The Quality of Mandatory Non-Financial (Risk) Disclosures: The Moderating Role of Audit Firm and Partner Characteristics

Risk disclosures are among the most important types of nonfinancial information valued by investors. Risk disclosures are mostly narrative and proprietary in nature; consequently, their accuracy and assurance is highly important to prevent disclosures from becoming boilerplate and losing their relevance. By exploiting the unique features of a setting where risk disclosure is mandatory and under a positive assurance requirement, we investigate whether the quality of audited risk disclosures is associated with the type of audit firm (Big-4 vs. non-Big-4), the characteristics of the audit firm, and the attributes of the audit partner. Our results show an association between risk disclosure quality and auditors, but not in the expected ways. After the enforcement of a regulation requiring a detailed description of risks in the Operating and Financial Review (OFR) and a positive assurance of external audit over these disclosures, we do not document any significant Big-4 effect. The quality of risk disclosures is associated with the attributes of the audit partner, namely, familiarity with different client risk disclosures, industry expertise, and gender, independently from affiliation with a Big-4 audit firm. Along these lines, we extend recent evidence on the audit partner effects in the assurance of nonfinancial narrative information.


Introduction
Stakeholders need information to reduce adverse selection and agency costs. The importance of nonfinancial information has significantly increased in recent years, and risk disclosures are one of the most important types of nonfinancial information valued by investors (Campbell et al., 2014;Hope et al., 2016;Kravet & Muslu, 2013). If we exclude financial risks, risk disclosures are mostly textual and proprietary in nature, and they lack auditors' positive assurance. 1 The assurance of nonfinancial information is topical (Gould, 2017;Robert & Ramanauskaité, 2017) to prevent them from becoming boilerplate. The lack of assurance might raise questions regarding the adequacy and relevance of the reported risks (Buckby et al., 2015) because textual risk disclosures are usually provided on a voluntary basis, which means that management incentives affect their content. Moreover, auditing of the textual disclosures is more difficult than auditing of financial statements, because even under mandatory disclosure regimes, auditors may lack a clear framework for the expected level of disclosures.
In this study, we investigate whether the quality of audited risk disclosures is associated with the type of audit firm (Big-4 vs. non-Big-4), the characteristics of the audit firm, and the attributes of the audit partner. We conduct our analysis in a unique quasi-natural experimental setting 2 that follows the adoption of an accounting standard, presenting a clear and detailed framework for the expected level of risk disclosures. Our results show an association between risk disclosure quality and auditors, but not in the ways one would have expected. After the enforcement of a regulation requiring a detailed description of risks in the Operating and Financial Review (OFR) and a positive assurance of external audit over these disclosures, we do not document any significant Big-4 effect. The quality of risk disclosures is associated with the attributes of the audit partner, namely, 1 Abdel-Khalik (1993, p. 33) presents the two types of assurance that external auditors can give. Positive assurance is an opinion on financial statements that provides the maximum level of assurance that the incumbent auditor is allowed to offer. It indicates that the required audit procedures have been performed and that the financial reports of the client firm are credible, albeit subject to an acceptable level of error. Negative assurance relates to the limited examination and analytical review procedures, which signal that the external auditor is unaware of any material modifications that should be made to the financial statements to ensure they are in line with the generally accepted accounting standards. 2 Our setting is closest to the one-group posttest-only design, where the new risk disclosure regulation provides an impetus for firms to start reporting on risk, and for auditors to start auditing the risk reports. We nevertheless acknowledge that we are unable to have a control group that would make it possible to examine the causality of the documented associations more reliably. familiarity with different client risk disclosures, industry expertise, and gender, independently from affiliation with a Big-4 audit firm.
Audit literature shows that the Big-4 effect prevails in the positive assurance of financial statements (Lennox & Pittman, 2010), but at the same time, that Big-4 quality differentiation is more driven by client characteristics (Lawrence et al., 2011). Evidence on the relationship between risk disclosures and assurance is scarce and limited to environments where negative assurance requirements prevail. In fact, the only way auditors recognize textual risk disclosures is as part of the overall evaluation about the true and fair view of financial reporting. This means that auditors provide negative assurance, and they have to recognize when they find that something is materially wrong or if disclosures are wholly incomplete. This easily leads to a cursory reading of textual disclosures by auditors, ensuring that the liability risk of the auditor and client is minimized by the disclosures not saying anything wrong and being incomplete. In this situation, auditors may apply the "tick the box" approach with regard to assuring these disclosures, and disclosures might become boilerplate and lose relevance. In the United States, Campbell et al. (2014) show that the effect depends on the risk disclosure topic and can be positive, negative, or nonsignificant. Elshandidy and Neri (2015) document that the intensity of mandatory risk disclosures is negatively related to Big-4 audit firms in Italy and in the UK.  and Dobler et al. (2011) analyze Germany, where risk disclosure is mandatory and under a positive assurance regime, and auditors have to validate that the OFR presents a fair view of the business and firm's risk outlook, but they do not look at either audit firm or audit partner characteristics. Under a negative assurance setting, Fukukawa and Kim (2017) investigate Japan firms, finding that the quality of risk disclosures is associated with audit partner characteristics, but Big-4 audit firms attenuate the audit partner effect.
Auditing of nonfinancial textual disclosures would be easier if the regulation provided insights about how clients should give these disclosures and if it required the positive assurance of these disclosures. The risk disclosure standard published in 2006 by the Finnish Accounting Practice Board has these characteristics. It is very detailed; it strengthens the requirements of the Finnish Accounting Act and provides an explicit framework for different risk areas, thereby offering clear indications on the expected risk disclosures and the level of details about specific risks. The examples in the standard also reduce uncertainties about whether a risk factor should or should not be disclosed. Finally, this standard provides a framework for auditors that should be used in the assurance of risk disclosures, and it allows us to examine risk disclosure quality against regulation, as suggested in Botosan (2004). Therefore, auditors are in a better position to assess the quality of client risk disclosures because the regulation is stricter and more detailed.
Our results show that the quality of mandatory risk disclosures, after the enforcement of a regulation that requires a detailed description of risks in the OFR and a positive assurance of external audit over these disclosures, is associated with the characteristics of the audit partner (namely, familiarity with different client risk disclosures, experience, and gender). We do not document any significant Big-4 audit firm effect. Our evidence shows that audit partners who assure more risk reviews are positively associated with the quality of risk disclosure which implies that the experience obtained from the assurance of different client risk reports increases the quality of client risk disclosures. We find that audit partner industry expertise is negatively associated with risk disclosure quality, which, contrary to our expectations, suggests that industry specialists are not reacting to incomplete client risk disclosures. The documented gender effect provides evidence that female audit partners may add value to the auditing of nonfinancial information, as Karjalainen et al. (2018) demonstrate in the context of financial information. Additional analyses also show that the foreign experience of the audit partner is further associated with risk disclosure quality.
Our results suggest that audit partners who have higher exposure to disclosures by different clients are more capable of managing the assurance of nonfinancial information that goes beyond the boundaries of traditional financial statements. Our results are different from those in Fukukawa and Kim (2017), who show that the quality of risk disclosures is associated with audit partner characteristics, but Big-4 audit firms attenuate the audit partner effect. Their results are obtained in a setting (Japan) where risk disclosure is mandatory, even if there is no indication of the risks that should be disclosed, and risk disclosures are not audited. Our results differ from the previous auditor gender effect papers (e.g., Karjalainen et al., 2018) because we focus on the assurance of mandatory nonfinancial information.
Collectively, our results show that audit partner characteristics are important in explaining disclosure behavior after the adoption of a regulation that requires a significantly different approach in providing disclosure. We also provide evidence that when the risk disclosures (or disclosure of nonfinancial information) are under a positive assurance regime, there is not a Big-4 effect associated with the quality of the disclosure.
Our results are robust in relation to several risk topics, to different characteristics of the auditor-client relationship, to the market risk effect, and to non-audited risk disclosures provided in other parts of the annual report (different from the OFR) on a voluntary basis.
We extend existing literature that recognizes the possible audit firm effect (Abraham & Shrives, 2014) but is almost silent on the auditor-related determinants of risk reporting and focuses only on the reporting differences between the Big-4 and non-Big-4 clients in countries where risk disclosure is mandatory, but not under a positive assurance regime (Campbell et al., 2014;Elshandidy & Neri, 2015). Our results provide further evidence on the relation between audit partner attributes and the variation in audited risk disclosures (cf. Karjalainen et al., 2018 in the context of financial information), and on the role of specialists in the audit team assuring the nonfinancial information (Ferguson & Pündrich, 2015). Our results are in line with the previous literature suggesting that audit partner characteristics (e.g., expertise) are associated with audit quality (Balsam et al., 2003;Carey & Simnett, 2006;Ferguson et al., 2003;Francis & Yu, 2009;Krishnan, 2003;Myers et al., 2003). We also extend previous evidence, since these audit partner effects have been studied in relation to the auditing of financial information (Gul et al., 2013;Knechel et al., 2013).
In addition, our evidence is valuable for standard setters because the European Union has recently enforced the disclosure of nonfinancial information, which should also be audited. Therefore, the assurance of nonfinancial information is at the top of the agenda of professional bodies since the enforcement of the European Directive 2014/95/EU, which amends Directive 2013/34/EU, on nonfinancial information: companies are required to include disclosure of nonfinancial and diversity information in their annual reports from 2017 onwards. Audit firms should check that the nonfinancial information has been provided, and express an opinion on whether the disclosures are prepared in line with the regulation. Moreover, recent developments around integrated reporting and critical auditing matters will challenge auditors to add characteristics of positive assurance to the auditing of narrative disclosures. We exploit the unique features of a setting in which the disclosure of nonfinancial information and the positive assurance on the disclosure from an audit firm became mandatory, and we provide evidence on the relationship between the quality of disclosure of nonfinancial information (risk disclosure) and both audit firm and audit partner characteristics.
The practical implication of the paper is that auditing can increase the quality of nonfinancial information.
Because certain audit firm and partner characteristics determine the quality of nonfinancial information, it can be deduced that the quality of nonfinancial information by the client is not fixed and can be changed by the auditor.
Understanding the mechanisms that affect the assurance of nonfinancial information helps audit firms, audit partners, and regulators to plan actions that add value to users of nonfinancial information.
The remainder of the paper is structured as follows. Section 2 presents the institutional setting, followed by the literature review and hypothesis development in Section 3. We report the research design in Section 4 and the empirical results in Section 5. Section 6 summarizes and concludes the paper.

