Risk assessment reports Summarization Prompt

# Risk Assessment Reports Summarization Prompt ## Background & Context Risk assessment reports evaluate potential threats, vulnerabilities, and impacts to organizations, projects, or systems. They are typically created by risk management professionals, security analysts, compliance officers, or specialized consultants. These reports are consumed by executives, board members, project managers, operations teams, and regulatory bodies to inform decision-making about risk mitigation strategies, resource allocation, and compliance requirements. ## Report Structure & Components - Executive summary - Scope and objectives of the assessment - Methodology and approach used - Risk identification and categorization (strategic, operational, financial, compliance, etc.) - Risk analysis with probability and impact ratings - Risk evaluation and prioritization (risk matrices/heat maps) - Current control measures assessment - Risk treatment/mitigation recommendations - Implementation timeline and resource requirements - Appendices with detailed findings, data sources, and technical details - Glossary of terms ## Critical Information to Extract - Overall risk profile and highest-priority risks - Probability and potential impact ratings for key risks - Risk tolerance thresholds and which risks exceed acceptable levels - Effectiveness of existing controls - Gaps in current risk management approaches - Recommended mitigation actions with clear priorities - Required resources and timeline for implementing recommendations - Compliance implications or regulatory requirements - Changes in risk profile from previous assessments - Key metrics like risk scores, threat levels, or vulnerability indices ## Stakeholder Priorities - **Executives/Board Members**: High-level risk overview, strategic implications, resource requirements, and compliance status - **Project Managers**: Specific risks affecting timelines, budgets, and deliverables - **Operations Teams**: Detailed mitigation actions, implementation requirements, and tactical recommendations - **Compliance Officers**: Regulatory requirements, compliance gaps, and documentation needs - **Financial Teams**: Cost implications, insurance considerations, and financial risk exposure - **IT/Security Teams**: Technical vulnerabilities, security threats, and system-specific controls ## Output Format Guidelines The summary should be structured as follows: 1. A concise executive summary (3-5 sentences) highlighting the overall risk posture 2. A table or bulleted list of top risks with their ratings and status 3. A section on critical gaps or vulnerabilities requiring immediate attention 4. Key recommendations organized by priority (high, medium, low) 5. A brief implementation roadmap with timeline 6. Any significant changes from previous assessments (if applicable) Use visual elements where appropriate, such as: - Risk heat maps or matrices showing probability vs. impact - Charts showing risk distribution by category - Control effectiveness indicators - Timeline graphics for implementation ## Special Considerations - Maintain precise technical language when describing risks while explaining implications in business terms - Distinguish between identified risks and actual incidents - Preserve risk assessment methodology terminology (e.g., NIST, ISO 31000, FAIR) - Consider regulatory and compliance frameworks relevant to the industry (GDPR, HIPAA, SOX, etc.) - Address uncertainty and confidence levels in the assessment - Balance qualitative and quantitative risk measures - Recognize the difference between inherent and residual risk ratings ## Sample Output Structure # RISK ASSESSMENT SUMMARY: [Project/Organization Name] ## EXECUTIVE SUMMARY [3-5 sentence overview of overall risk posture, key findings, and critical recommendations] ## TOP RISK PROFILE | Risk | Category | Probability | Impact | Risk Rating | Control Effectiveness | |------|----------|------------|--------|------------|----------------------| | [Risk 1] | [Category] | [H/M/L] | [H/M/L] | [Rating] | [Strong/Moderate/Weak] | | [Risk 2] | [Category] | [H/M/L] | [H/M/L] | [Rating] | [Strong/Moderate/Weak] | | [Risk 3] | [Category] | [H/M/L] | [H/M/L] | [Rating] | [Strong/Moderate/Weak] | ## CRITICAL VULNERABILITIES - [Description of critical vulnerability 1 and its business implications] - [Description of critical vulnerability 2 and its business implications] ## KEY RECOMMENDATIONS **High Priority (Immediate Action):** - [Specific recommendation with expected impact] - [Specific recommendation with expected impact] **Medium Priority (Next Quarter):** - [Specific recommendation with expected impact] - [Specific recommendation with expected impact] **Low Priority (Within 12 Months):** - [Specific recommendation with expected impact] - [Specific recommendation with expected impact] ## IMPLEMENTATION ROADMAP [Brief timeline with key milestones and resource requirements] ## CHANGES FROM PREVIOUS ASSESSMENT [Key changes in risk profile, new risks, and improvements]