Corporate risk disclosure practice in Saudi Arabia: Secrecy versus transparency

Accounting systems and corporate disclosure practices are significantly affected by legal systems and cultural environment. The vast majority of risk reporting research concentrates mainly on Western Europe and other developed countries. However, there is a clear dearth of corporate risk disclosure (CRD) studies in developing countries in general, and in the Arab region in particular. The purpose of this study is to comprehensively explore the level and content of CRD practices in a developing country with a different legal system and cultural values, namely the Kingdom of Saudi Arabia. To the best of our knowledge, no such study has been performed in Saudi Arabia. Content analysis is conducted to analyze and measure CRD in the annual reports of Saudi non-financial listed companies over the period 2008-2011. The findings highlight the role of the legal system and cultural values on CRD practices and confirm the potential conflict between secrecy as a key feature of Saudi accounting system versus transparency as a key pillar of the Islamic Accountability Framework. Consistent with transparency, as an Islamic Sharia requirement, Saudi Arabia provides a moderate level of CRD among developed and developing countries. However, the content of this level is found to be of low quality as non-financial, qualitative, past, present, or non-time-specific and neutral risk disclosures far outweigh the financial, quantitative, future, and bad risk disclosures, which could reflect the inherent secrecy and the unwillingness of Saudi companies to provide high-quality risk disclosure. The findings also reveal a steady increase in the level of CRD over the period of study with a significant variation of disclosure level among industry sectors. Overall, the results suggest that Saudi regulatory bodies and companies pay more attention to the format rather than the content of CRD. The results have implication for national and international standard-setters, policy makers, investors, and researchers to understand and improve CRD practices and its determinants in Saudi Arabia.


Introduction
*Despite risk reporting attracting a great deal of interest following the major accounting scandals and corporate collapses of the early 2000's and the global financial crisis of 2008-2009 (Cole andJones, practices in emerging markets, in general, and Arab countries, in particular, and so far, no study explores CRD practices in Saudi Arabia. Hence, this study attempts to fill the gap in risk literature, especially in developing countries, by investigating the extent and nature of CRD in Saudi non-financial listed companies. This study is motivated, firstly, by, the call made by Dobler et al. (2011) for more research on CRD practices in developing countries. Unlike developed economies, emerging markets are less efficient and suffer from a lack of compliance, regulations, enforcement, and transparency with greater behavioural variations (Al-Maghzom et al., 2016a;Richardson and Welker, 2001). Thus, more research on risk reporting practices would contribute to the disclosure literature (Al-Maghzom et al., 2016b). Secondly, and more specifically, this study is encouraged by the suggestion made by Habbash et al. (2016) and Al-Maghzom et al. (2016a, 2016b for more investigation on risk reporting practices in Saudi listed companies since Saudi Arabia suffers from lack of transparency and low level of awareness of CRD because of corporate governance and CRD practices are still relatively new topics (Alamri, 2014). Thirdly, the unique context of Saudi Arabia in terms of its legal system and cultural dimensions, which are expected to have different and mixed effects on CRD, is another motivation to explore the reality of risk disclosure practices in Saudi Arabia. Fourthly, on April 25, 2016, Saudi Arabia announced the Saudi Vision 2030. It is an ambitious economic plan intended to confirm the kingdom's status as the heart of the Arab and Islamic worlds, the investment power house, and the hub connecting three continents. The vision adopts an open economic philosophy based on the market economy and liberalization of trade. Embracing best practices of transparency and accountability are among the main pillars of vision 2030 to protect investors, minimise agency problems, and attract domestic and foreign funds. Thus any research on corporate disclosure, in general, and CRD, in particular, would be considered as a response to enhance the Saudi vision, since risk disclosure increases transparency, enhance investors' confidence, and obtains external funds at a lower cost of capital. Fifthly, Saudi Arabia is the largest economy in the Middle-East and a major G-20 economy and largest oil producer in the world, as well as playing host to some of the world's largest multinationals (Al-Bassam et al., 2015). Moreover, the Saudi Stock Exchange crash at the beginning of 2006 created a serious question about the effectiveness of corporate disclosure including riskrelated information as a presumed monitoring device to protect investors. Finally, Saudi Accounting Standards clearly reflect the great interest of Saudi accounting authorities to raise and enhance the level and quality of disclosure in the companies' annual reports, including CRD. However, there is no specific standard, so far, to regulate risk management and risk reporting. Hence, it is not exactly clear what kind of risk information and to what extend Saudi companies have to disclose. These factors make the investigation of CRD practices an interesting issue in Saudi Arabia.