Institutional Setting
Several countries have introduced risk disclosure regulations that demand risk disclosures both in the notes and in management reports (e.g., MD&A, Management Commentary, OFR, etc.), or in dedicated sections of the annual report. Since 2005, firms listed in the Helsinki stock exchange are required to disclose risk information in the OFR, and these disclosures have to be audited as required by the Finnish Auditing Act (936/1994). 3 At that time, there was little guidance on assuring these disclosures because the Finnish Accounting Act (1304/2004; FAA hereafter) set the broad content, but few details on risks that firms should provide in their OFR, even though they would follow IFRS. However, in January 2006, the Finnish audit oversight body highlighted auditors' role in auditing the OFRs and reinforced the view that was given by the law (quote translated): Following the good auditing practice, 4 the auditors have to continue the auditing of the Operating and Financial Reviews in addition to the financial statements. In the auditor's report, they also have to give their statement on whether the OFR is prepared in line with the Finnish Accounting Act and other rules and regulations. They also have to state whether the financial statement and the OFR give a true and fair view (as specified in the FAA) on the financial performance and position of the financial entity or the foundation.
Section 3:1.5 of the FAA forms the basis of the risk disclosure requirement, and it came into effect on December 30, 2004. The law was supported by a risk disclosure standard published by the Finnish Accounting Practice Board on November 12, 2006. 5 This standard was detailed and gave auditors a clear benchmark that would be used in the auditing of risk disclosures. The standard provides an explicit framework for the expected risk reporting and strongly focuses on the importance of disclosing a balanced description of the firm's major risks. It offers clear indications on the expected risk disclosures and the level of detail for specific risks. The standard comprehensively presents the risks that should be disclosed, identifying four risk areas (strategic, operations, financial, and damage risks), but it acknowledges that firms in different industries can utilize different models to recognize and manage risks. It also provides examples for each risk 6 and explicitly mentions 4 Based on the information that we received from the Finnish auditor oversight body, the "good auditing practice" is in use in Finland, Sweden, and Norway. The good auditing practice that the Finnish auditors follow derives from both the Finnish Auditing Act and the ISA Standards. The Finnish auditor oversight bodies, the Helsinki administrative court, and the Supreme Administrative Court of Finland have, in their supervision or decisions, interpreted that the International Standards on Auditing (ISA) obligate the auditors as part of the good auditing practice. ISA Standards are an important source for the interpretation of the good auditing practice. This logic has prevailed during the sample years of our study, but how auditors applied this principle during that time has possibly been less established then than nowadays. 5 Risk disclosure standard was part of the standard for the preparation of the Operating and Financial Review. Risk disclosures were the focus of Section 2.7, but risk-related guidance was also provided in other sections of the standard. Moreover, Appendix 5 was totally devoted to risk disclosure examples (approximately 3.5 pages). 6 Here some examples for: -Strategic risks: competition in the market and choices of geographical market areas where the firm operates, firm's position in the production chain, dependence on the limited number of customers and suppliers, changes in customers' preferences, technological development (e.g., the threat of competing technologies), cyclical selling prices and the prices of cyclical raw materials and energy, mergers and acquisitions, regulatory and political changes, dependence on energy suppliers that each firm can follow its own better way of disclosing risks, albeit following the framework is recommended. 7 Therefore, it provides a benchmark that external auditors can use in assuring the quality of narrative risk disclosure sections. In the Appendix, we provide some examples, taken from the standard regarding risk management policy and the coordination of risk management activities, that help in reducing doubts about whether or not the risk should be disclosed.
Finnish auditors have to follow the good auditing practice, and therefore, they also implicitly are required to take the ISA standards into account in their work. Because these standards do not set a similar risk disclosure framework as the Finnish risk disclosure standard does, we can say that in Finland, the local risk disclosure standard is the main benchmark that auditors can use to assure client risk disclosure. Auditors give their opinion on the OFRs once a year in the auditor's report. 8 Incomplete disclosures could potentially lead to a qualified opinion on risk disclosures, but in practice, these cases are uncommon.
The law and the standard together constitute the risk reporting framework that guides the risk disclosures of the Finnish listed companies. 9 According to the framework, listed firms should assess the significant risks and uncertainties that relate to their business and all other factors that may affect the development of business, its performance, and financial condition. In the discussion of actual results and developments for the future, firms should describe risks and opportunities in a balanced way ("balanced treatment") to make external users capable -Operations risks: dependence on the knowledge of personnel, uncommon fluctuations in demand, disturbance in a supply chain, price fluctuations of raw materials and other factors of production, reliability of information technology systems, implementation of the new enterprise resource planning system, changes in logistics, knowledge and competence of the personnel -Financial risks: interest rate, exchange rate, liquidity, credit -Damage risks: exposure to accidents and interruption in the operations, legal proceedings. 7 In addition, the standard mentions that firms following IFRS 7 can refer to those statements provided in the notes to the financial statements, in line with IFRS 7 (e.g., exposure to credit risk, liquidity risk, and market risk of the financial instruments). 8 For example, the auditors of Nokia Corporation mentions in the auditor's report for the fiscal year 2006 that they "have audited the accounting records, the report of the Board of Directors, the financial statements and the administration of Nokia Oyj for the period 1.1. -31.12.2006." In the 2005 auditor's report, the auditor of Nokia Corporation refrains from mentioning the review by the Board of Directors, which may signal that the detailed standard for the preparation of OFRs published after the 2005 annual report influenced the auditor's wording. A similar pattern was noticed with other firms as well. 9 The FAA stipulates that a firm has to release the OFR if it is publicly listed in the stock exchange that follows the regulations of the EEA (European Economic Area). In 2015, section 3:1 was slightly modified, but the requirement to give risk information in the OFR remains unchanged. of assessing the adequacy of plans in relation to risks and opportunities. Firms should comment on how the previously disclosed risks, expectations, assumptions, or predictions became reality. The relevance of the information should be evaluated against the nature of the event and its impact on the financial results and the risks. The new framework provides a clear identification of what risk disclosure quality is. It identifies the qualitative characteristics of the disclosure to be considered acceptable by regulators and market participants.

