Determinants of enhanced risk disclosure of JSE Top 40 Companies: the board risk committee composition, frequency of meetings and the chief risk of ﬁ cer

1 Risk disclosure practices have received increasing attention in the wake of the 2008 global ﬁ nancial crisis. This study investigated possible determinants relating to the composition of the board committee responsible for risk management, the frequency of board risk committee meetings and whether the company employs a chief risk of ﬁ cer, which could manifest in an enhanced level of risk-related disclosure. Based on the possible determinants identi ﬁ ed in the literature, nine hypotheses were developed in order to investigate which of these determinants relate to an enhanced level of risk disclosure by the selected companies. The ﬁ rst required integrated reports of non- ﬁ nancial companies in the Top 40 index of the JSE Securities Exchange were investigated in this study. Regarding one area of investigation, namely the level of risk management disclosure, it was found that the disclosure of companies whose risk committee met more frequently and the disclosure of companies that employed a chief risk of ﬁ cer, were of a relatively higher standard. With regard to the other area of investigation, namely the level of risk identi ﬁ cation and mitigation disclosure, no clearly signi ﬁ cant determinant of enhanced disclosure was identi ﬁ ed.

This study investigated possible determinants relating to the composition of the board committee responsible for risk management, the frequency of board risk committee meetings and whether the company employs a chief risk offi cer, which could manifest in an enhanced level of risk-related disclosure. Based on the possible determinants identifi ed in the literature, nine hypotheses were developed in order to investigate which of these determinants relate to an enhanced level of risk disclosure by the selected companies. The fi rst required integrated reports of non-fi nancial companies in the Top 40 index of the JSE Securities Exchange were investigated in this study. Regarding one area of investigation, namely the level of risk management disclosure, it was found that the disclosure of companies whose risk committee met more frequently and the disclosure of companies that employed a chief risk offi cer, were of a relatively higher standard. With regard to the other area of investigation, namely the level of risk identifi cation and mitigation disclosure, no clearly signifi cant determinant of enhanced disclosure was identifi ed. Introduction 1It is widely acknowledged that risk reporting prior to the 2008 global financial crisis was inadequate (ICAEW 2011;Kirkpatrick 2009). In its report on risk disclosure, the Institute of Chartered Accountants for England and Wales (ICAEW 2011) provides three possible reasons for inadequate risk reporting: • the requirements for risk reporting were insufficient; • the requirements for risk reporting were sufficient, but managers, who were aware of the risks, chose not to disclose them; or • the board of directors was either unaware of the risks, or completely underestimated them. 1No comprehensive set of guidelines is currently available on the disclosure of risk identification and risk management processes (Enslin, Bruwer & Viljoen 2015;Kirkpatrick 2009). With the exception of the disclosure of financial risk, which is regulated by the International Financial Reporting Standards (IFRS), the level and content of risk reporting can be determined by the board of directors of each company. Kirkpatrick (2009) has argued that limited guidance on and requirements for risk disclosure have resulted in the inadequate management of risks by boards of directors. The responsibility for risk management and disclosure rests ultimately with the board of directors of companies (IOD 2009).
As a means to assist the board of directors in fulfilling its responsibility, King III (IOD 2009) stipulates the following: The board should assign oversight of the company's risk management function to an appropriate board committee (for example a risk committee or the audit committee). Membership of the risk committee should include executive and non-executive directors. Members of the risk committee, taken as a whole, should comprise people with adequate risk management skills and experience to equip the committee to perform its functions. 1The fact that this responsibility resides with the board of directors, and specifically the board committee to whom the responsibilities for risk management oversight are discharged, implies that the composition of the board committee on risk identification and risk management may have a significant influence on risk management and risk disclosure practices of companies.
Risk disclosure is of vital importance to investors, both equity investors as well as providers of loan capital, as these investors stand to lose money if the business in which they have invested fails. Investors do not have inside knowledge of the risks the business is facing, the tolerance levels of risk or the adequacy of risk management systems (FRC 2011). Investors require risk-related information in order to perform their own risk assessment and calculate the return that would adequately compensate them for the risk relating to an investment in the business (Abraham & Cox 2007).
According to Maingot, Quon and Zéghal (2014), the level of risk disclosure by non-financial companies in the United States of America and Canada was only affected to a negligible extent by the 2008 global financial crisis. Hence if risk disclosure was inadequate before the financial crisis, it remains a problem that must be addressed and resolved. The problem is partly due to the fact that risk disclosure is largely unregulated. This problem of the inadequate level of risk disclosure forms the problem statement that necessitated the investigation conducted in this study.