This study differs from prior research in several ways. First, unlike western business environment, this study is conducted in a developing and Islamic country that have a unique setting with a favourable environment of conflict between secrecy as a key feature of Saudi accounting system (Gray, 1988) versus transparency as a key pillar of the Islamic Accountability Framework. Thus, this study would add to literature by demonstrating to what extent Gray (1988) model of accounting values is applicable against a strong Islamic Accountability Framework on Saudi Arabia, as well as the possibility of generalization on Arab and Islamic countries. Second, instead of exploring all classes of corporate disclosure, this study specifically focuses on an important type of disclosure, namely, CRD that received a limited attention by researchers, notably, in developing countries. Third, while most previous studies have focused narrowly on one aspect of CRD, such as financial risk disclosure or non-financial risk disclosure (Padia, 2012), this study investigates both financial and non-financial risk disclosure to provide a comprehensive view of CRD. Fourth, this study differs from previous risk disclosure studies in Arab countries such as in Kuwait (Al-Shammari, 2014), Bahrain (Mousa and Elamir, 2013), United Arab Emirates (Hassan, 2009), Egypt (Mokhtar and Mellett, 2013), and Gulf Cooperation Council countries GCC (Abdallah et al., 2015) by being the first study to investigate CRD based on a longitudinal analysis over 4 years to have further insight and informative outcomes. Fifth, this study is distinct from prior research in Saudi Arabia such as Al-Maghzom et al. (2016b) who focused on Saudi listed banks, and  and  who empirically examined the influence of Saudi firm-specific characteristics and board characteristics on CRD. Furthermore, our study differs from the study by Alzead and Hussainey (2017) in several aspects. While Alzead and Hussainey (2017) focused on the level of CRD, the current study extends to investigate the nature of risk information disclosed by Saudi non-financial companies. Moreover, Alzead and Hussainey (2017) employed an unweighted dichotomous disclosure index approach to measure the level of CRD. However, this study uses the number of sentences to measure the extent and nature of CRD. In addition, the study by Alzead and Hussainey (2017) merely explores the level of CRD practice, while this study attempts to highlight the role of Saudi culture and legal system on the level of CRD.
The current study contributes to risk literature as follows. Firstly, this is the first study that explores comprehensively CRD practices in Saudi Arabia and it therefore fill the gap in risk literature, especially in developing countries, by providing a clear and detailed picture of the extent and nature of CRD in Saudi listed companies. Second, exploring the extent and nature of CRD would extend our understanding on risk reporting practices in a country with conflicting factors towards disclosure, namely, secrecy as a key feature of Saudi accounting system (Gray, 1988) versus transparency as a key pillar of the Islamic Accountability Framework. Third, the results of this study are applicable to other GCC and Arab countries which have similar social, economic, and institutional characteristics. The results may also contribute to the accounting literature on emerging markets (EM). This may assist the national and international standard-setters and policy makers to improve corporate governance practices and risk reporting. Last, this study is deemed to add to the extremely limited literature on CRD in Arab countries, in general, and Saudi Arabia, in particular.
This paper is organized as follows. The next section explains the legal and cultural dimensions and CRD in Saudi Arabia. The third section briefly reviews the relevant literature related to CRD practice. The fourth section describes the research methodology. The fifth section presents and discusses the results of the study. The final section concludes the study and highlights the limitations and future research.

Legal system, cultural values and CRD in Saudi Arabia (Secrecy vs transparency)
Accounting systems and practices are significantly affected by the existing legal system in the country (Salter and Doupnik, 1992;Jaggi and Low, 2000). In Saudi Arabia, Islam is the official religion and the Holy Qur'an and Sunnah are the main sources of the legal system, which regulate the behaviour of individuals, and govern all aspects of economic and social life (Alkhtani, 2010). Thus, the accounting system in Saudi Arabia is significantly affected by Islamic Sharia law, which is central to Islam. Based on Islamic Sharia, Islam formulates a comprehensive ethic to govern and regulate how business should be run, how accounting should be undertaken, and how banking and finance are to be organized (Lewis, 2001). Regarding accounting disclosure and transparency, since the accountability to God and the society for all activities is paramount to a Muslim's faith and the collectivist responsibility override that of individualism, full disclosure of accounting information to society as a whole is a matter of duty (Lewis, 2001).
According to White (2004), the individual's commitment to the community is deeply rooted and inherent in the Islamic faith, which emphasizes the obligations of the individual to society and not the rights of the individual. Thus, the entire community and the influencing environment require accounting information that focuses on social accountability rather than the more narrow focus on personal accountability found in Western accounting systems. Therefore, under the Islamic legal system, the concept of full disclosure in the Saudi context is interpreted broadly to mean the disclosure of any information that should be made available to all stakeholders (Baydoun and Willett, 2000).
Cultural dimensions, on the other hand, are one of the most influential factors on the formation of accounting standards and accounting profession practices (Gray, 1988;Hamid et al., 1993). The study by Hofstede (1980) is the best-known one so far on Arabian culture represented by Egypt, Iraq, Kuwait, Lebanon, Libya, Saudi Arabia, and United Arab Emirates. Hofstede (1980) identified four main cultural dimensions that strongly affect the known behaviour in work situations in organizations and institutions. These dimensions are Individualism versus collectivism, high versus low-power distance, strong versus weak uncertainty avoidance, and masculinity versus femininity. According to the cultural dimensions of Hofstede (1980), Saudi Arabia is ranked as a society with strong collectivism, highpower distance, high uncertainty avoidance, and fairly high masculinity.
Based on a review of the accounting literature and practice, Gray (1988) argued that accounting systems are affected by four basic accounting values, namely, Professionalism versus Statutory Control, Uniformity versus Flexibility, Conservatism versus Optimism, and Secrecy versus Transparency. These accounting values are, in turn, affected by the national culture across countries. Therefore, Gray (1988) extended the work of Hofstede (1980) by linking the four cultural dimensions proposed by Hofstede (1980) to the four basic accounting values to study and explain the impact of these values on accounting systems in different countries. The most recent study by Chen et al. (2016) provides prove that firms with secrecy cultures are more likely to have lower corporate transparency and higher auditing risk. Their results indicate positive association between secrecy culture and auditors' propensity to issue modified opinions in highsecrecy culture to attenuate culture-driven potential auditing risk. In the case of Saudi Arabia, Gray (1988) model categorizes Saudi Arabia's accounting system as a system with statuary control, uniformity, moderate conservatism, and high secrecy. This implies that Saudi companies prefer secrecy, and thus, engage in low corporate disclosure quality, notably, those related to risk information.