Literature Review and Hypothesis Development
Risk disclosure has attracted a high level of interest over the last twenty years. Although firms are expected to benefit from risk reporting, empirical evidence shows that there is significant cross-sectional variation in risk disclosures. This variation has been explained by several firm-level factors, such as size (e.g., Campbell et al., 2014;Dobler et al., 2011;Linsley & Shrives, 2006), profitability (Miihkinen, 2012;Prencipe, 2004), corporate governance (Martikainen et al., 2015), investment efficiency (Al-Hadi et al., 2017), and ownership (Al-Hadi et al., 2016). Abraham and Shrives (2014) discuss the need for the assurance of risk disclosures and pinpoint that auditors see risk factor reporting as an area where they could extend their scope of assurance. The association between regulation and risk disclosure is examined in Miihkinen (2012) and Elshandidy and Neri (2015).
Audit literature shows that the Big-4 effect prevails in the positive assurance of financial statements (Farber, 2005;Francis & Krishnan, 1999;Kim et al., 2003;Lennox & Pittman, 2010). These studies find strong evidence that Big-4 firms provide higher quality auditing because of the higher reputation and higher litigation risk of Big-4 firms, and the higher competency of Big-4 auditors (Defond & Zhang, 2014). Khurana and Raman (2004) demonstrate that the threat of litigation is a more important driver for audit quality than protection of the brand name. Lennox (1999) finds that larger audit firms are more prone to avoid excessive litigation risk, and therefore, they want to thoroughly scrutinize the reports of their clients. At the same time, audit literature provides evidence against the Big-4 effect. Lawrence et al. (2011) provide evidence that Big-4 quality differentiation is more driven by client characteristics than the Big-4 effect. These findings support the notion that audit quality and financial reporting quality are inextricably intertwined, and therefore audit quality is driven by client characteristics and the financial reporting system (Defond & Zhang, 2014). The Big-4 effect has been studied in relation to the institutional setting. Francis and Wang (2008) document that earnings quality is affected by the level of investor protection and by the firm's choice of a Big-4 firm. Big-4 auditors are therefore expected to have a bigger impact on audit quality in Anglo-Saxon countries, especially in the United States, than in Continental Europe, where the level of litigation risk is lower. 10 Finland is a country with low litigation risk (Niemi, 2002(Niemi, , 2005, and thereby, a priori, the risk related to the assurance of risk reports tends to be relatively low. Moreover, in Nordic countries, the Big-4 effect on assurance quality is expected to be low (Francis & Wang, 2008), which is indicative of audit firms' freedom to decide their own country-specific assurance policies regarding risk reviews.
Evidence on the relationship between risk disclosures and assurance is scarce and limited to environments where negative assurance requirements prevail. The nature of nonfinancial disclosures requires audit procedures that are different from financial statements. Meiers (2006) maintains that it requires a focus on cause-and-effect relationships and testing whether data support qualitative statements. Survey evidence in Kajüter et al. (2018) show that audit procedures for positive assurance of nonfinancial disclosures result from financial statements audits and conversations with management. Referring to the relationship between audit and risk disclosures, the evidence does not clearly support the association between Big-4 auditors and the level of risk disclosures. Fukukawa and Kim (2017) show that Big-4 audit firms attenuate the audit partner effect on risk reporting in the Japanese risk disclosure environment. Elshandidy and Neri (2015) document that the intensity of mandatory risk disclosures is negatively related to Big-4 audit firms in Italy and in the UK. In the United States, Campbell et al. (2014) show that the effect depends on the risk disclosure topic and can be positive, negative, or non-significant. Tan et al. (2017) find that Big-4 auditors and client risk disclosures are negatively correlated in China. One possible explanation is that mandatory risk disclosure and auditing are substitutes, and hence, the demand for auditing decreases as disclosures become coercive (Knechel & Willekens, 2006). Another explanation is that clients that hire a Big-4 auditor may obtain higher audit quality, which decreases their riskiness and lessens their need to disclose risks. According to Campbell et al. (2014), this explanation is less probable for the Big-4 firms when they face higher litigation risk.
It is a reasonable argument that the auditor should use the FAA together with the clarifying standard as a benchmark that sets the required level of risk reporting that client firms should meet. Miihkinen (2012) documents that the introduction of the FAA increased firms' risk disclosure quality in several dimensions, but it is silent on the auditor effect. In the Finnish setting, risk disclosures are under the positive assurance requirement of the auditor because OFRs are audited, and risk disclosures provided in the OFR were guided by this comprehensive risk disclosure standard. Under positive assurance, external auditors are expected to take a high responsibility for the quality of the client risk reports by increasing audit activity with regard to risk reports. The commitment to provide a positive assurance on risk reports should motivate and pressure auditors towards procedures which assure that this kind of textual disclosure becomes more relevant in clients' OFRs.
Therefore, Big-4 companies, which have a high reputation (and thereby more to lose), a lot of resources and competence, and high litigation risk, are expected to have a bigger influence on client risk reporting than non-Big-4 audit firms. Collectively, Big-4 companies are more organized and can follow a more professional approach in assuring client risk reviews. Therefore, we expect that how a listed firm reacts to the adoption of the risk disclosure standard is associated, beyond firm-level characteristics, with hiring a Big-4 or non-Big-4 audit firm. Our first hypothesis follows:

H1:
The quality of client-risk disclosure under the positive assurance requirement of the auditor is different between the clients of Big-4 and non-Big-4 audit firms.
Reputation can be associated with market share, and market share can be examined based on the level of overall assurance that the audit firm is responsible for doing at the market. Following the deep pocket hypothesis (Dye, 1993;Lennox, 1999), audit firms with higher market share in a specific industry have more to lose because of bad audit quality. Therefore, their strategy to reduce litigation risk is to increase effort (Simunic, 1980), which should also lead to higher quality risk disclosure audits. The industry differences in low-quality financial statement audits have been recognized in the literature (Maletta & Wright, 1996). Industry specialization improves audit quality (Balsam et al., 2003;Krishnan, 2003) and is positively valued by the audit market (Ferguson et al., 2003). Francis (2004) argues that deeper industry knowledge is a driving force for the differences in the audit activity of Big-4 firms and increases the quality of audit judgments.
In the risk disclosure context, audit firms might avoid the bad reputation caused by incomplete client disclosures, and hence, they may limit low-quality disclosures from their client firms compared to the peers of the clients. Consequently, audit quality goes beyond auditor brand name at the audit firm level. Knechel et al.
(2007) document that firms switching between Big-4 auditors earn significant positive (negative) abnormal returns when the successor audit firm is an industry specialist (is not a specialist). Our second hypothesis follows: H2a: The quality of client risk disclosure under the positive assurance requirement of the auditor varies among clients of different audit firms across the Big-4 auditor brand names.
H2b: The quality of client risk disclosure under the positive assurance requirement of the auditor is positively associated with the market share of the audit firm.
H2c: The quality of client risk disclosure under the positive assurance requirement of the auditor is positively associated with the industry specialization of the audit firm.
Risk disclosure is endogenous in nature. Beyond systematic risks, risks are also specific and vary across firms. Because it is not sufficient to have a general knowledge base on the auditing of risk disclosures at the audit firm level only, the personal abilities of the audit partners are more important. Audit partners' capabilities to understand the business models of the clients and their personal abilities to recognize risks are different. In this context, it is predicted that audit partner characteristics are significant drivers of the quality of client risk disclosures when two criteria are met: (1) risk disclosures are under the positive assurance requirement of the auditor, and (2) the risk disclosure framework is detailed and explicit, thereby making it possible for the audit partner to "audit against the standard." The traditional audit quality framework relies on the assumption that audit quality is determined at the audit firm level. Recent evidence, however, shows that audit partner characteristics are associated with audit quality (Gul et al., 2013;Knechel et al., 2013). The effect of audit partner characteristics might be important because the auditing of risk disclosure following the adoption of a new standard is a new task. Risk disclosures include a significant part of nonfinancial information, and hence, determining the required level of risk disclosures to fulfill what the standard asks clients to report is not clear-cut. If risk reports are not totally incomplete (i.e., nothing has been disclosed), the audit firm can keep its litigation risk regarding client risk disclosure low, although the client would report just the minimum level of risk disclosures. Extra effort to push clients to improve risk reporting does not decrease the audit risk when the client has already reached the threshold level of risk disclosures required by the regulation.
Because the positive assurance of risk disclosures differs from the traditional auditing of financial statements, we expect that the level of risk disclosures under positive assurance requirement is associated with audit partner characteristics, such as industry expertise, familiarity with client risk disclosures, and gender.
Several studies (Carey & Simnett, 2006;Ferguson et al., 2003;Francis & Yu, 2009;Krishnan, 2003;Myers et al., 2003) underline that expertise is one component of audit quality. Industry expertise is one form of competency and also occurs at the audit partner level. If the audit partner becomes an expert on a specific industry, (s)he will gain knowledge that helps in understanding the industry-specific risks and assuring the quality of risk disclosures in that specific industry. Lee et al. (2017) provide recent evidence that engagement partner industry expertise enhances the credibility of corporate disclosure transparency. Fukukawa and Kim (2017) document that the number of audit partner client engagements is positively related to the level of business risk information. Because of the intrinsic industry and firm-level specificity of risk disclosures, audit partners who have higher exposure to risk disclosures from different clients have a better view on the completeness of these reports, as they can compare client risk disclosures within and across industries against the risk disclosure framework. Hence, high exposure to risk disclosures from different clients and the subsequent familiarity with client risk reporting according to the disclosure framework is a partner-level attribute that is expected to influence the level of client risk disclosure. Audit partner familiarity with client risk disclosures is expected to influence the way the new risk disclosure standard is perceived. Audit partners who assure a higher number of client risk reports are expected to be more experienced in applying the risk disclosure framework in their assurance work. They have more perspective, which helps them to require a client to improve its risk disclosures if needed. In addition, they can guide a client to improve its risk reporting at the grassroots level. Audit partners who obtain a higher familiarity with risk disclosures from different clients get more experience in applying the risk disclosure framework in practice. Thereby, they are expected to be more capable to move from the comfort zone of auditing financial statements to the auditing of narrative risk disclosures and react to incomplete client risk disclosures when needed. Our third hypothesis follows: H3a: The quality of client risk disclosure under the positive assurance requirement of the auditor is positively associated with the industry expertise of the audit partner.
H3b: The quality of client risk disclosure under the positive assurance requirement of the auditor is positively associated with audit partner familiarity with risk disclosures from different clients.
Meyers-Levy and Sternthal (1991) and Darley and Smith (1995) argue that females' ability to process information and understand its nuances is better than that of males. Jianakoplos andBernasek (1998) andByrnes et al. (1999) maintain that females' tendency is to be more risk averse than men. Schubert (2006) discusses how women perceive smaller probabilities for gains and anticipate higher losses and risks and that, on average women are more risk averse than men. Because women seem to be disposed towards better communicative capabilities than men (Wajcman, 1988, in Schubert, 2006, women might be more aware of the importance of high-quality risk disclosures. Women have been also found to be better monitors than men. Female directors' negative influence on earnings management has been documented at the board (Srinidhi et al., 2011)  Considering that female audit partners have high information-processing capabilities, we expect that they understand what is high-quality textual information, and thereby are also more willing to push their clients to report risks transparently. Because the assurance of the completeness of risk disclosures can be done at different levels of rigor without significant increases in the litigation risk of the external auditor, we expect that the good monitoring and information-processing skills of female audit partners are associated with risk reporting. We hypothesize that: H3c: The quality of client risk disclosure under the positive assurance requirement of the auditor is positively associated with female audit partners.

