necessary and sufficient condition for the outcome [31].Coverage measures how much of the outcome is explained by each solution term and by the solution as a whole, consistency measures the degree to which solution terms and the solution as a whole are subsets of the outcome, and their threshold is 0.8, if these values reach 0.8 or above, indicating that these 8 conditions have an important effect on the outcome.There are three types of solutions: complex, intermediate, and parsimonious solution, and each solution is based on a different treatment of the remaining combination, considering numerous studies applying intermediate solution for conditional configuration analysis [32], so this research would select intermediate solution, and Table 4 shows the values of coverage and consistency.
In Table 4, solution coverage measures the proportion of memberships in the outcome that is explained by the complete solution; solution consistency measures the degree to which membership in the solution is a subset of membership in the outcome, raw coverage measures the proportion of memberships in the outcome explained by each term of the solution, and unique coverage measures the proportion of membership in the outcome explained by each individual solution term, while " * " means the preceding and the following term are multiplied, and "∼" means not logical, which is true if the following term is false.The results of Table 4 show the value of solution coverage and solution consistency is over 0.8, which meets the configuration requirements of coverage and consistency, indicating that the analysis results have strong explanatory strengths of the csQCA.There are 6 groups of configuration which is linked together by " * " which forms configurations for megaproject risks via auditing.
. .Configuration Explanations.For the parsimonious and intermediate solutions, which come from the results of easy counterfactual and difficult counterfactual analysis, to deal with the problem of limited diversity, this step would logically reduce the truth table rows to simplified combinations using parsimonious and intermediate solutions, and there are two causal conditions in configurations, which are core conditions and peripheral conditions, core conditions are those part of both parsimonious and intermediate solutions, while peripheral conditions are those that only appear in the intermediate solution [33], and using full circles indicate the presence of a condition, while cross-out circles indicate the absence of a condition, additionally, large circles means core conditions, while small one refers to peripheral conditions, and blank spaces indicate a "do not care" situation in which the causal condition may be either present or absent [34].Table 5 indicates the configurations for megaproject risks via auditing.
The solution table shows that the crisp-set analysis results in 6 solutions exhibiting acceptable consistency and coverage, and those 6 solutions are named M1, M2,. .., to M6, considering the overall raw coverage of M1, M2, and M3 is almost 80%, which means those three solutions are the main configurations of megaproject risks via auditing, and thus this research would focus on the three most common megaproject risk configurations, i.e., project management risk, preliminary and construction risk, and tendering and contract management related risk.All the three configurations involve Qua and Con, showing these two conditions are universal among megaproject risks.
. . .Project Management Risk Configuration.The raw coverage of this configuration is 0.417 and contains 7 conditions, and those are all core conditions, among which five are the presence of conditions, including Cap, Bid, Qua, Con, and Inv, while two of them are absence of conditions, that is, Pro and Env.It could be seen that over 40% of 22 cases are involved in this configuration.This megaproject risk configuration involves all the usual construction project management issues except schedule, because, in China, megaproject schedule delay is almost unacceptable and would induce political risk even political disaster for project managers [35].The megaproject risks caused by this configuration is common and has great influence; there are three main reasons for this configuration.First of all, the investment amount of megaproject projects is often very large, and these megaprojects are often government-led, and control over the whole megaproject and the mobilization of large amounts of project funds are often in the hands of a small number of leaders, which provides fertility for megaproject risk on backroom trading.After all, because the whole construction period of megaproject is long, and there are numerous procedures and stakeholders involved, this hinders the supervision work, causing the megaproject construction to have many risks.
This megaproject risk configuration often starts from the megaproject beginning of tendering and bidding to project completion and payments of funds; i.e. the qualifications of the winning construction enterprises could not meet the requirement of project grad; some megaprojects even failed to carry out tendering and bidding activities in accordance with the requirements of laws.The project quality is below the design standard, transferring, occupying, and misappropriating even defraud project funds.The whole construction process is chaotic and lacking in management; a large number of institutions are virtually nonexistent.Serious project funds management problems are often associated, for example, with the megaproject of Chongqing to Changsha expressway; there were 78.217 million fake invoices as financial vouchers, the main contractor subcontracted the project in violation of regulations without the permission of the owner, and the draft final accounts for the completion of the project exceeded the estimated amount of 1.139 billion Yuan.
. . .Preliminary and Construction Risk Configuration.The raw coverage of this configuration is 0.167 and contains 5 conditions, and, among those conditions, the conditions of Pro, Qua, Con, and Req are the core conditions, while the condition of Cap is peripheral condition; additionally, those conditions are all the presence of conditions.Compared with the configuration of M1 (project management risk configuration), this configuration includes the conditions of Pro and Req, mainly expressed in the form of not going through the formalities according to the regulations, approval of unauthorized, starting megaproject construction without approval, and other forms.Because of the risk of those megaproject procedures, it has a certain impact on project demolition and construction; for demolition, there are some risks of compensation for land expropriation, such as expropriation and detention.
While, for construction, there are defects and risks in the preliminary, these risks would inevitably be reflected in the process of megaproject construction; the most intuitive manifestation is the construction quality risks, especially these megaprojects often have strict deadline requirements and there is a certain deadline behavior, inducing in the construction period, and the basic construction procedures have not been strictly implemented, such as there is failure to follow the drawings for construction and the relevant supervisors and others do not strictly follow the rules because of deadline behavior for construction.And these risks caused construction quality problems due to violations and deadline behavior, which makes this configuration more likely to lead to financial problems, especially overexpenditure and project management risks.For example, in guaranteeing housing projects, a total of 45 projects across the country have not been approved for land use planning, involving 1433 mu of land, and there are 5.8 billion Yuan funds for 360 projects that have problems.