Nevertheless, Gray (1988) rating for the Saudi accounting system may be rejected or needs to be revised at least in part for two main reasons. First, full disclosure is one of the main pillars of the Islamic accountability framework and an appropriate way for companies to undertake their responsibility to the Umma (society including all stakeholders) (Alkhtani, 2010). According to Baydoun and Willett (2000) and Lewis (2001), there are two essential principles of Islamic accounting, which are the precept of social accountability and the concept of full disclosure. Many verses of several Suras in the Holy Qur'an mention full disclosure (e.g., S2:71, S4: 58,135, S11:84, 85) by referring to "relevance". Based on the Islamic perspective, relevant information means that financial reporting should disclose true, fair and accurate information (Lewis, 2001;Maali et al., 2006). Therefore, full and reliable disclosure and transparency are Islamic Sharia requirements, and accounting preparers can only discharge their responsibilities by providing more appropriate accounting information to users (Alkhtani, 2010).
Second, the Saudi government represented by the Saudi Accounting Association (SAA), Saudi Organization for Certified Public Accountants (SOCPA), and Capital Market Authority (CMA) are exerting considerable efforts to raise and enhance the level of disclosure in the companies' annual reports, including risk-related information. For instance, The General Presentation and Disclosure Standard is the main source to govern the preparation of financial statements and the information contained, including risk-related information. This standard requires companies to prepare an integrated set of menus including the balance sheet, income statement, statement of cash flows, and statement of changes in equity. Regarding risk disclosure, the standard specifies how to handle the changes in accounting policies, and the potential gains and losses. In addition, it determines the disclosure requirements on the nature of the company's activities, accounting policies, changes in accounting estimates, financial commitments, collateral, and the subsequent events for the preparation of financial statements. Other standards issued by the SOCPA, such as foreign currency, investment in securities, segmental reports, and accounting for the decline in the value of noncurrent assets standards, contain essential provisions to regulate risk reporting in Saudi listed companies.
On the other hand, the Saudi Corporate Governance Regulations (SCGRs) issued by the CMA emphasize the board of directors responsibility towards managing and reporting risk-related information. The SCGRs require the board of directors ensuring the integrity of the procedures related to the preparation of the financial reports, ensuring the implementation of appropriate control procedures for risk management by predicting the risks that the company may face and disclosing them with transparency, and reviewing annually the effectiveness of the internal control systems.
Investigating such environment of conflict between secrecy and transparency would be of great benefit to understand the reality of corporate disclosure practices, including risk-related information, and its determinants in Saudi Arabia.

Literature review
One of the most difficult issues when conducting risk disclosure studies is the definition of risk because different definitions of risk may lead to different content and different types of risk that should be disclosed (Linsley, 2011). Different perspectives regarding the risk concept and risk disclosure definition have been documented in previous risk literature. While there is no consistent and standard definition of CRD, the majority of the previous literature focused on two definitions of risk (Hassan, 2011), which are the pre-modern risk definition (one sided-risk definition) that only reflects the negative dimension effect of risk on the company outcomes, and the modern risk definition (two sided-risk definition) that reflects both the negative as well as the positive dimensions. The premodern risk definition, for example, is consistent with the definition of risk by SEC Financial Reporting Release No.48, which requires listed companies to disclose both qualitative and quantitative information about market risks including potential losses from negative changes in interest rates, foreign exchange rates, and commodity and equity prices (SEC, 1997).
Although there are still authors in the modern era who use the pre-modern definition of risk, current analyses of risk are dominated by the modern definition, which is consistent with Lupton (1999) perspective for a comprehensive understanding of risks surrounding the company including both potential for gain and exposure to loss. For example, Solomon et al. (2000) defined risk as "the uncertainty associated with both a potential gain and loss". Beretta and Bozzolan (2004) defined risk disclosure as "the communication of information concerning firm's strategies, operations, and other external factors that have the potential to affect expected results". Furthermore,  introduced a board two-sided definition of risk reporting as those disclosures that: "… inform the reader of any opportunity or prospect, or of any hazard, danger, harm, threat or exposure, that has already impacted upon the company or may impact upon the company in the future or of the management of any such opportunity, prospect, hazard, harm, threat or exposure". This definition is widely adopted by previous studies of CRD (Vandemaele et al., 2009;Dobler et al., 2011;Mokhtar and Mellett, 2013;Probohudono et al., 2013;Zhang et al., 2013). The current study also adopts this definition to analyze and measure CRD in Saudi listed companies.