Sample Selection
We analyze the OFR of nonfinancial firms listed on the Helsinki Stock Exchange (HSE) in the period 2005-2009, around the introduction of the new risk disclosure standard. We focus on the HSE because of the enforcement of the risk reporting regulation from 2005 onwards and of the positive assurance that the auditor should release on risk disclosures. We are aware that this period was characterized by changing economic conditions and market turbulence. During a financial crisis, on the one side, the disclosure of risks might be one of the first concerns in the disclosure activity and, on the other side, investors and stakeholders become more concerned and suspicious about what firms disclose. This means that the level of scrutiny of external auditors is expected to be at the highest level because of the market concerns about the quality and reliability of the disclosure. Consequently, audit firms should be more aware and, at the same time, more exposed to potential reputational losses due to low-quality disclosure and inadequate application of risk disclosure requirements by their clients. Due to this high level of scrutiny by the audit firms and by the market, corporate narratives are less likely to be unintentional and more likely to be the outcome of a strategic choice of firms weighing costs and benefits in deciding the content of the risk disclosure. This period of changing economic conditions and turbulence ensures enough variability in disclosure choices both over time, as corporate narratives tend to be sticky over time, and across firms, as it should be more likely to observe cross-sectional differences during an economic downturn rather than in an economic expansion.
Our initial sample is composed of 504 firm-year observations from 111 unique firms listed in the HSE.
We exclude the firms of the financial services industry (52 firm-year observations) and leave out those observations whose reporting might be influenced by initial listing, delisting, or restructuring activities during the sample period (32 firm-year observations). Firms that do not release annual reports between January and April of the following calendar year are excluded from our analyses (12 firm-year observations). We lose observations because of the missing data for some firm-level characteristics (11 firm-year observations) and then additional observations because of missing data at the audit firm and audit partner level (4 firm-year observations). The final sample includes 393 firm-year observations. The sample selection is described in Table   1.

Risk Disclosure
We analyze risk disclosures in annual reports from 2005-2008. Our analysis is based on the framework provided in the FAA and the accompanying risk disclosure standard. We complement the framework by using the risk disclosure literature. We start by identifying four risk topics (strategic, operations, financial, damage), which are mentioned in the classification of the risk disclosure standard. Because the standard explicitly refers to risk management policy and actions of the firm to face these risks, we add to the framework an additional topic defined as "risk management." To have more complete coverage of the risks that fall inside each area, we add risk disclosure subtopics under the main topics, following the guidance of the standard and considering the work by Linsley and Shrives (2006). Appendix A contains our risk disclosure framework.
Our framework classifies risk disclosures into the five main risk topics. The coder identifies risk sentences by using the main topics and subtopics as keywords for the search of risk information in the Operating and Financial Review. Then, the coder counts the total words relating to each main topic as an aggregate number of words across the specific topic. 11 For example, if the coder finds a sentence providing information on "Dependence on the know-how of the personnel," this sentence is classified into the topic "Operations Risk," and the number of words in this sentence contributes to the total number of words of risk information provided on that specific topic. At the end of the process, the risk disclosures are measured by counting the total number of risk disclosure words for each of the five main risk topics. Each coder had to carefully consider the content of risk disclosures because the keywords did not necessarily exist in the examined sentences as such, although a firm was reporting information which related to the specific subtopic. For example, a firm might disclose information on different market areas without quoting the keyword "market areas" in its disclosures.
An issue in manual content analysis is the subjectivity of coding and the reliability of the results. To avoid intra-and inter-coder differences and to obtain reliable coding, we adopted the following procedure. One author analyzed a pilot sample of annual reports to define set coding rules, and then manually coded the 2005 and 2006 annual report risk disclosures by following these coding rules. Next, a research assistant was trained to manually code the annual reports based on the predetermined coding rules, and the research assistant manually coded the 2007 and 2008 annual report.
We use Krippendorff's alpha and the coefficient of agreement to check the reliability of manual coding.
The reliability of coding was tested ex-post with two checks. First, one author and the research assistant manually cross-coded two random subsamples of three selected annual reports containing the most relevant risk disclosures. In this first reliability check, Krippendorff's alpha (coefficient of agreement) was 0.907 (0.930) for the first subsample (201 coding choices 12 ) and 0.827 (0.870) for the second subsample (261 coding choices). The second reliability check was conducted by one author cross-coding 20 randomly selected OFRs that were previously coded by the research assistant. The first group of ten OFRs presented 324 coding choices, and Krippendorff's alpha (coefficient of agreement) was 0.752 (0.806). The second group of ten OFRs presented 423 coding choices, and Krippendorff's alpha (coefficient of agreement) was 0.771 (0.820). Collectively, the Krippendorff's alpha (coefficient of agreement) for all cross-coded reports in the ex-post reliability tests is 0.805 (0.845), which provides evidence that the cross-coding reliability is adequate (Milne & Adler, 1999). 13 Disclosure literature presents a longstanding debate on disclosure quality, meaning that more disclosure does not necessarily imply that the disclosure is of higher quality. Grounding on the work of Beattie et al. (2004) that presents a multidimensional approach to link disclosure quality and disclosure quantity, Beretta and Bozzolan (2004) propose a set of indices for capturing different dimensions of risk disclosure quality.
Discussing their measures of disclosure quality, Botosan (2004) argues that risk disclosure quality should not be based on a subjective evaluation of the characteristics of the disclosure, as in Beretta and Bozzolan (2004), but that consistent measures of risk disclosure quality should be based on accounting principles or regulation.
We base our definition of disclosure quality on Botosan's argument, as we rely on what is explicitly stated in the FAA and in the risk disclosure standard. We first measure the extent of risk disclosure by using the natural logarithm of the total number of words that contain risk disclosure in the OFR (quantity). As the risk disclosure standard suggests that a balanced description of a firm's major risks helps stakeholders to understand the risk profile of the firm (section 2.7. of the risk disclosure standard, p. 17), risk disclosures should cover the different risk factors and uncertainties that a firm is facing. We capture the balanced view of a firm's risk profile by considering the inverse of the Herfindahl index score, scaled by the maximum number of the main risk topics (=5) in the risk disclosure framework (balance). 14 We also define the coverage index (coverage) to examine 12 By coding choice, we refer to the number of choices that the coder has to make to place a risk disclosure under a correct risk topic (strategic, operations, financial, damage, risk management, and other risk information). 13 More detailed information on coding is available from the authors upon request. 14 For example, if the company provides 500 words of risk information and it is evenly distributed across the five main topics (i.e., 100 words for each topic), the firm gets a cumulative Herfindahl index score 0.2 (inverse ratio = 5). If the firm whether the risk disclosure covers different topics. The coverage index is the ratio between the number of disclosed risk topics and the maximum number of the main risk topics (=5) in the risk disclosure framework.
This approach is similar to Miihkinen (2013), modified a bit by using a more detailed analysis of balance and coverage. Following this approach, we are able to use risk disclosure quality dimensions that are well aligned with the disclosure standard as suggested in Beretta and Bozzolan (2004).
The index of risk disclosure quality (d_factor) for each firm-year is a result of a factor analysis of the three risk disclosure measures (quantity, balance, and coverage). Because in each year, the first factor explains most of the variance of the three risk disclosure measures, we use the loadings of the first factor in the computation of the factor scores for each year. coverage vary between 0.335-0.340. What empirically emerges from the factor analysis is that the overall disclosure quality measure is close to the simple average of the three risk disclosure measures (quantity, coverage, and balance). We then pool the factor scores across the four sample years to get the final measure for d_factor in the cross-sectional sample. A presentation of risk disclosure measures used for the analyses and for the computation of d_factor is provided in Appendix C.