Given the prevalence of inadequate risk and risk management disclosure, despite the importance of such disclosure, Mokhtar and Mellett (2013) stressed the need to determine the nature and determinants of risk reporting. The objective of this study was therefore to investigate determinants of risk disclosure relating to the composition of the board risk committees, the frequency of its meetings as well as a selection of company characteristics of companies listed on the JSE Securities Exchange. The factors relating to the board risk committee and other company characteristics were identified from previous research literature as possible determinants of the level of risk disclosure.
The Integrated Reporting Framework created by the International Integrated Reporting Council has set out risk and opportunities as one of the content elements of the integrated report (IIRC 2013). Accordingly, the first required integrated reports of non-financial companies in the Top 40 index of the JSE Securities Exchange were investigated in this study to identify which of the possible determinants correlated with higher quality risk reporting.
The aim of this study was to provide possible guidance to boards of directors on the optimal composition of their board risk committees, the frequency of its meetings and whether to appoint a chief risk officer. Investors could also benefit from a better understanding on determinants of enhanced risk disclosure, which could be an indication of enhanced risk management (Enslin et al. 2015).
Literature review and hypothesis development 1Although risk management and risk disclosure have received heightened research attention in recent years, research into factors pertaining to quality risk disclosure remains extremely limited (Miihkinen 2012). Investors have called for improved risk disclosure (ICAEW 2011) following the financial crisis which occurred during the latter part of the previous decade. In addition, investigations have been conducted internationally into how risk management and risk disclosure could be improved (ICAEW 2011;FRC 2011).
The literature review is divided into two sections. This first section deals with the identification of a measurement tool suited to measuring the level of risk disclosure by South African listed companies. The second section relates to literature on the possible determinants of enhanced risk disclosure and the development of hypotheses based on the literature.
Disclosure index for measuring level of risk disclosure 1The Integrated Reporting Framework provides limited guidance on risk disclosure by suggesting that specific key risks should be disclosed (IIRC 2013). It also suggests that disclosure on each risk may include discussion of the source of the risk, the company's assessment of the risk and the steps taken to mitigate the risk. However, specific details on risk management disclosure are not provided.
In its statement on management commentary, the International Accounting Standards Board (IASB 2010) states the following: Management should disclose an entity's principal risk exposures and changes in those risks, together with its plans and strategies for bearing and mitigating those risks, as well as disclosure of the effectiveness of its risk management strategies. 1The above statement of the IASB should be supplemented with other guidelines on risk and risk management disclosure, as it does not deal specifically with the detail of risk and risk management disclosure. Other guidelines on risk and risk management disclosure provide fragmented guidance on disclosure.
Based on a review of the available guidelines, Enslin et al. (2015) compiled a risk disclosure index indicating current requirements in terms of leading guidelines. They segregated risk relating reporting into two categories for the purposes of the risk disclosure index, namely risk management related disclosure (see Table 1) and risk identification and mitigation related disclosure (see Table 2). This risk disclosure index provides a tool with which to measure the level of a company's risk reporting.
Possible determinants of enhanced risk disclosure 1One area of risk-related research investigates possible factors that may determine improved risk management, as well as factors that may determine improved risk disclosure. The determinants of risk disclosure have been addressed in a number of studies in developed countries, but investigation into determinants in developing   Enslin et al. (2015) 1countries is limited (Mokhtar & Mellett 2013). Possible determinants for proper risk management and for adequate risk disclosure as identified in previous studies, will be discussed in the remainder of the literature review. The identified determinants will subsequently provide the theoretical base for the hypotheses in this study on the possible determinants for enhanced risk disclosure by companies listed in South Africa, a developing country.
Previous research has investigated the composition of the board and risk reporting (Oliveira, Rodrigues & Craig 2011;Dobler, Lajili & Zéghal 2011;Mokhtar & Mellett 2013). Although the board of directors is ultimately responsible for risk disclosure, this duty is delegated to either the audit or the risk committee of the board. According to King III (IOD 2009), the responsibility for risk management should only be assigned to the audit committee after considering whether the audit committee has sufficient resources to deal with risk governance, as well as with its audit responsibilities. As such, it makes more sense for the specific characteristics of the board committee responsible for risk and risk management to have a stronger relationship with the level of risk reporting by listed companies, than the characteristics of the board as a whole.
Separate board risk committee 1A ccording to King III (IOD 2009), the board of directors should delegate the duty to design, implement and monitor the risk management plan of the entity to management. However, it remains the duty of the board to ensure that there are processes in place that will allow sufficient risk disclosure to stakeholders to enable them to make informed decisions (IOD 2009). Although the board of directors remains responsible for risk management, this function is delegated to a board subcommittee (either the audit committee or a separate risk committee).