Risk-related information is a unique and important type of corporate disclosure. Beside the information on opportunities and good news, CRD contains negative information that may affect the company value, which is rarely provided by other types of disclosure. It has been argued that the corporate disclosures of risks and the way in which these risks are identified, managed, analyzed and evaluated would reduce agency conflicts by mitigating information asymmetry between managers and stakeholders, and between majority and minority shareholders (Lev, 1988;Beretta and Bozzolan, 2004;Cabedo and Tirado, 2004;Oliveira et al., 2013;Abdallah et al., 2015;Elshandidy and Neri, 2015). Thus, CRD increase stakeholders' confidence in the company and its management, which in turn, reduce the cost of capital and, consequently, maximize the company value and shareholders' wealth (Botosan, 1997;Solomon et al., 2000;Hassan, 2009;Abraham and Shrives, 2014;Al-Shammari, 2014;Campbell et al., 2014).
Recent years have shown a significant shift in the content and scope of corporate disclosures from just reporting the financial results towards informing the shareholders and other interested parties about a wide variety of topics including risk-related information. Despite the remarkable importance of CRD for users, evidence still refer, on the one hand, that CRD studies are still relatively limited (Dobler et al., 2011;Buckby et al., 2015;Elshandidy and Neri, 2015), and on the other, that these studies conclude that risk disclosure in the corporate annual reports remains inadequate to meet the increased needs of interested parties (Solomon et al., 2000;Beretta and Bozzolan, 2004;Abraham and Cox, 2007;Amran et al., 2008;Hassan, 2009;Oliveira et al., 2011;Mokhtar and Mellett, 2013;Mousa and Elamir, 2013;Probohudono et al., 2013). The content of CRD suffers from several weaknesses being:  Brief, generic, ambiguous, scattered;  Not sufficient, and not effective;  Lack comparability, transparency, readability, uniformity, and coherence.  Backward-looking, qualitative, financial (market), non-monetary, good, non-time and neutral risk disclosure often outweigh forward-looking, quantitative, non-financial, monetary, bad, specific time and oriented risk disclosure respectively; and,  Considerable variation in disclosure on risk sources and risk-management practices.
Exploring the extent and nature of risk-related information included in the Saudi companies' annual reports would enrich the understanding of CRD practices.
There are many reasons and incentives that govern the variation in the extent and nature of corporate disclosure. According to Hofstede (1980), cultural dimensions affect economic outcomes. The cultural environment in which the firm operates affects disclosure practices (Mueller et al., 1991;Haniffa and Cooke, 2002;Hope, 2003). Haniffa and Cooke (2002) argued that disclosure cannot be culture-free. Empirically, Haniffa and Cooke (2005) found a significant impact of culture on corporate disclosure. Furthermore, Hope (2003) found that culture provides an explanatory power for disclosure levels equivalent to that of legal variables, thus he suggests that culture should be retained as an important variable in accounting research. Culture influences people's values and behaviour, and consequently influences their decisions on various financial reporting practices including disclosure. In the financial statements, the aspects of culture like ethnic background or religion, acting through beliefs or preferences, can affect the economic outcomes of the risk disclosed (Guiso et al., 2006).

Sample and data collection
The sample of this study comprises of nonfinancial listed companies on the Saudi Stock Exchange (Tadawul) over the period from 2008 to 2011. The study examines the annual reports of 307 non-financial company-year observations over the 4year period. The sample was chosen based on the availability of the companies' annual reports and financial data over the 4-year period. Financial companies were excluded because of their specific disclosure requirements and financial characteristics. Data on CRD is collected from the companies' annual reports.
Applying of the content analysis requires classifying the content into appropriate categories and related items and identifies the appropriate unit of coding. Berelson (1952) stated that "content analysis stands or falls by its categories". Therefore, the feasibility of using the content analysis approach largely depends on the validity of the classification of the content into appropriate categories and items to accommodate units that make up this content. In this study, a risk classification model consisting of 7 categories and 60 risk-related items is developed solely for measuring the level and nature of risk disclosure by the selected sample. This model is built based on an extensive review of risk-related regulations (ICAEW, 2011;ICAS, 1999;IFAC, 1999;IRM, 2002), and previous studies on risk classification (Beretta and Bozzolan, 2004;Cabedo and Tirado, 2004;Lajili and Zeghal, 2005;Crouhy et al., 2006;Abraham and Cox, 2007;Deumes, 2008;Dobler et al., 2011;Ismail and Rahman, 2011;Papa, 2016;Mousa and Elamir, 2013;Probohudono et al., 2013;Abdallah et al., 2015), as well as taking into account the Saudi regulatory environment in which the sample companies operate, including laws, standards, and governance regulations. A pilot test on a random sample of companies' annual reports was conducted to ensure that these categories and related items are relevant to be retained in the model. Appendix A presents the risk-classification model adopted by this study in Table A.1.
Following the majority of CRD studies Mokhtar and Mellett, 2013;Ntim et al., 2013;Al-Shammari, 2014;Elshandidy and Neri, 2015), this study employs the number of sentences as a unit of analysis to measure the level of CRD and code it into the intended categories and items, as it is more reliable than other units of analysis, such as number of words, paragraphs, and pages (Hackston and Milne, 1996;Milne and Adler, 1999;Kravet and Muslu, 2013).  argued that the definition of 'risk' is a cornerstone of performing any risk-disclosure study, where the existence of a clear and precise definition of risk would help in aggregating the amount of risk information disclosed in the annual reports for the subsequent analyses. In order to identify and measure risk-related sentences, this study adopts the broad risk-disclosure definition of : "Sentences are to be coded as risk disclosures if the reader is informed of any opportunity or prospect or of any hazard, danger, harm, threat or exposure that has already impacted upon the company or may impact upon the company in the future or of the management of any such opportunity, prospect, hazard, harm, threat or exposure".