Variable Definitions and Regression Model
Prior research suggests that differences in audit quality can be driven by the characteristics of the client (Lawrence et al., 2011), of the audit firm (Defond & Zhang, 2014), and of the audit partner (Francis, 2004; Gul discloses all risk information on one topic only, the cumulative Herfindahl index score is 1.0 (inverse ratio = 1). Scaling the measure by five (i.e., the number of main risk topics) gives a measure of the balance of risk information. Hence, if we assume that the firm gives some risk information, the maximum and minimum values for balance are 1.0 and 0.2, respectively. For non-disclosers, the value is 0. et al., 2013;Knechel et al., 2013). We control for client characteristics (mainly related to risk disclosure decisions), and we regress (base model) the risk disclosure measures on audit firm. Then, we augmented the base model to capture audit firm characteristics and audit partner characteristics. The regression equation used in the main tests is as follows: where RD is the empirical measure for the risk disclosure of company i in year t.
We collected audit firm names and the names of the audit partners from annual reports and auditors' reports. 15 We define a Big-4 dummy that is equal to 1 if the audit firm is a Big-4 firm and 0 otherwise (big-4), and a dummy variable for each Big-4 firm (AF1, AF2, AF3, AF4). We control for the effect of joint audits (dual_audit), because Zerni et al. (2012) demonstrate that joint audits are also positively related to audit quality in our setting (a Nordic country). This variable is equal to 1 if two audit partners sign the auditor's report, and 0 otherwise. Regarding audit firm characteristics, we measure the audit firm's market share both at the overall (AF_market_share) and at the industry level (AF_ind_spec). Following Knechel et al. (2007), we compute an audit firm's yearly market share by using the sales of the client firms as an empirical measure for the audit fees, as audit fee information is not available for the whole period under examination. Regarding audit partner characteristics, we base the industry expertise of the audit partner on her/his yearly market share at the industry level (p_ind_spec). We take into consideration the familiarity of the audit partner with client risk disclosures by using the yearly percentage of auditors' reports signed by the audit partner (p_audits) as an unweighted measure (Knechel et al., 2007, p. 22) of the partner's market share. 16 If the client firm is under a joint audit, we compute 15 Sometimes, it was difficult to identify the audit firm by reading the auditor's report because Finnish company law states that financial statements should be audited by a person or an audit firm. If a person is hired, the auditor's report does not always reveal the audit firm for which the engagement partner is working. In these cases, we could find some information on the related audit firm names by checking against other clients' information. 16 In all market share measures, the denominator is based on the aggregate value (i.e., aggregate yearly sales, aggregate industry year sales, the aggregate yearly number of clients) of the target sample.
p_ind_spec and p_audits for both audit partners separately, then we average these measures to get an aggregate measure for these variables. We retrieve the audit partner gender from the name of the audit partner. It is a dummy variable which equals 1 when the audit partner is female, and 0 when he is male (p_female). In joint audits, p_female gets a value 0.5 when the joint auditors have different genders. 17 Finally, we use client firm control variables that include typical firm-level controls like size, profitability, leverage, and measures of international exposure of the firm. We proxy size with the natural logarithm of total assets (assets), profitability with the return on assets (roa), and leverage with the total debt-tototal assets ratio (lev). We measure the uncertainty of the reported accounting performance using the five-year standard deviation of the return on assets including the announcement year of the annual report (stdev_roa), and through the three-year growth rate of the sales including the announcement year of the annual report (sales_growth). We also proxy the riskiness of the firm with the value of the book-to-price ratio (book_price).
Then, we address the complexity of a listed firm by considering the cross-listing in another financial market (xlist), the percentage of international sales over the sales (global), the international exposure of the company in terms of percentage of foreign ownership (for_own), and the interaction between foreign ownership and international sales (int_exp).
Lastly, in addition to the already-included client firm risk characteristics (size, book-to-price, business risk, and financial leverage), we add additional measures for client firm risk to control for the potential endogeneity problem caused by omitted client risk characteristics. First, we add market beta, which is computed in a 12-month window (market_beta), to control for the sensitivity of the client to market risk. Second, we add a dummy variable for high-tech companies (htech) to take into account that these firms may be riskier than other companies. Third, we add the difference between net income and funds from operations, scaled by total assets (accruals), to control for the use of income-increasing or decreasing accruals. Fourth, we add the proportion of depreciation, depletion, and amortization (depreciation) into the model to control for income-decreasing accrual on firm risk disclosures. This is the amount of depreciation, depletion, and amortization, scaled by total assets. 17 There are altogether 12 firm-years in the target sample that are under a joint audit of one female and one male partner.
Collectively, accruals can be used to add the information value of earnings to investors, or alternatively, to manage earnings for opportunistic motives. Therefore, we expect that accruals may reflect the willingness to be transparent through disclosures. The variable definitions are provided in Table 2.
( Table 2 about here)  Table 3C contains pairwise Pearson correlations. We do not find evidence of a correlation between the quality of risk disclosure and being a client of the Big-4. All correlation coefficients between Big-4 and risk disclosure measures are non-significant (H1). We find a cross-sectional variation among the Big-4: quantity is positively and significantly correlated with AF_1 and AF_4, meaning that firms audited by AF_1 and AF_4 tend to disclose more information about risks. We also document a significant and negative correlation between all measures of risk disclosure (d_factor, quantity, balance, coverage) and AF_3, indicating that when risk disclosures are audited by AF_3, the quality of risk information tends to be lower. These findings provide the first descriptive evidence that the quality of client risk disclosure under the positive assurance requirement of the auditor is different across Big-4 firms (H2a). We also find a statistically significant positive correlation between AF_market_share (AF_ind_spec) and d_factor, providing the first evidence that audit firm characteristics are associated with risk disclosures (H2b, H2c). Finally, correlation analysis shows that the audit partner industry expertise (p_ind_spec) is not significantly associated with risk disclosure. Audit partner familiarity with risk disclosures by different clients (p_audits) is significantly and positively correlated with d_factor, quantity, balance, and coverage, whereas the audit partner gender (p_female) correlates positively and significantly with all the disclosure measures. These univariate results give the first evidence in relation to the role played by personal characteristics of the audit partner in driving the quality of client risk disclosures (H3b and H3c). 18 (Table 3C about here)