King III (IOD 2009) allows the audit committee to accept responsibility for internal auditing and risk management. However, it is clear from the wording, "this should be done with careful consideration to the resources available to adequately deal with risk governance in addition to its audit responsibilities", that it would be preferable for a company to have a separate board sub-committee to deal with risk management.
The Dodd-Frank Wall Street Reform and Consumer Protection Act in the United States of America and the Walker Review in the United Kingdom have highlighted the need for a board risk committee and the establishment of such a committee is increasingly becoming best practice at international level (Lawlor 2012;Ballou & Heitger 2008). Reputable frameworks for risk management, including the framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO 2004), emphasise that risk management will fail in the absence of proper oversight. Brown, Steen and Foreman (2009) noted that, owing to the complexity of non-financial risks, it might not be possible for boards to rely on the audit committee alone to manage risk and that creating a separate risk management committee would be likely to improve risk management. According to Subramaniam, McManus and Zhang (2009), a board risk committee is a critical resource for boards to fulfil their responsibilities as far as risk management is concerned, but there is still a paucity of empirical evidence on the nature of these committees. It is therefore possible that the existence of a separate risk committee might be a determinant for improved risk disclosure practices.
The determinants of risk management disclosure could, theoretically, differ from those of risk identification and mitigation reporting. Risk management disclosure focuses on the processes which are largely prescribed by King III (IOD 2009) and enterprise-wide risk management systems. Risk identification and mitigation disclosure, however, are more subjective, with little directives that may serve as guidance. In the case of risk management disclosure, however, the existence of a separate risk committee is not as important, as the audit committee typically retains some risk-related duties and the internal audit function provides assurance on the risk management systems. A separate risk committee that focuses almost exclusively on risks and spends most of its time at meetings on this subject could, however, improve disclosure on risks and the mitigation thereof.
King III (IOD 2009) stipulates that the committee responsible for risk management should include both executive and non-executive directors, and should have a minimum of three members. The committee should meet at least twice a year and should consist of people with adequate risk management skills and experience.
The preferability of a separate board committee for risk management and disclosure is confirmed by various international studies (Lawlor 2012;Brown et al. 2009;Atkinson 2008;Ballou & Heitger 2008). The first hypothesis therefore tested the relationship between the existence of a separate board risk committee and the level of risk disclosure. For the purposes of this study, a value of one was assigned to companies that had a separate risk committee and a value of zero assigned to companies in which the duties relating to risk identification, management and disclosure form part of the duties of a combined committee.
H 1 : There is a positive relationship between the existence of a separate board committee for risk and risk management (RC) and the level of risk disclosure.

Number of independent directors
1Independence, according to King III (IOD 2009), refers to "the absence of undue influence and bias which can be affected by the intensity of the relationship between the director and the company".
Htay, Rashid, Adnan & Meera (2012) found that a higher percentage of independent directors on the board led to higher information disclosure. This could be extrapolated to the board committee. Whether the board committee tasked with risk management is a separate risk committee or is combined with another committee, for example, the audit committee, the number of independent directors on the committee may also lead to improved risk disclosure. According to Ismail and Rahman (2011), independent non-executive directors are of vital importance in order to provide balance on the board of directors and to monitor management. These directors will enhance their own reputation by increasing the quality of monitoring in the companies where they serve on the board of directors (Fama & Jensen 1983).
Independent non-executive directors on the board, as well as on the risk committee, are beneficial in order to reduce the agency problem (Abraham & Cox 2007). Agency conflict is a key issue to address when discussing the role of directors in a company and, in this case, specifically with regard to risk management. The reason for this is that, while more disclosure on risk might be beneficial to stakeholders such as shareholders and suppliers of finance, it might prove detrimental to the management team in charge of the day-to-day running of the company, who will also be evaluated on the basis of their performance as far as risk management is concerned.
Based on the resource dependency theory, directors are beneficial to a company as they provide knowledge, skills, expertise and contacts to the company. Directors who also have a link with outsiders should have access to external resources that could enhance performance (Ismail & Rahman 2011). The presence of a company's directors on the boards of other companies can also improve access to information that could be utilised to the advantage of the company (Kyereboah-Coleman 2008). However, Ismail and Rahman (2011) found that risk management disclosure is negatively correlated with the number of independent, non-executive directors, and they could not find a significant relationship between risk management disclosure and the number of non-independent, non-executive directors. Abraham and Cox (2007) found that the number of executive and independent, non-executive directors was positively related to the level of corporate risk reporting, but not the number of dependent, non-executive directors. Owing to their connection with the company, non-independent directors' judgements could be influenced by management. This underlines the importance of independent directors in good corporate governance.