This definition is widely adopted by previous studies of CRD (Vandemaele et al., 2009;Dobler et al., 2011;Mokhtar and Mellett, 2013;Probohudono et al., 2013;Zhang et al., 2013;Al-Shammari, 2014). The determination of risk-related sentences also subjects to the decision rules (refer to Table B.1 in Appendix B) developed by , and then widely adopted in risk-disclosure studies.
With respect to the nature or content of CRD, the number of risk-related sentences are classified into four quality dimensions, namely, type of risk disclosure (financial versus non-financial), form of disclosure (quantitative versus qualitative), time frame of disclosure (future versus past, present, or non-time-specific), and type of news (bad versus good, and neutral) Rajab and Handley-Schachler, 2009;Mokhtar and Mellett, 2013;Ntim et al., 2013).

Measurement validity
According to Neuendorf (2002), validity is defined as "the extent to which a measuring procedure represents the intended, and only the intended, concept". Achieving measurement validity entails two procedures, namely, the design of a good coding scheme (Potter and Levine-Donnerstein, 1999), and reviewing the coding scheme by some experts in the field of study (Neuendorf, 2002;Bryman and Bell, 2015). In attempting to reach the measurement validity, this study started by establishing a good coding scheme including:  The design of a list of risk categories and related items that is expected to reflect all risk-related disclosures in the annual reports (refer to Appendix A). Moreover, a clear list of decision rules was established to guide the coder in analyzing the content into the intended categories and items (refer to Appendix B).
 The coding scheme has been discussed with two independent academics to take advantage of their experience in reviewing and developing the coding scheme and strengthening its validity.

Measurement reliability
In content analysis studies, reliability refers to the extent to which a designed coding scheme is transparent and clear so that the same results can be obtained either by repeating the same coding process over time by the same coder (intra-coder reliability) or through performing the same coding process by multiple coders (inter-coder reliability). In this respect, researchers distinguish between two aspects of reliability, which are reliability of the coding scheme and reliability of coded data (Mokhtar, 2010). The establishment of a wellspecified list of risk categories and related items, and well-defined decision rules are an appropriate method to ensure the reliability of the coding scheme. However, the reliability of the coded data can be achieved by using multiple coders to code the same content or employ a single coder with adequate training (Milne and Adler, 1999).
Prior to the final coding, the coder and the researcher have spent enough time in training of the coding process in order to become familiar with the coding scheme. After that, they independently coded an initial sample of 6 annual reports. Minor differences emerged, which were discussed and agreed upon. A second round of coding for the same sample of annual reports was then conducted to ensure consistency. Scott (1955) is appropriate to test for inter-coder agreement, which was calculated at 0.862. This is an acceptable level of coding reliability (Hackston and Milne, 1996).
The final coding process of the content of riskrelated information stated in the annual reports of the sample selected was conducted by a single coder (i.e., the first author) instead of using multiple coders (Mokhtar, 2010;Al-Akra and Ali, 2012;Ishak and Al-Ebel, 2013). This is because almost all the annual reports of the sample selected are written in Arabic language, which is the main language of the first author. Furthermore, despite the fact that the coding results of using a single coder could be more bias than those from employing multiple coders; using a single coder with adequate training and a wellestablished coding scheme to code the whole text would minimize the subjectivity and ensure the consistency of the coding process (Haniffa and Cooke, 2005;Laidroo, 2009). Milne and Adler (1999) argued that having well-specified categories, with well-specified decision rules would result in lower discrepancies and may negate the need for multiple coders. Table 1 presents the descriptive statistics for the level of CRD involved in this study. A number of interesting findings can be drawn from the descriptive statistics. First, the overall level of CRD varies largely among companies and ranges from a minimum of 22 sentences to a maximum of 282 sentences with a mean of 84.97 sentences per annual report and standard deviation of 44.451. This level of CRD is higher than those reported in some Arab countries, such as Egypt with 26 sentences for voluntary risk disclosure (Mokhtar and Mellett, 2013). It is even higher than the level of CRD in some other developing and developed countries, such as Malaysia with 20 sentences extracted from the nonfinancial section of the annual reports (Amran et al., 2008), and Italy with 64.58 sentences (Greco, 2012). However, this level is lower than those disclosed in the US with 308.20, Canada with 151.13, the UK with 156.85, and Germany with 196.85 sentences (Dobler et al., 2011), and it is consistent with those in Belgium with 88 sentences (Vandemaele et al., 2009), and Nigeria with 96.42 sentences (Adamu, 2013). This result is supported by the investigation of the level of CRD items reported by selected companies. Table 2 shows the descriptive statistics of the number and percentage of risk-related items disclosed by companies. The overall mean number of risk items disclosed per company-year is 26.23 items out of 60 items with a percentage of 43.72%. Although this level of compliance is relatively low, it is higher than that reported by listed companies in the United Arab Emirates with 19.61 risk items out of 45 items (Hassan, 2009). It is also far higher than the level of mandatory risk disclosure of Egyptian companies with 19.04% (Mokhtar and Mellett, 2013), and voluntary risk disclosure in Australia with 32.58%, Malaysia with 31.70%, Singapore with 30.11% and Indonesia is 21.64% (Probohudono et al., 2013). Therefore, it can be concluded that Saudi Arabia maintains a good position with a moderate level of CRD compared to other developed and developing countries.  These findings are not surprising, but, rather they are in line with the expectations of an Islamic country, such as Saudi Arabia, with a strong commitment to Islamic Sharia requirements, which is assumed to encourage the Saudi accounting system to provide a higher level of disclosure and more transparency as a key pillar of the Islamic accountability framework. However, this result contrasts with Gray (1988) model of accounting values, which assumes higher secrecy and lower risk disclosure by Saudi companies. Therefore, these results may indicate the superiority of the Islamic accountability framework on the secrecy and uncertainty avoidance proposed by Gray (1988) model.