Multivariate Results
Table 4 presents our OLS regression models in relation to Hypothesis 1. The F-values show that all regressions are statistically significant, and the explanatory power of the models varies between 6.40% (for d_factor) and 32.10% (for quantity). All regression models show a non-significant association between being audited by a Big-4 auditor and the quality of client risk disclosure. They indicate that OFRs audited by a Big-4 audit firm do not present a better adherence to the risk disclosure standard, since the standard asks for more disclosure that should cover different risk topics and that should be balanced. Differently from the existing literature on risk disclosures, we do not find an association between the quality of risk disclosure and size and profitability, which suggests that these factors are less important drivers of clients' risk reporting in the operating and financial reviews after the enforcement of a regulation. But we find that the cross-sectional variation of risk disclosure quality is mainly associated with the international exposure of companies, as d_factor is positively and significantly associated with the level of percentage of international sales (Model 1: global 0.282, t-value 2.42) and with the three-year growth rate (Model 1: sales_growth 0.083, t-value 1.99). This result holds also for the three components of disclosure quality: quantity, balance, and coverage, presented, respectively, in Model 2, Model 3, and Model 4. Globalization may have increased client firms' risk awareness, affecting the level of the provided information, and it is associated with a risk disclosure that covers a high number of topics and is also more balanced among the different topics. International and fast-growing firms face more uncertainty regarding future earnings and, thereby, have higher capital market pressures to reduce information risk by offering more comprehensive risk disclosures, according to what the standard requires.
18 Based on the correlation matrix, the pairwise correlations between the explanatory variables do not cause a multicollinearity threat. The variance inflation (VIF) values for the regression reported in Table 6A vary between 1.1419 and 10.627, and the mean value is 2.857. The highest VIF value is reported for int_exp, which is an interaction variable.
( Table 4 about here) Next, we present our OLS regression models in relation to Hypotheses 2. The OLS regression models in Table 5A study whether there is an association between the different dimensions of risk disclosure and the Big-4 audit firm brand name. Because we limit our analysis to client firms audited by a Big-4 firm, the sample size drops to 370. In the regression models, we use AF_3 as the baseline, since correlation analysis has shown that AF_3 is negatively associated with the different measures of risk disclosure. Our results show an audit firm effect; client firms audited by AF_1 offer more risk information that is more balanced and that covers more risk topics. Client firms audited by AF_2 show higher quality risk disclosures regarding the balance and coverage of risk information. AF_2 also outperforms the baseline (AF_3) in disclosure quality (d_factor). For AF_4, we document significantly more risk disclosure, and also, the overall quality is higher. Evidence shows that risk disclosures are associated with the specific Big-4 audit firm brand names and that there is variability in driving risk disclosure behavior by clients within the Big-4 audit firms.
( Table 5A about here) The regression models in Table 5B present the results considering audit-firm level characteristics substituting the dummies for the Big-4 audit firm brand names. We consider either the market share or the industry specialization of the audit firm. 19 Regarding audit firm characteristics, regression models show a positive association between disclosure quality and AF_market_share (Column 1) and AF_ind_spec (Column 2), but in the two-sided tests, the p-values are just over the 10% threshold. Thereby, a conservative approach is to consider these variables non-significant despite the small sample size, and we do not obtain support for H2b and H2c.
( Table 5B about here) 19 We do not add AF_market_share and AF_ind_spec in the same model because that would cause a multicollinearity problem (the correlation coefficient is 0.847, as reported in Table 3C). Now, we look closer at the audit partner attributes to investigate whether the attributes of the audit partner might explain cross-sectional variation in risk disclosures beyond client-firm and audit-firm characteristics. We first run the regressions without additional measures for client firm risk, and thereafter repeat the tests by including these additional controls into the model. The results remain qualitatively similar but are more significant after the inclusion of the additional controls for client firm risk. (t-value 3.08). 20 Audit partner familiarity with risk disclosures of different clients seems to be a more important positive driver of risk disclosure than partner industry specialization, which yields negative and significant results in three models out of four (H3a, H3b). This indicates that audit partners exposed to more client audits are more prone to react promptly to what the new standard requires and get a broader perspective on how their clients report risks. Hence, they also have a fresh look at assuring these disclosures and can require/recommend additional elements to be added to clients' risk reports. Audit partners with more exposure to different client risk disclosures seem also to be more capable to make a shift from their comfort zone of auditing traditional financial statements to the auditing of narrative OFR risk disclosures. Under the assurance of risk disclosures, audit partners seem to gain more competence from the assurance of risk disclosures of several clients than from industry specialization. On the contrary, strong industry specialization may be an easy setting for the audit partner to stay in a steady comfort zone, where risks are reported somehow, but are far from what the risk disclosure requirements ask in terms of the coverage and balance of these disclosures. This conclusion is also supported by the negative association between the quality of client risk disclosure and the industry expertise of 20 In the case of joint audits, we use also the highest value of the two audit partners regarding p_ind_spec and p_audits. The results are substantially unchanged: p_ind_spec is negatively associated with d_factor (t-value -2.19), quantity (t-value -2.04), balance (t-value -1.40), and coverage (t-value -1.63), while p_audits is positively associated with d_factor (t-value 3.52), quantity (t-value 2.42), balance (t-value 4.85), and coverage (t-value 2.82). the audit partner: the regression coefficient for industry expertise (p_ind_spec) is for d_factor -0.682 (t-value -2.24), for quantity -2.404 (t-value -2.06), for balance -0.277 (t-value -1.48), and for coverage -0.464 (t-value -1.74). These findings add further evidence both to Fukukawa and Kim's (2017) study on audit partner experience and to Lee et al.'s (2017) study on the role of audit partner industry specialization.
All regression models in Table 6A also show that the gender of the audit partner is significantly associated with risk disclosures. p_female is positive and significant in all regression models, suggesting that female audit partners have a positive association with risk disclosures (H3c). Previous literature has documented women's better information processing (Darley & Smith, 1995;Meyers-Levy & Sternthal, 1991;Schubert, 2006) and monitoring (Niskanen et al., 2011;Srinidhi et al., 2011;Thiruvadi & Huang, 2011) capabilities. An additional reason for the positive sign of p_female can be that women tend to be more risk averse, which may either increase their interest in client risk reporting or motivate them to assure against the new risk disclosure standard to reduce the litigation risk of the auditor. This interpretation can be linked to the findings of Karjalainen et al. (2018), who demonstrate that female audit partners are more conservative in the auditing of financial statements. The statistical significance of p_audits and p_female is higher when we consider the balance of disclosure (Column 3) and the coverage of disclosure (Column 4) compared to the quantity model (Column 2), suggesting that audit partner familiarity with risk disclosures of different clients and gender are more associated with the dimensions introduced by the new standard than with the simple extent of risk disclosure.
We analyze the partner effect within the Big-4 audit firm brand names, using AF_3 as the baseline and also including the additional measures for client firm risk (results untabulated). We find that the variables p_audits and p_female are positive and significant in all regression models (d_factor, quantity, balance, and coverage) at least at the 1% significance level (smallest t-value is 2.82 and the highest 4.98). The variable p_ind_spec is negative and significant in three models out of four models: d_factor (t-value -2.44), quantity (tvalue -2.37), and coverage (t-value -1.92), but not in the balance model (t-value -1.58). Similarly, the dummy variable AF_1 is positive and significant in three models: d_factor (t-value 2.13), quantity (t-value 1.68), and coverage (t-value 2.13), but not in the balance model (t-value 1.62). AF_4 is positive and significant in two models: d_factor (t-value 1.76) and quantity (t-value 2.58), but not in the balance (t-value 1.30) and coverage models (t-value 1.38). This additional test provides evidence that the audit partner effect documented in Table   6A is not driven by the non-Big-4 audit partners. (

Additional Analyses and Robustness Tests 21
To strengthen our main results and provide additional explanations for the association between risk disclosures and audit firm characteristics and audit partner attributes, we conducted additional analyses and robustness checks. First, we looked at the disclosure of the different risk topics, as requested by the Finnish risk disclosure standard, to find whether our results are driven by the focus on a specific risk topic. Second, we look at whether our results are driven by the type of auditor-client relationship. Third, we consider two additional audit partner attributes: foreign experience and education. Then, we run our regression using additional controls 21 Untabulated results of additional analyses and robustness tests are available from the authors upon request.
for client risk, and finally, we examine risk disclosures provided in other parts of the annual report (different from the OFR) on a voluntary basis and thereby without the accompanying assurance requirement. Table 7 shows the association between audit firm characteristics and partner attributes on specific topics of risk disclosure. Our results are consistent across the specific risk disclosure topics (strategy, operations, finance, damage, and other risks). We find difference at the audit firm level: in annual reports audited by AF_2,

Risk Topic Disclosures
we have found, on average, less information on strategic risks than in those audited by non-Big-4 firms. Results also show a negative association between partner industry expertise (p_ind_spec) and disclosure regarding operations risks (p_ind_spec -2.807, t-stat -1.93) and financial risks (p_ind_spec -3.063, t-stat -2.63). Industry specialist audit partners are more aware of the sensitive and proprietary nature of operations risks, and thereby, they are also laxer in their requirements on disclosures on the topic. Moreover, because industry specialists do not necessarily obtain that broad understanding on risk disclosure quality in different industries, they may be laxer in requiring explicit descriptions of financial risks in the operating and financial reviews if these risks are described in the notes to the financial statements. Partner industry specialization is positively associated with risk disclosures beyond the five main risk topics (oth 1.811, t-stat 2.05), which can be indicative of industry specialists' capability to better recognize other industry-specific risks.

