When presenting risk assessments, my experience has shown this is best done by telling a story. Your story begins with the scope, then moves onto walking through the analysis process (including assumptions, where did the data come from, etc). The story reaches its climax as you get to the final results.
When building your story (commonly referred to as a presentation), make sure you speak to your specific audience. If you think they will want to get down in the details, then give them enough information to feel satisfied. If they want to stay high level, show them a summary of the results but make sure they understand the context of how they were produced.
For example, in Illustration 1 the scope is fully outlined and the loss event is clear and concise. Illustration 2 shows how the loss event will take place.
Illustration 1
Illustration 2
But wait! You’ve told the story, but it shouldn't end there: A good presentation for risk results leads the audience to some future decision or action.
In our example above we talk about a breach of a database containing PII data and the anticpated risk reduction if encryption were implemented. In Illustration 3 the risk reduction is evident within the comparison report. If encryption were implemented in this environment the organization would see a reduction in their responses to customers and a potential for a reduction in reputation damage.
Illustration 3
You've put in hard work to complete a well-thought-out FAIR risk analysis -- make sure your presentation is equally positive by telling a very valuable risk management story and what business decision we are helping to make.
Interested in more presentation tips and tricks? Check out the FAIR Analysis Fundamentals video training course.