. . . Tendering and Contract Management Related Risk
Configuration.The raw coverage of this configuration is 0.167 and contains 6 conditions, and there are five core conditions except Req, and, except Pro, the other five conditions of Bid, Qua, Con, Inv, and Req are all the presence of conditions.This configuration of megaproject risks via auditing is mainly caused by the uncontrollable tendering and contract management, the process of tendering of megaprojects is in chaos, and even the tendering system is virtually nonexisting, i.e., set unseasonal terms in the bidding documents to exclude potential bidders, and turn the whole projects into several parts to avoid tendering, furthermore, there is illegal subcontracting, as a result, it is difficult to select qualified megaproject contracts, and it is inevitable that the megaproject quality cannot meet the requirements, and the investment is out of control and the other construction management problems emerge endlessly.For example, in the megaproject of expressway of Changchun to Hunchun, there are 166 subprojects of construction, design, supervision, and other procurement that have not been tendering for public bidding as required, which involved 2.051 billion Yuan, and then there were random design changes for unqualified acceptance of project quality and more than 57.523 million Yuan were paid to 34 contractors without voucher.

Conclusions
With the increasing complexity of megaproject, project risks are also increasing.A large number of researchers and government have realized that the traditional research methods on discovering megaproject risks have been difficult to reflect the large amount of problems, especially the traditional auditing on a certain risks.As a result, the corresponding suggestions proposed would have little effects on solving the mitigating megaproject risks.
Configuration analysis is a new type of analysis tool exploring internal operation essence of megaproject risks and grasping their microoperation process; thus this research would analyze the megaproject risks through auditing and sorting out 8 conditions combined with the relevant specification.Afterwards, six configurations were summarized by csQCA.The results indicated that the megaproject risks in China were not caused by a single factor, but by complicated and changeable combination conditions, which would provide a new breakthrough for seeking analyzing megaproject risks through this quantitative analysis method and systematic thinking for the industry to improve the megaproject risk controlling level.
It was also inferred that adopting the result-driven conditions factors to explore the configuration of megaproject risks via auditing would set up the relationship between complex megaproject risks and the limited paths of these problems, and revealing their intuitive connections with each other.Six configuration path analyses would bring about a turning point to solve the present situation of serious risk problems in megaprojects, which would grasp the main problem path operation mode of megaproject risks and then formulate the relevant regulations to improve the megaproject risk management.This research further identified that there were three configurations with the highest distribution among the six configurations analyzed.And the conditions of Qua and Con are the widespread risk point.The practitioners and researchers in the future may pay more attention to the above factors and points to largely enhance the megaproject management performance.However, although the cases in this research are all from the key auditing cases published by the National Audit Office of China, which are representative to a certain extent, there is limitation in case number, and more cases are needed to further verify the scientific nature of the results.

Table 2 :
The distribution of risks of megaproject types involved.

Table 4 :
Values of coverage and consistency.

Table 5 :
Configurations for megaproject risks via auditing.