Auditor-Client Relationship
The direct knowledge of the client, the connections between the audit Partner and the managers of client firms, and the effort in audit activity are elements that might be related to the assurance of risk disclosures. Myers et al. (2003) do not give support for the regulatory concerns that audit quality is threatened in long auditor-client relationships, showing that auditors place greater constraints on opportunistic management behavior in longer auditor tenures. In our context, this means that the assurance quality of risk disclosures should be higher when there is a long-standing audit relation.
When the audit firm starts the audit of a new client, the auditors scrutinize the new client because their knowledge of the client is low. This scrutiny may then also cover the client risk disclosures and motivate the auditor to require new clients to improve risk reporting in the first years of the audit. However, in line with the tendency to use low-balling to get new clients (e.g., DeAngelo, 1981), incomplete risk disclosures may be more likely in the first years of an auditor-client relationship if the audit firm is not motivated to use any extra effort to assure the risk disclosures of their new "lower-margin" clients. We examine the impact of the auditor-client relationship on our results by adding two controls: first_audit and change_coming. First_audit is a dummy variable equal to 1 when a client is in the first year with an audit firm, 0 otherwise. Change_coming is a dummy variable that is equal to 1 when a client is in the last year with an audit firm, and 0 otherwise (the change in auditor-client relationship is measured at the audit firm level). Results (untabulated) show that change_coming is non-significant in all models, while first_audit is positive but still non-significant (two-tailed) in all the models. Our main results regarding Big4 vs non-Big4, audit firm characteristics, and audit partner attributes hold.

Audit Partner Experience
We examine two additional partner attributes: foreign experience and education (e.g., holding an MBA).
Audit partners who have worked abroad are expected to have a broader understanding of assurance in general, and they might have more capabilities and greater willingness to accept new assurance initiatives by regulators because of their eye-opening expatriate experience (Leung et al., 2008). We search for personal information about partners' attributes based on their LinkedIn profile. When the audit partner does not provide information in her/his LinkedIn account about foreign experience and MBA education, we conclude that there is no relevant foreign experience or MBA education. We document that the foreign experience of the audit partner is positively and significantly associated with risk disclosure quantity and with risk disclosure coverage, while we do not find any statistical association between MBA education and risk disclosure. The results for our main variables remain qualitatively the same. Our results are in line with the previous literature, which suggests expertise is one component of audit quality (Carey & Simnett, 2006;Ferguson et al., 2003;Krishnan, 2003;Myers et al., 2003).

Additional Controls for Client Risk
We control for the three-month average volatility after the release of the annual report in order to consider whether firms were anticipating their risks in the near future and for the market risk in the 36-month window. In both regressions, the new controls are non-significant, and the sign and significance of the coefficients of our independent variables remain qualitatively the same. We also run our main regressions using additional controls for client risk: standard deviation of accruals, capital expenditures scaled by total assets, net receivables scaled by total assets, inventories scaled by total assets, and intangibles scaled by total assets. Our independent variable (p_ind_spec, p_audits, and p_female) results are still significant in all models, with unchanged signs for our main regression.

Other Risk Disclosures
Our analyses focus on mandatory OFR risk disclosures that are under the positive assurance requirement. To investigate whether the role of the auditor is more associated with risk disclosure in the audited OFRs than in other parts of the annual report, we analyze the association between the audit firm characteristics and audit partner attributes and the risk disclosure in other sections of the annual report. This analysis can be used as a placebo test for the effect of the auditor on client risk disclosures in the OFR. We use three variables (quantity_oth, balance_oth, and coverage_oth) to measure risk disclosures in sections outside the audited OFRs. 22 The Pearson correlation coefficient between quantity and quantity_oth is 0.078 (p-value 0.12), between balance and balance_oth -0.013 (p-value 0.80), and between coverage and coverage_oth 0.055 (p-value 0.28).
This gives first evidence that the level of risk disclosures in the audited part is not correlated with risk disclosures in the unaudited part of the annual report. Then, we regress the risk disclosure in the unaudited sections of the annual reports as in our main analyses. Regression results are reported in Table 8, and we document that all audit partner attributes (p_ind_spec, p_audits, p_female) are non-significantly associated with risk disclosures. These results support that audit partner attributes are associated only with risk disclosures in the audited OFRs rather than in the other parts of the annual report, which are expected to obtain less attention from the auditors who assure risk disclosures against the risk disclosure standard.

Discussion and Conclusions
In this paper, we investigate whether the quality of audited risk disclosures is associated with the type of audit firm (Big-4 vs. non-Big-4), the characteristics of the audit firm, and the attributes of the audit partner. We exploit the uniqueness of the Finnish setting, as it offers the opportunity to explore the assurance of risk disclosures, because these should be audited and are under the requirement of positive assurance of the auditor.
Auditing of nonfinancial textual disclosures would be easier if the regulation provides insights about how firms should give these disclosures and if it requires the positive assurance of these disclosures. In 2006, the Finnish Accounting Practice Board published a very detailed risk disclosure standard that provides an explicit framework for different risk areas and thereby offers clear indications on the expected risk disclosures and the level of details about specific risks. The examples in the standard also reduce uncertainties about whether a risk factor should or should not be disclosed. This standard also provides a framework for auditors that should be used in the assurance of risk disclosures. This allows us to examine risk disclosure quality against regulation, as suggested in Botosan (2004), basing our measure of risk disclosure quality on what the accounting standard explicitly requires. Moreover, the Finnish audit oversight body also narrowed the room for interpretation by explicitly stating that the auditors have to continue the audit of OFRs as required by the Finnish Auditing Act.
This setting was significantly different from other countries, where firms were generally required to disclose all factors that were expected to have effects on investors' decisions, with less detailed indications about the content and ways to disclose this risk information (e.g., Japan, Germany, United States). In most countries, risk disclosures were not audited, except in Germany, where risk disclosure was under a positive assurance requirement that referred to the presentation of the true and fair view of the business and the firm's future prospects.
We analyze risk disclosures from the 2005-2008 annual reports, grounding our analyses both on the framework of the FAA (and the accompanying risk disclosure standard) and on the existing literature on disclosures and risk disclosure (among others: Beattie et al., 2004;Beretta & Bozzolan, 2004;and Miihkinen, 2012). More important, we follow the argument of Botosan (2004), who argues that risk disclosure quality should not be based on a subjective evaluation of the characteristics of the disclosure, but that consistent measures of risk disclosure quality should be based on accounting principles or regulation.
Our results show that the quality of clients' mandatory risk disclosures, after the enforcement of a regulation that requires a detailed description of risks in the OFR and a positive assurance of external audit over these disclosures, is associated with the characteristics of the audit partner (namely, familiarity with different client risk disclosures, industry expertise, and gender). We do not document any significant Big-4 audit firm effect. Our evidence shows that audit partners who assure more risk reviews are positively associated with the quality of client risk disclosures. Additional analyses also show that the foreign experience of the audit partner is further associated with risk disclosure quality. This indicates that audit partners who assure disclosures of several different clients are more capable of managing the assurance of nonfinancial (risk) disclosures, which goes beyond the boundaries of traditional quantitative-based accounting, and this ability is stronger in those with foreign professional experience.
Finally, we show that audit partner industry expertise is not helping in improving client risk disclosures and that female audit partners are positively associated with clients' risk disclosure quality, which suggests that women's monitoring and information-processing capacity may be beneficial for the assurance of mostly textual risk reviews. These audit partner effects are in line with the recent evidence on the auditing of financial information (Gul et al., 2013;Knechel et al., 2013).
Our Matters in their audit reports. These reforms, together with recent developments around integrated reporting, will most likely increase the scope of the required audits in the future and push audit firms to read firm risks in greater detail to ensure that their discussion is comprehensive and valid. From the auditor's point of view, the situation may feel contradictory. Our results provide valuable evidence for standard setters who make decisions on the future of the assurance of soft (nonfinancial) accounting information.
Our paper also contributes to risk disclosure literature by recognizing the audit partner effect and not only the more general audit firm effect. We move the literature forward by bringing a deeper understanding of the association between risk disclosure and audit firm characteristics (such as Big-4 vs. non-Big-4, industry specialization) and audit partner attributes (such as expertise and gender). Furthermore, we provide initial evidence to the audit literature that has documented differences in the assurance of numbers (e.g., Balsam et al., 2003;Francis & Yu, 2009;Gul et al., 2013;Knechel et al., 2013) but very little evidence on the assurance of nonfinancial information. Collectively, our results provide evidence for regulators who consider different ways to implement the auditing of textual accounting information.
Our findings imply that audit firm characteristics and partner attributes can affect the disclosure decisions of the client. The assurance attitude is important when it comes to the assurance of nonfinancial information. Especially, audit partners can have a positive effect on the usefulness of nonfinancial information if they refrain from thinking that this kind of information is irrelevant and easy to assure by following the "tickthe-box" approach. Regulators can help auditors to understand the importance of proper assurance of nonfinancial information by highlighting the issue publicly or privately and by providing guidance.
Understanding the mechanisms that affect the assurance of nonfinancial information helps audit firms, audit partners, and regulators to plan actions that add value to users of nonfinancial information.
Evidence from voluntary joint audits. European Accounting Review, 21(4), 731-765. Less firms-years that do not release the annual report in the period January-April of the next calendar year (12)

Intermediate sample of released annual reports 408
Less firm-years with missing financial data at the client firm level (11) Less firm-years with missing auditing firm and audit partner data (4) The score of the principal component with the highest eigenvalue computed from the firmspecific quantity, balance, and coverage scores.

