Do you have any samples of (Information) Security Annual Reports to Board of Directors? I know what is to go into the report. I am just not sure how detailed it needs to be.
You'll find an excellent starter document for security from Dana Turner in the BOL Tools. Although this dates to 2007, the foundation hasn't changed. We don't have a comparable document, but do have other Information Security tools.