Determinants of enhanced risk disclosure of JSE Top 40 Companies
The quality of decision making and strategic direction for the company could be influenced by outside directors (Pearce II & Zahra 1992). Rahman and Ali (2006) found that independent, non-executive directors ensure enhanced monitoring. The findings of Cheng and Courtenay (2006), that companies with a higher number of independent directors have a higher level of voluntary disclosure, provide support for the positive influence of independent directors. However, contrary to the arguments above, Haat, Rahman and Mahenthiran (2008) and Dionne and Triki (2005) found that the number of independent directors does not have an effect on risk management.
However, in this study, it was found that some companies nominated only independent directors on the specific committee charged with the responsibility of risk, but the executive directors attended all the meetings as invitees. It is thus possible that the official proportion of independent directors could be misleading, as the executive directors would certainly play a significant role in the meetings. It was therefore decided to use the number of independent directors on the board committee tasked with risk and risk management as the independent variable. It is argued that the greater the number of independent directors is, the more power these gatekeepers, who fulfil the monitoring role and protect the stakeholders' interests, should have in meetings. Boards with more independent directors are more effective in monitoring management, thus also reducing agency problems.
H 2 : There is a positive relationship between the number of independent directors on the board committee (#IndD) and the level of risk disclosure.
Variation in experience 1Diversity , as far as the skills and level of experience of directors (especially nonexecutive directors) are concerned, enhances the effectiveness of a committee as it provides alternative perspectives on strategy and risk (Tyson 2003). McIntyre, Murphy and Mitchell (2007) supported the view that the levels of experience of directors may influence the performance of the board, which may also be true for board committees. Accordingly, a study conducted by Xie, Davidson III and DaDalt (2003) concluded that there is a positive relationship between risk disclosure and the number of experienced directors on the board. However, Ismail and Rahman (2011) and Rahman and Ali (2006) found that there is a negative relationship between risk management disclosure and the existence of experienced directors on the board. Experience is measured by the number of years the independent director has served on the board of the specific company. Variation in experience could be beneficial to risk reporting, as directors with different levels of experience should have different views on the quantity and quality of disclosure on risks and the management thereof.
H 3 : There is a positive relationship between the variation in the experience of the independent directors on the board committee (VarIDExp) and the level of risk disclosure.
1V ariation in experience refers to the difference in experience between the various independent directors serving on the committee of the specific company. The measurement of variation is based on the standard deviation of experience.
Variation in age 1McIntyre et al. (2007) also studied the average age of the directors on the board, as well as the variation in their age. Their study found that high levels of experience, but with moderate levels of variation in age and team tenure, were correlated with improved firm performance. McIntyre et al. (2007) proposed that optimal boards should, firstly, possess moderate diversity along key dimensions, such as tenure and age; secondly, only be large enough to ensure that the task required is completed with the required resources and capabilities; thirdly, have medium team tenure; and fourthly, have experienced membership.
Their findings support the view that team design is indeed necessary for the effective functioning of boards of directors. These requirements could also be made applicable to the board committee charged with managing risk. The reasoning behind this investigation into the variation in age of the directors on the committee is that disclosure should improve along with an increase in age variation, as different viewpoints and experience will be represented by a wider spectrum of ages.
H 4 : There is a positive relationship between the variation in the age of the independent directors on the board committee (VarIDAge) and the level of risk disclosure.
1V ariation in age refers to the difference in age between the various independent directors serving on the committee of the specific company. The measurement of variation is based on the standard deviation of age.

Number of meetings
1The number of meetings of the board (as well as those of the audit committee) is indicative of its effective functioning, as well as how often relevant issues are addressed (Dey 2008). However, Brick and Chidambaran (2010) found that the number of annual audit committee meetings is slightly negatively correlated with company value. Although Brick and Chidambaran's (2010) study related audit committee meetings to firm value, it could indicate, in contradiction of Dey's (2008) Determinants of enhanced risk disclosure of JSE Top 40 Companies argument that the number of committee meetings may not necessarily result in more effective functioning.
The number of meetings held by the committee charged with the responsibility of risk should influence the level of risk reporting in the integrated report. The more frequently the committee discusses these issues, the better the disclosure of risk should be.
H 5 : There is a positive relationship between the number of meetings of the board committee (#Meet) and the level of risk disclosure.
Designated chief risk offi cer 1King III (IOD 2009) states that the chief risk officer should be a suitable and experienced person who should have access to the board and interact with them (as well as executive management and the relevant board committees) on a regular basis with regard to strategic risk matters. In their investigation into determinants of companies' enterprise risk management adoption, Liebenberg and Hoyt (2003) found, however, that companies with a chief risk officer did not have a significantly higher adoption rate. The need for a chief risk officer may indeed be debatable as risk management capabilities should be evident across all levels of management in an entity and should be integrated throughout (KPMG 2001). However, Liebenberg and Hoyt (2003) did find that companies with higher leverage were more likely to employ a chief risk officer. They interpreted this phenomenon to be indicative of the fact that companies facing greater financial risk require a chief risk officer to, inter alia, communicate the company's risk profile effectively to external stakeholders. In accordance with the Liebenberg and Hoyt's (2003) interpretation mentioned above, having a chief risk officer in office should improve risk disclosure. A value of one was assigned to companies that had a designated risk officer, and a value of zero assigned to companies that did not indicate that they had a designated risk officer.