Final sample (firm-year observations) 393
quantity The natural logarithm of the total number of risk disclosure words in the OFR. If the client does not give any information on the topic, the disclosure score is set to 0.
balance The inverse of the Herfindahl index score divided by the maximum number of the main risk topics (=5) in the risk disclosure framework. coverage The number of risk topics covered in a firm's risk disclosures divided by the maximum number of the main risk topics (=5) in the risk disclosure framework.

Client firm assets
Natural logarithm of the total assets of the client firm at the beginning of year t.
book_price Book-to-price ratio of the client firm.
roa Return-on-assets ratio of the client firm.
sales_growth A three-year growth rate of the sales, including the announcement year of the annual report.
stdev_roa A five-year standard deviation of the ROA, including the announcement year of the annual report.
lev Total debt-to-total assets ratio of the client firm.
global Percentage of international sales over the sales at the beginning of year t.
xlist Dummy variable = 1 if the client firm is cross-listed, 0 otherwise.
for_own Percentage of foreign ownership in the client firm.
int_exp International exposure: the product of "percentage of international sales over the sales at the beginning of year t" (global) and "percentage of foreign ownership in the client firm" (for_own).

Additional measures for client firm risk market_beta
A 12-month market beta of the client firm. It is computed from the share and market index returns of the preceding 12 months before the publication of the risk disclosure. OMXH Cap has been used as the market index.
htech Dummy variable = 1 if the client firm is a high-tech company as specified in Francis and Schipper (1999), 0 otherwise.

Table 2 (continued) accruals
The total amount of accruals scaled by total assets at the beginning of year t.

depreciation
The total amount of depreciation, depletion, and amortization scaled by total assets at the beginning of year t. The market share of the audit firm in the Finnish audit market, as measured by the proportion of its clients' yearly sales on the aggregate amount of clients' yearly sales in the target sample.

AF_ind_spec
The percentage of assured client firm sales at a specific industry in a specific year.

Audit partner p_ind_spec
The percentage of client firm sales assured by the audit partner in the specific industry in the specific year. In joint audits, the average value is used.
p_audits The yearly percentage of auditors' reports signed by the audit partner. In joint audits, the average value is used.
p_female Dummy variable = 1 if the audit partner is female, 0 otherwise. In joint audits, the variable gets a value 0.5 when the joint auditors have different genders.
(1) d-factor 1.000 (2)     This table reports the OLS regression coefficients for the audit firm (big-4) and client firm level determinants of audited risk disclosures. d_factor is the score of the principal component with the highest eigenvalue computed from the firm-specific quantity, balance, and coverage scores. Quantity is the natural logarithm of the total number of risk disclosure words in the OFR. Balance is the inverse of the Herfindahl index score divided by the maximum number of the main risk topics (=5) in the risk disclosure framework. Coverage is the number of risk topics covered in a firm's risk disclosures divided by the maximum number of the main risk topics (=5) in the risk disclosure framework. Big-4 is an indicator variable with the value 1 if the audit firm is a Big-4 firm, 0 otherwise. For other variable definitions, see Table 2. Industry and year fixed effects are controlled, although not reported, and standard errors are clustered by firm. All independent variables are winsorized at the 1% and 99% level.
T-values are given below the regression coefficients in parentheses. ***, **, and * denote statistical significance (two-tailed) at the 1%, 5%, and 10% levels, respectively. This table reports the OLS regression coefficients for the determinants of risk disclosures at the audit firm level. AF_1, AF_2, AF_3, and AF_4 represent dummy variables for the Big-4 audit firm brand names. AF_3 is the baseline Big-4 audit firm that is not included in the model. Because we are interested in the variation between the firms, we conceal the real names of the audit firms. Dual_audit is an indicator variable for those audits where the audit firm uses two auditors to sign the auditor's report. The dependent variables and client firm level factors are the same as in Table 4 (control variables not tabulated). All independent variables are winsorized at the 1% and 99% level. Industry and year fixed effects are controlled, although not reported, and standard errors are clustered by firm.
T-values are given below the regression coefficients in parentheses. ***, **, and * denote statistical significance (two-tailed) at the 1%, 5%, and 10% levels, respectively. This table reports the OLS regression coefficients for the determinants of risk disclosures at the audit firm level. Big-4 is an indicator variable that obtains the value 1 if the audit firm belongs to Big-4 firms, 0 otherwise. AF_market_share is the market share of the audit firm, as measured by the proportion of its clients' yearly sales over the aggregate amount of clients' yearly sales in the target sample. AF_ind_spec is the percentage of assured client firm sales for a specific industry in a specific year. Dual_audit is an indicator variable for those audits where the audit firm uses two auditors to sign the auditor's report. The dependent variable and client firm level factors are the same as in Table 4 (control variables not tabulated). All independent variables are winsorized at the 1% and 99% level. Industry and year fixed effects are controlled, although not reported, and standard errors are clustered by firm. T-values are given below the regression coefficients in parentheses. ***, **, and * denote statistical significance (two-tailed) at the 1%, 5%, and 10% levels, respectively. This table reports the OLS regression coefficients for the determinants of risk disclosures at the audit firm and partner level. AF_1, AF_2, AF_3, and AF_4 represent dummy variables for the Big-4 brand names. Non-Big-4 firms is the baseline, which is not included in the model. Because we are interested in the variation between the firms, we conceal the real names of the audit firms. Dual_audit is an indicator variable for those audits where the audit firm uses two auditors to sign the auditor's report. p_ind_spec is an empirical measure for the industry specialization of the audit partner, as measured by the percentage of assured client firm sales for the specific industry at the specific year. p_audits is the yearly percentage of auditors' reports signed by the audit partner. p_female is an indicator variable which obtains a value of 1 if the audit partner is female, 0 otherwise. The dependent variables and client firm-level factors are the same as in Table 4 (control variables not tabulated). In addition, we include four additional measures for client firm risk in the model. Market_beta is a 12-month market beta of the firm. Htech is a dummy variable for the high-tech companies. Accruals is the total amount of accruals scaled by total assets, and depreciation is the total amount of depreciation, depletion, and amortization scaled by total assets. All independent variables are winsorized at the 1% and 99% level.
Industry and year fixed effects are controlled, although not reported, and standard errors are clustered by firm. T-values are given below the regression coefficients in parentheses. ***, **, and * denote statistical significance (two-tailed) at the 1%, 5%, and 10% levels, respectively. This table reports the results of the Wilcoxon rank sum test and the mean test to examine if the client firm characteristics differ between female and male audit partners. ***, **, and * denote statistical significance (two-tailed) in the mean test at the 1%, 5%, and 10% levels, respectively. Twelve observations with value for p_female = 0.5 are dropped from the sample to make a clear distinction between the female and male audit partners. These observations represent joint audits with an auditor of each gender. This table reports the OLS regression coefficients for the determinants of specific risk disclosure topics. Str represents risk disclosures on strategic risks, ope on operations risks, fin on financial risks, dam on damage risks, rman on risk management, and oth on other risks not included in the applied risk disclosure framework. All disclosure topics represent the natural logarithm of the number of disclosed words. AF_1, AF_2, AF_3, and AF_4 represent dummy variables for the Big-4 brand names. Non-Big-4 firms is the baseline, which is not included in the model. Because we are interested in the variation between the firms, we conceal the real names of the audit firms. Dual_audit is an indicator variable for those audits where the audit firm uses two auditors to sign the auditor's report. p_ind_spec is an empirical measure for the industry specialization of the audit partner, as measured by the percentage of assured client firm sales for a specific industry in a specific year. p_audits is the yearly percentage of auditors' reports signed by the audit partner. p_female is an indicator variable that takes the value   This appendix illustrates the computation of the factor scores. Altogether, three eigenvalues are reported, in line with the number of variables used in the factor analysis (quantity, balance, coverage). Principal component analysis is the chosen factoring method, and therefore, all priors are set to one. No rotation has been used, and the resulting matrix has not been corrected for the mean. Factor scores are computed based on the first factor, which has also the highest eigenvalue. Yearly factor scores are pooled across four sample years to get the final measure for d_factor. Proportion describes how much the specific factor explains the variance of the three risk disclosure measures. Cumulative describes how much the factors can cumulatively explain the variance of the three risk disclosure measures. The non-standardized and standardized factor loadings are described in SAS with the names "factor pattern" and "standardized scoring coefficients," respectively. The outcome of the analysis is the factor scores for factor 1, factor 2, and factor 3.