Results and discussion
The above conclusion is further supported by previous evidence that rank Saudi Arabia as one of the Arab countries that is most compliant with the IAS with a level of 88% in 2002. Regarding corporate voluntary disclosure, Al-Janadi et al. (2013) indicated that Saudi Arabia maintains a good position, with a level of 31.73%, among developing and developed countries, such as Hong Kong with a level of 29% (Ho and Wong, 2001), Malaysia with a level of 31% (Ghazali and Weetman, 2006), Singapore with a level of 29% (Cheng and Courtenay, 2006), and the U.S. with a level of 47% (Francis et al., 2008).
Second, and in line with previous CRD studies ( Rajab and Handley-Schachler, 2009;Greco, 2012;Ntim et al., 2013) there has been a steady increase in the overall CRD and almost all subcategories over time. Table 3 provides more details of the volume, mean, percentage, and change over time of total CRD and each category and item. For instance, the average number of risk sentences disclosed per annual report is 75.4, 80.4, 85.2, and 95.8 for the years 2008, 2009, 2010, and 2011, respectively, with an improvement (change) of 27% over the four years. This improvement may reflect the positive role of the recent developments in corporate governance and disclosure regulations, notably, the SCGRs. For example, the results from Table 3 indicate that the improvement of the level of CRD in 2011 was the highest over the period of study, where the change rate of the level of CRD in 2011 rose significantly to 285% and 108% compared to the years 2009 and 2010, respectively. Such improvement could be partly attributed to the new mandatory regulation, which became effective from January 2011, and requires each Saudi-listed company to establish a nomination and compensation committee as an effective governance mechanism to enhance board effectiveness and transparency. Regarding risk categories, there are similar patterns of increase for each category except for the financial instruments category, which decreased by 6%, 20%, and 16% in 2009, 2010, and 2011, respectively as shown in Table 3. This decrease is mainly due to the lower average disclosure by new companies on cumulative change in fair value, which constitutes 99% of this category, as these new companies may not yet have a cumulative change in fair value. As expected, the results may reflect the growing awareness of CRD practices, and the impact of the recent regulatory developments and the new requirements represented by the Saudi accounting standards and corporate governance regulations, which led to increase the level of CRD.
This improvement is also attributed to the increasing number of companies disclosing each item and category, as shown in Table 4. This indicates that there is an upward trend in the average number and the volume of risk-related sentences disclosed by the sample over time, which support its growing importance.
Third, on a comparative basis, Table 3 shows a large variation in the volume and average of risk categories. For example, the highest category is the operational risk category with a number of 7,666 sentences and a mean of 24.97 sentences followed by the accounting policies category with 7,575 sentences and a mean of 24.67 sentences. These two categories significantly contribute to the increase in CRD as they constitute 58.4% (29.4% and 29%, respectively) of the total number of risk-related sentences. However, the lowest category is financial instruments with 967 sentences and a mean of 3.15 sentences, followed by derivatives hedging with 1054 sentences and a mean of 3.43. These two categories only contribute by 7.7% (3.7% and 4%, respectively) to total CRD. The other three categories of risk, namely, financial risk, general risk information, and segment information came in the middle with a number of 3,996; 2,695; and 2,132 sentences, respectively and a mean of 13.02, 8.78, and 6.94 sentences respectively, which constitute 15.3%, 10.3%, and 8.2%, respectively.
These results are generally acceptable and justified. For instance, the dominance of operational risk information is not surprising since this category contains a large number of risk items (20 items), with a broad definition of operational risk. Further, this finding is consistent with CRD studies (Rajab and Handley-Schachler, 2009;Mokhtar and Mellett, 2013;Mousa and Elamir, 2013;Ntim et al., 2013), which reflect the superiority of operational risk disclosure on other risk categories. Regarding the accounting polices category, it basically reflects companies' compliance to the Saudi accounting standards and regulatory requirements regarding risk and uncertainties. Thus, it makes sense that more companies tend to disclose more details on this category. This is also evidenced by the higher number of companies that chose to disclose on the items of this category with an average of 167 company-year and 54% of total companies as reported in Table 4, which makes it the highest category being disclosed by the selected sample.
The falling of the financial risk category in the third position with a modest contribution of 15.3% of total CRD confirms previous evidence (Beretta and Bozzolan, 2004;Abraham and Cox, 2007;Ntim et al., 2013) that CRD is essentially non-financial in nature. This initially indicates that the qualitative and nonfinancial risk-related information disclosed by Saudi companies far outweigh the quantitative and financial disclosure. However, this level of financial risk disclosure is in line with previous studies, such as  with 26.7%, Ntim et al. (2013) with 20.6%, and Mokhtar and Mellett (2013) with 4.55% of total CRD.