H 6 : There is a positive relationship between the appointment of a specifically designated chief risk officer at management level (RO) and the level of risk disclosure.
1A dditional company-related factors that could be determinants of enhanced risk disclosure are discussed below.
Size of the company 1Amran, Bin and Hassan (2008) argued that the larger the company is, the larger the number of stakeholders involved with the company is. The duty of disclosure thus increases as the company grows, because the information needs of a larger number of people must be satisfied. It can also be said that the larger the company is, the more resources it has available to ensure that better risk management systems are implemented within the company. This should lead to improved information for disclosure purposes. Previous studies on risk or other voluntary disclosure proved a positive association between company size and level of disclosure. Oliveira et al. (2011), Hussainey and Al-Najjar (2011), Khodadadi, Khazami and Aflatooni (2010, Amran et al. (2008) and Beretta and Bozzolan (2004) all confirmed the positive relationship between the size of a company and risk disclosure. However, Hassan, Giorgioni and Romilly (2006) found a negative relationship between company size and improved disclosure practices, while Hassan (2009) and Mokhtar and Mellet (2013) found the relationship between the size of the company and risk disclosure to be insignificant. Mokhtar and Mellet (2013) suggest that a possible explanation for this conflict with the literature could be that the role of the size of a company differs between developed economies and developing economies, with less mature reporting systems.
According to a study by Ismail and Rahman (2011), company size (defined by the logarithm of total assets) has a significant effect on risk management disclosure. Chow and Wong-Boren (1987) also determined that company size is positively related to the level of voluntary disclosure.
In addition, agency cost is typically higher in larger companies, and increased agency cost should lead to greater monitoring and risk management (Carcello, Hermanson & Raghunandan 2005;Goodwin-Stewart & Kent 2006). The size of the company is thus a vital control variable that should be included (Subramaniam et al. 2009).
A number of studies have determined that the size of a company is an important factor as far as risk management is concerned (Oliveira et al. 2011;Subramanian et al. 2009;Meek, Roberts & Gray 1995). Many different ratios, such as the following, have been used in previous studies to provide an indication of company size: • The natural logarithm of sales revenue was used as an indication of company size (Dey 2008). • The book value of total assets at the end of the prior financial year was utilised (Brick & Chidambaran 2008 this study, the logarithm of total assets was used as an indication of company size. H 7 : There is a positive relationship between the size of a company (Size) and the level of risk disclosure.
Profi tability 1P rofitable firms have incentives to distinguish themselves from less profitable firms in order to motivate shareholders to invest in them, rather than in less profitable firms (Meek et al. 1995). Accordingly, profitable companies are motivated to disclose more information in order to satisfy shareholders, to enhance the image of the company and to increase the marketability of shares and justify managers' compensation. However, in their investigation into determinants of the level of voluntary disclosure by companies, Mokoaleli-Mokoteli and Ojah (2010) found that higher profitability does not necessarily lead to companies disclosing more voluntary information.
In this study on risk identification and mitigation reporting, profit (as defined by net profit after tax, as a percentage of total assets) was used as a control variable. This is because the business and operational risks that directly impact on profits are those that are identified and being reported on. More profitable companies might be more willing to disclose their major risks in more detail. However, it is also possible that less profitable companies could be motivated to reveal more relating to their risks and risk mitigation, in order to attract new investors.
Profitability was calculated by using net profit after tax/total assets, in accordance with the study by Mokoaleli-Mokoteli and Ojah (2010).

H 8 : There is a positive relationship between profitability (Profit) and the level of risk disclosure.
Industry 1Amran et al. (2008) found a significant relationship between the nature of the industry in which a company operates and its risk disclosure. The more risks an industry is exposed to, the greater the exposure will be -hence the higher the required level of risk disclosure. Mokoaleli-Mokoteli and Ojah (2010) reported that the industry in which a company operates is a significant factor in voluntary disclosure.
In this study, a dummy variable was created in order to determine whether risk reporting was influenced by the industry in which a company operates. Owing to the limitation of the sample size, it was decided to limit the distinction between industries to companies in extractive industries and companies operating outside the extractive industries. Extractive companies are broadly defined as companies involved in the mining industry, while the rest of the population consisted of companies not involved in mining. Extractive industries are exposed to comparatively higher safety, regulatory or ecological risks (FRC 2011). A value of one was assigned to extractive companies and a value of zero to non-extractive companies.

