What specific PingCastle metrics do you share with management or executives, and how do you present this technical information to non-technical stakeholders?
We do audit our customers, but the outcome depends on the customer and the environment.
This is just one example, but it varies a lot:
We create a PowerPoint presentation with a summary of the findings and some statistical data.
Environmental data counted: users, inactive users, admins, inactive admins, computers, inactive computers, domain controller,… finding count per category and per priority.
We provide information about how the result looks for us. Often, it is ‘commonly insecure’, or more or less secure than expected compared to ‘the average’ or sometimes some special very uncommon risks . We list and discuss important steps to take next (not a full list and not in order): Plan measurements, prioritise, define responsibilities and start doing (you’ll never finish). The measurements are the ‘HealthcheckRiskRules’ and additional steps mentioned in the report (some are not counted as ‘Risk’). Information that is not a risk but may become a measurement includes analysing indirect controls and scripts, expanding LAPS usage to more clients and servers, removing unused objects, validating backups to ensure they are separate and secure enough, implementing/validating hardening policies and implementing SIEM/SOC to validate that relevant logs are collected. Even empty categories can be important because it is useful to know what has been done already.
Although it was not explicitly requested, I would like to mention that we also carry out other common security-related tasks.
That’s great! Thanks for the insight 
Is there anything that would better help you prepare these presentations that we could include potentially try and include in the report in future releases?