Purpose This rich descriptive study examines auditors' client risk assessment (i.e. “key audit matters”/critical audit matters) disclosures in expanded audit reports of 328 Financial Times Stock Exchange (FTSE) 350 companies. The study compares auditor-identified client risks with corporate risk disclosures identified in audit committee reports, in terms of number and type of risks. The research also compares variation in auditor-identified client risks between individual Big 4 audit firms. In addition, the study examines auditor ranking of their client risks disclosed. Design/methodology/approach The study manually content analyses disclosures in audit reports and audit committee reports of a sample of 328 FTSE-350 companies with 2015 year-ends. Findings Audit committees identify more risks than auditors (23% more risks). However, auditor-identified client risks and audit-committee-identified risks are similar (80% similar), as are auditor-identified client risks between the individual Big 4 audit firms. Only ten (3%) audit reports rank the importance of auditor-identified client risks. Research limitations/implications Sample is restricted to one year, one jurisdiction, large-listed companies and companies audited by Big 4 auditors. Practical implications The study provides important insights for regulators, auditors and users of financial statements by identifying influences on disclosure of auditor-identified client risks. Originality/value The paper mobilises institutional theory to interpret the findings. The findings suggest that auditor-identified client risks in expanded audit reports may demonstrate mimetic behaviour in terms of similarity with audit-committee-identified risks and similarity between individual Big 4 audit firms. The study provides important insights for regulators, auditors and users of financial statements by identifying influences on disclosure of auditor-identified client risks.