H 9 : The level of risk disclosure depends on the industry in which the company trades (Extract).
Research method 1The level of risk reporting by the 29 non-financial companies in the JSE Top 40 index was measured using the disclosure index developed by Enslin et al. (2015). Information on the possible determinants of enhanced risk reporting, which were identified in the literature review, was collected for all the selected companies. Based on a post-positivist research paradigm, a quantitative method was used to develop statistical models to indicate which of the possible determinants explained differences in the level of risk disclosure within the sample. The results of the forward stepwise regression models indicated which of the hypotheses developed in the literature review could not be rejected. The determinants relating to the hypotheses which were not rejected, were accepted as determinants of enhanced risk-related disclosure in the sample. were selected for the analysis. This represents the first reporting period for which each of these companies was required to submit an integrated report in accordance with King III (IOD 2009), as required by the JSE listing requirements (JSE n.d.). This is significant because King III (IOD 2009) requires risk and risk managementrelated disclosure in the integrated report. Investigating the first integrated reports also provides a baseline against which future investigations may be compared. This study therefore included 29 companies in total.

Dependent variable
1Disclosure of risk management as one dependent variable and risk identification and mitigation as a second dependent variable were measured by means of a risk disclosure index compiled by Enslin et al. (2015) from the requirements and guidelines contained in the reports of Deloitte (2012) The requirements and guidelines for reporting on risk were categorised as follows, in accordance with the disclosure index by Enslin et al (2105): disclosure on the risk management processes ( Table 1 in the literature review section), and disclosure on risks identified and mitigation thereof ( Table 2 in the literature review section). For each requirement that was disclosed, a value of one was awarded, and in the absence of its disclosure, a value of zero awarded. The index score was therefore a measure of the level of reporting, but not necessarily the quality of the disclosure (Beattie, McInnes & Fearnley 2004). Owing to the fact that an ordinal scale for the presence or absence of an item was used, indicating only whether or not a company satisfied and complied with a specific requirement on the risk disclosure index, no weighting was done. Ordinal results allow categorisation of data according to a selected rank which helps to describe differences between data; in this instance, how many companies complied with each specific requirement. Weighting was not necessary, as the disclosure index in this study was not developed from the preferences of a specific group of stakeholders (Marston & Shrives 1991). Previous studies also found that weighted and unweighted scores showed similar results (Khodadadi et al. 2010;Marston & Shrives 1991). As each requirement was equally important, an unweighted approach was followed (Mokoaleli-Mokoteli & Ojah 2010).

Independent and control variables
1A ccording to Mokoaleli-Mokoteli and Ojah (2010), independent variables must, firstly, be related to the disclosure; secondly, they should be easily measured; and, thirdly, data should be available on that corporate characteristic. These requirements were considered in the development of the independent variables. The nine possible determinants of enhanced risk disclosure which were identified from the literature were selected as the independent variables to identify which possible determinants explain differences in the level of risk reporting by sample companies.

Development of models
1The two dependent variables, risk management disclosure, and risk identification and mitigation disclosure could hypothetically be explained by various characteristics of the risk committee and other risk management specifics of the company. As the number of observations was small, over-fitting of the models being developed posed a real risk. Although R 2 could be made much higher by the addition of more variables, the models could not be significant as a result of over-fitting. The independent variables that were studied all had a theoretical causal association with the dependent variables and, as such, the researchers did not wish to omit any of them in the development of the models. It was therefore decided to use forward stepwise regression, limiting the number of variables that could be included in the models, so that only the independent variables which improve the various models would form part of the model. This ensured that only the dependent variables with the most explanatory power and that added the most value to the study and to the results were included in the end results.