Further investigation on the number of sentences disclosed per item (see Table 3), and the number of companies disclosing each item (see Table 4) support the above findings. For example, Table 3 shows that the highest items disclosed are efficiency and performance, followed by product and service development, other assets impairment, and foreign currency translation with 2,138; 1912; 1,548; and 1,547 sentences, respectively, and a mean of 6.96, 6.23, 5.04, and 5.04 sentences, respectively, and a percentage of 8%, 7%, 6%, and 6% of total CRD, respectively. These items fall under the largest two categories, namely, operational risk and accounting policies, which clearly reflect the mandatory requirements of the Saudi regulatory bodies for listed companies to discuss their performance development trends, policies and material factors underlying the results and financial position. More evidence is shown in Table 4, which indicates that the above items have been disclosed by a large number of companies, which justifies their large size. The results also demonstrate that the most frequently disclosed items by companies are foreign currency translation, internal control, continuity and sustainability, which were disclosed by 99%, 97%, and 96% of the sample companies, respectively. This is further evidence concerning the higher commitment to regulatory requirement where listed companies are required to discuss their internal control systems and the ability of these companies to continue and survive.
On the other hand, environmental risk and social risk, including health and safety, are among the lowest items disclosed with less than 1% of total CRD for each (see Table 3). This result is contrary to the expectations of a high level of environmental and social risk disclosures for an oil and gas country, such as Saudi Arabia, with intensive petrochemical industries. This may be due to the absence of clear requirements of such disclosure and the lack of enforcement and oversight by regulatory bodies.
With regard to the financial risk category, Table 3 shows that the exposure to currency exchange rate risk comes top with 701 sentences and a mean of 2.28 sentences and a percentage of 3% of total CRD, followed by the liquidity risk, credit risk, interest rate risk, commodity price risk, and other price risk, respectively. For instance, telecommunication and information technology, media and publishing, and building and construction sectors are the highest sectors disclosing risk information with an average of 149.20, 95.00, and 92.85 sentences per annual report, respectively. sentences and a percentage of 3% of total CRD, followed by the liquidity risk, credit risk, interest rate risk, commodity price risk, and other price risk, respectively.
However, managing credit risk-related information comes first with 417 sentences and a mean of 1.36 sentences and a percentage of 1.6% of total CRD, followed by managing liquidity risk, interest rate risk, currency exchange rate risk, and commodity price risk. Further investigation (not reported in Table 4) reveals inconsistent results in respect of the number of companies disclosing both items under each type of financial risk. For example, while 241 (79%) companies disclose their exposure to currency exchange rate risk, only 138 (57%) companies disclose how this type of risk is managed. This is an interesting finding, which indicates that Saudi companies tend to provide a general statement describing the sources and factors of risk they face without referring to how they deal with these types of risk. Thus, such disclosures may not be of great help to the users of annual reports.
At the level of industry type, Table 5 shows a wide variation of disclosure level among industry sectors, which indicates that the nature of the company and the type of industry which it belongs to could affect its disclosure.
For instance, telecommunication and information technology, media and publishing, and building and construction sectors are the highest sectors disclosing risk information with an average of 149.20, 95.00, and 92.85 sentences per annual report, respectively. Whereas, hotel and tourism, cement, and transport are the lowest level of disclosure with a mean of 27.50, 49.16, and 76.81 sentences, respectively. An unexpected finding is the relatively low level of the petrochemical sector with 78.68 sentences, which may justify the overall low level of environmental risk disclosure.
Regarding the exploration of the nature of riskrelated information disclosed by Saudi companies, this study follows previous research (Beretta and Bozzolan, 2004;Cabedo and Tirado, 2004;Lajili and Zeghal, 2005;Rajab and Handley-Schachler, 2009;Adamu, 2013;Ntim et al., 2013;Mokhtar and Mellett, 2013) and classifies CRD sentences into four quality dimensions. These dimensions comprise type of risk disclosure (financial and non-financial), form of disclosure (quantitative and qualitative), time frame of disclosure (future and past, present, or non-timespecific), type of news (bad, good, and neutral). Table 6 shows the descriptive statistics of CRD characteristics. The main evidence from Table 6 is the dominance of non-financial, qualitative, past, present, or non-time-specific, and neutral risk disclosures. For instance, the results indicate that Saudi companies in the sample tend to disclose more non-financial (84.7%) compared to financial riskrelated information (15.3%). This finding is consistent with previous evidence Adamu, 2013;Ntim et al., 2013) that found that CRD is mostly non-financial. Further, Saudi companies tend to disclose more qualitative (74.5%) rather than quantitative (25.5%) risk information. This result is in line with those found by Rajab andHandley-Schachler (2009), Dobler et al. (2011), and Mokhtar and Mellett (2013), which implies that most risk disclosures are qualitative in nature. Moreover, most of CRD (88.5%) is either related to past, present, or non-time-specific, and little disclosure (11.5%) is related to future. This result is also consistent with prior evidence (Dobler et al., 2011;Mokhtar and Mellett, 2013). Finally, neutral information is the largest type of news (54.4%) disclosed by Saudi companies followed by good news (31.6%) and bad news (14%). This finding is also in line with those reported by , Rajab andHandley-Schachler (2009), andAdamu (2013). Overall, and regardless of the relatively high level of the quantity of CRD (in terms of the number of risk-related sentences) compared to other countries, the above findings reflect a low level of CRD quality according to the four quality dimensions. Nonfinancial, qualitative, past, present, or non-timespecific, and neutral risk disclosures far outweigh the financial, quantitative, future, and bad risk disclosures.  The low quality of CRD may reflect the relatively high level of the uncertainty avoidance proposed by Hofstede (1980) as a key cultural dimension of Saudi society, and the secrecy as a basic accounting value suggested by Gray (1988) that affects the Saudi accounting system and disclosure practices.
