Guest user Created: Nov 12, 2017 Last commented: Nov 13, 2017

Graphical presentation of risks

I have recently conducted some risk assessments for my organisation. For each assessment I have the post-treatment risk values and I want to design a graphic visualisation of this for senior management. To do this, I have assumed I will need to reduce each risk assessment to a single risk value number that can be plotted on a heat-map or a graph.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 12, 2017

The method I have considered using is to add all the final scores and then divide by the number of assessed risks, i.e. final combined total of all risk values 60; number of threats assessed 8 = average risk value of: 7.5

Other options I have considered would be to simply show the highest and lowest risk (to give a risk range).
I’m not entirely sure the averaging method is viable so your advice would be really appreciated.

Answer: For graphical forms to present risk information to senior management you should consider:
- Number or percentile of risks per risk level (e.g., 7 low, 19 medium, and 3 high, or 22% low, 68% medium, and 10% high).
- Number of risks per department
- Number of risks pe r process
- Number of risks per asset

To senior management, more important than risk range and average value is how the risks are distributed between risk levels or elements of the ISMS scope (e.g., departments or processes), so this will give then a general view of the risks the organization is exposed to.

In terms of format, the most used are the bar graph or the pizza graph.

Quote

0 0

Guest

brianhopla Nov 13, 2017

Thanks; that's really helpful.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 12, 2017

Nov 13, 2017

Expert Advice Community