Results and discussion
Descriptive statistics 1T able 3 presents the descriptive statistics for the continuous independent variables and Table 4 for the categorical independent variables. Two companies did not report on any aspect of the disclosure index for risk identification and mitigation, and they were therefore not included in the development of the models for risk identification and mitigation. This resulted in 29 observations for risk management disclosure and 27 observations for risk identification and mitigation disclosure. From the descriptive statistics it is evident that the presence of risk management disclosure was more prevalent than the disclosure of risk identification and mitigation. The p-values of the Kolmogorov-Smirnoff tests for the dependent variables were all larger than 20%, which indicates that there was not enough evidence to infer that the data was not normally distributed. 1T able 4 contains the information on the categorical independent variables. Only 34% of all the companies had a separate risk committee at board level; the other companies combined the responsibility of risk with the audit committee's responsibilities. The majority (66%) of the companies did not have a manager appointed specifically as a risk officer. Note that the two companies that did not comply with any of the risk identification and mitigation disclosure investigated in this study did not have a separate risk committee and also did not have a specific risk officer. Pearson correlation coefficient is indicated in Table 5. This indicates the correlation between the dependent and the independent variable. There was a positive significant correlation (at a 5% level) between risk management disclosure and the number of meetings as well as the appointment of a specific risk officer at a company level. Extractive companies had a significant correlation with risk management disclosure at a 10% level. None of the independent variables indicated a significant correlation with risk identification and mitigation disclosure. correlation between the independent variables was also tested. There was a significant correlation at a 10% level for risk management disclosure between VarIDExp and VarIDAge. These two variables also had a significant correlation at a 5% level for risk identification and mitigation. For this reason, it was decided not to use VarIDAge in the development of the regression models.
Regression models for risk and risk management disclosure 1In Table 6, the two models developed for risk management (Model 1) as well as risk identification and mitigation disclosure (Model 2) are summarised. Model 1 was significant at a 1% level, with an R 2 of 0.478 and an adjusted R 2 of 0.365.

Determinants of enhanced risk disclosure of JSE Top 40 Companies
The very small p-value (0.007) and the high f-statistic of 4.218 confirm the overall significance of the model. Model 2 for risk and mitigation was not significant and resulted in an R 2 of 0.229 and an adjusted R 2 of just 0.129. The low adjusted R 2 (especially as far as risk identification and mitigation is concerned) is an indication that other factors strongly influenced disclosure with regard to risk management, as well as risk identification and mitigation. *** Signifi cant at a 1% level/** signifi cant at a 5% level/* signifi cant at a 10% level / n/a -variable not included in model 1F orward stepwise regression involves testing the action of a variable by the use of specific comparison criteria. The variable will only be added if it improves the model. By conducting this process, two of the independent variables, #IndD and RC, were excluded from the models as their addition did not improve the models. With reference to risk identifi cation and mitigation, the number of risk committee meetings and the profi tability level indicated a possible signifi cant correlation with enhanced risk disclosure in the development of the stepwise regression model (Table 6). However, the fi nal model on risk identifi cation and mitigation (Model 2) did not signifi cantly explain the independent variable, and the Pearson correlation coeffi cient in Table 5 also did not indicate any signifi cant correlation between the number of risk committee meetings and profi tability variables, with the level of risk identifi cation and mitigation disclosure. The number of risk committee meetings and the profi tability level of the company could not therefore currently be accepted as variables that signifi cantly infl uence the level of risk identifi cation and mitigation disclosure. Further research, possibly with larger samples, would be required in this area.

Discussion of fi ndings
No statistically significant relationship between the dependent variables and the level of risk identification and mitigation, and risk management disclosure were found, except for the following: • The number of board risk committee meetings had a significant influence on the level of risk reporting for risk management disclosure. • The appointment of a designated risk officer had a significant influence on the level of risk management disclosure.
1This study found no significant difference in the level of risk disclosure by companies with a separate board risk committee and those with only an audit committee also responsible for risk management. Because this study focused on JSE Securities Exchange Top 40 companies, it is possible that the audit committees of these 'larger' companies currently do have the resources available to also perform their risk identification and management responsibilities at a satisfactory level. The audit committees of smaller companies, that may only have access to limited resources, may find it more difficult to also perform risk identification and management duties. Indeed Brown et al. (2009) recommend that the risk and audit committee should be separated because of the widening of the scope and the increased importance of risk management, and changes in corporate governance.
In agreement with the findings of Dionne and Triki (2005) and Haat et al. (2008), this study did not find a significant relationship between the number of independent directors and risk disclosure. This is in contrast to the study by Abraham and Cox (2007), who reported a significant relationship between corporate risk reporting disclosure and the number of independent directors on the board.
As some companies within the sample indicated that executive directors attended all the risk committee meetings as invitees, the extent of the influence of the independent directors in the discussions of the committee could have been diluted. This dilution could be a factor contributing to the finding that the number of independent directors did not show a significant relationship with the level of risk disclosure. However, this suggestion is preliminary and warrants further investigation in future research.
There was no significant relationship between the variation in experience of directors and the level of risk management disclosure. This is in line with the findings of Rahman and Ali (2006) and Ismail and Rahman (2011). In addition, no significant relationship between variation in age of directors and risk disclosure was evident. This is in contrast with the findings of a study by McIntyre et al. (2007), who found that high levels of experience, as well as moderate levels of variation in age, were indeed correlated with firm performance. Risk management and related risk disclosure practices are still evolving in the wake of the recent financial crisis. Accordingly, it would seem that directors have not yet had enough time to gain distinctive skills and knowledge relating to risk identification and management and the disclosure thereof.