In contrast, this result may be inconsistent with the Islamic accountability framework that is assumed to encourage Saudi companies to disclose full and high-quality information. However, although the quality of CRD is low, it is considered somewhat higher (in terms of the number of sentences for each quality dimension) than those levels reported in some Arab countries, such as in Egypt (Mokhtar and Mellett, 2013) and Bahrain (Mousa and Elamir, 2013).
This result indicates that cultural values may vary among Arab countries leading to a different impact on accounting systems and disclosure practices. This conclusion seems to be inconsistent with the assumption of Gray (1988)

Summary and conclusion
This study aims to explore the extent and nature of CRD in the annual reports of Saudi non-financial listed companies. The descriptive analysis indicates that Saudi companies provide a moderate level of CRD among developing and developed countries. Nevertheless, the content of this level is found to be in low quality being as it is composed mostly of non-financial, qualitative, past, present, or non-timespecific, and neutral disclosures. Saudi companies tend to provide a general statement describing the sources and factors of risk they face without clearly referring to how they deal with these types of risk and the potential effects on the outcomes. These findings highlight the role of the legal system and cultural values on CRD practices and confirm the potential conflict between secrecy as a key feature of Saudi accounting system versus transparency as a key pillar of the Islamic Accountability Framework. Consistent with transparency, as an Islamic Sharia requirement, Saudi companies provide a relatively high level of risk disclosure compared to Arab and some other countries. However, the low quality of the content of this level of disclosure could reflect the inherent secrecy and the unwillingness of Saudi companies to provide high-quality risk disclosure. However, this explanation needs further investigation. The steadily improvement in the level of CRD over the study period reflects the growing awareness of CRD practices and the significant role of the recent developments in the regulatory requirements regarding risk and uncertainties.
The results of this study have several theoretical and practical implications. First, as it is the first study to explore risk reporting practices in Saudi Arabia, it contributes to the risk literature by providing initial understanding of the extent and nature of CRD practice and its determinants in a developing country with different social, economic, and institutional contexts. The significant role of different national regimes, such as legal systems, social and cultural values on accounting and corporate disclosure is evidenced by prior research. This study extends our understanding on riskreporting practices in a country with conflicting factors towards disclosure, namely, secrecy as a key feature of Saudi accounting system versus transparency as a key pillar of the Islamic Accountability Framework. Second, the results of this study make clear to policy-makers, accounting bodies, and risk-reporting practitioners whether the current state of CRD practices meet their expectations as a mean to mitigate agency conflicts and protect shareholders rights. It is argued that disclosing more quantitative information does not necessarily mean higher quality.
Overall, the descriptive results of the extent and nature of CRD suggest that Saudi regulatory bodies and companies pay more attention to the format rather than the content of CRD. In the absence of a special standard of risk-reporting practices, regulatory bodies are encouraged to provide companies with a sound framework for risk reporting, including a clear guidance for identifying, evaluating, managing, and disclosing the risk profile of the company.
However, the results of this study are not free from some limitations. First, this study focuses on the annual reports as a sole source of CRD. However, other alternative means, such as the interim reports and websites, may be subjected to future research. Second, applying the content analysis approach, including the classification and scoring process of CRD, involves inherent subjective judgments that cannot be eliminated. Third, as this study focuses on the quantity of CRD, future research may investigate the quality of CRD. Fourth, future research may expand the understanding of CRD practices in the Saudi context by examining other determinants of CRD, such as firm-specific characteristics, corporate governance mechanisms and ownership structure. Last, the unique setting of Saudi Arabia can be a motive for deep research on the impact of the legal system and social and cultural values on CRD to strengthen the results and deepen the understanding of the main drivers of CRD in Saudi Arabia.    1. To identify risk disclosures, a broad definition of risk is to be adopted as explained below. 2. Sentences are to be coded as risk disclosures if the reader is informed of any opportunity or prospect, or of any hazard, danger, harm, threat or exposure, that has already impacted upon the company or may impact upon the company in the future or of the management of any such opportunity, prospect, hazard, harm, threat or exposure. 3. The risk definition stated above shall be interpreted such that "good" or "bad" "risk" and uncertainties will be deemed to be contained within the definition. 4. Risk-related disclosures shall be classified according to risk disclosure categories and items in Appendix A. 5. If a sentence has more than one possible classification, the information will be classified into the category that is most emphasized within the sentences. 6. Tables (quantitative and qualitative) that provide risk information should be interpreted as one line equals one sentence and classified accordingly. 7. Any disclosure that is repeated shall be recorded as a risk disclosure sentence each time it is discussed. 8. If a disclosure is too vague in its reference to risk, then it shall not be recorded as risk disclosure.