This study indicated that the number of meetings held by the board committee responsible for risk management had a significant influence on risk management disclosure (but not conclusively for risk identification and mitigation). Dey (2008) proposed that the number of meetings was indicative of how regularly the board attended to certain issues. It was found that it is necessary for the board committee responsible for risk and risk management to meet regularly. The optimal frequency of meetings would be an area for further research. Beasley, Clune and Hermanson (2005) found that the presence of a chief risk officer was positively related to the level of enterprise risk management in a company. This study indicated that the appointment of a chief risk officer had a significant effect on risk management disclosure. However, companies employing a chief risk officer should heed KPMG's (2001) argument that risk management should be a company-wide practice and not be deemed the sole responsibility of a designated officer or department.
In line with the findings of Mokhtar and Mellett (2013) and Hassan (2009), it was found that there is a non-significant relationship between firm size and risk disclosure. South Africa is indeed a developing economy in line with Egypt (Mokhtar & Mellet 2013) and the United Arab Emirates (Hassan 2009). However, Mokhtar and Mellet's (2013) explanation that this could be the influence of less mature reporting systems does not hold because South Africa has a mature corporate reporting system as a first global implementer of integrated reporting. The anomaly in the literature between studies in developed economies and studies in developing economies would be a possible area for further research.
Furthermore, in line with the findings of Mokolaleli-Mokoteli and Ojah (2010), no relationship was evident between the profitability of the company and its risk management disclosure. However, in contrast, Wallace, Naser and Mora (1994) and Owusu-Ansah (1998) reported a positive relationship between profitability and voluntary disclosure. Meek et al. (1995) suggested that profitable companies have incentives to distinguish themselves from less profitable companies to enhance their attractiveness as investments. The board may therefore wish to distinguish the company from others in terms of the level to which risks appear to be mitigated, by means of an increased level of risk identification and mitigation disclosure. This study found inconclusive evidence that a company's level of profitability may be Determinants of enhanced risk disclosure of JSE Top 40 Companies related to its level of risk identification and mitigation disclosure. Hence, owing to conflicting views in the literature on this topic, further research should be conducted.
The industry in which a company trades does not have a significant influence on risk reporting. Extract was entered as a variable in both models, indicating that the level of risk disclosure would depend on the industry. However, this variable was not found to be significant. Studies by Mokhtar and Mellett (2013), Beretta and Bozzolan (2004) and Amran et al. (2009) also reported no differences in risk and disclosure practice between different industries. However, the limited distinction in terms of type of industry in this study was a limitation and could be an indication that improved models could be developed, based on industry-specific data as some other studies found a significant relationship between risk disclosure and industry classification (Hassan 2009;Oliveira et al. 2011).

Conclusion, limitations and areas for future research
1F rom the literature on risk disclosure, it is clear that risk and risk management disclosure has gained increased attention on account of the deficiencies exposed in this regard by the recent financial crisis. However, limited guidance is available on how companies can seek to achieve better risk and risk management disclosure, based on factors distinguishing companies with a good level of disclosure from companies with a lower level of disclosure. This study investigated the effect that the composition of the board committee tasked with risk management, the frequency of its meetings, as well as certain other company characteristics, had on the disclosure of risk management, as well as on risk identification and mitigation disclosure during the first reporting period that integrated reporting became compulsory for JSE Securities Exchange-listed companies.
The results of a forward stepwise regression indicated that the number of meetings of the board committee responsible for risk during the year had a significant effect on risk management disclosure. Risk management disclosure was also significantly influenced by whether the company had a designated risk officer. As far as risk identification and risk mitigation was concerned, the number of risk committee meetings and the level of profitability of a company indicated the possibility of significant influence. However, the evidence in this study of the significance of these two variables was inconclusive and warrants further research. These findings represent a baseline against which future research on risk and risk management disclosure in integrated reports could be compared. It is anticipated that, as companies adjust to the evolution of risk and risk management disclosure and integrated reporting, distinguishing factors may develop that could not yet be identified in the current study.
Owing to this study's small sample size of 29 non-financial companies that form part of the Top 40 companies listed on the JSE Securities Exchange, generalisation of the results to other companies listed on the JSE Securities Exchange should be restricted.
In addition to performing longitudinal studies over time, a number of other areas for future research were listed in the discussion of the findings. These areas include investigating the optimal frequency of meetings of the board committees responsible for risk and risk management, investigating whether the number of independent directors on the board has a more significant influence on risk and risk management disclosure than the number of independent directors on the risk committee, and expanding the sample size in order to, inter alia, investigate the possible differences in risk and risk management disclosure between different industries in greater depth.