How Audit, Risk, and Compliance at MDA Gain Cross-Organizational Visibility

In our Spotlight on Success series, MDA’s Scott Page (Director, Internal Audit), Melissa Cass (Director, Business Operations), and Uriah McCann (Director, Cybersecurity) share their gains in efficiency, visibility, and collaboration from centralizing audit, risk, and compliance activities and documentation in AuditBoard’s connected risk platform. Headquartered in Brampton, Ontario, MDA is an international space mission partner and a robotics, satellite systems, and geointelligence pioneer leading the charge towards viable Moon colonies, enhanced Earth observation, and more. Hear how the heads of audit, business operations, and compliance at MDA are leveraging AuditBoard’s platform to “work as one MDA,” including:

• Leveraging AuditBoard’s CrossComply, SOXHUB, OpsAudit, and RiskOversight, solutions together to centralize all risk and controls information in a single source of truth.  
• Reducing stakeholder fatigue by collecting information once and leveraging it across multiple controls and frameworks. 
• Eliminating silos to gain visibility into risk and controls across the business.
• Improving efficiency by 25% on internal audit processes within months of implementing the platform. 

Tell us a little about MDA, and some of the challenges you faced in your previous manual environment. 

“MDA is an international space company. We focus on satellite technologies, robotic solutions for space, and we work throughout the world with government agencies and commercial agencies to provide space support.” – Melissa Cass, Director, Business Operations at MDA

“The internal audit environment before AuditBoard was acquired was highly manual, very much supported by spreadsheets, shared folders, and emails, so a very manual process. The difficulties encountered really kind of related around version control, making sure that we have the most current copies. Also sharing documents between our auditees and the other groups made it very difficult and very time consuming.” – Scott Page, Director, Internal Audit at MDA 

“When I first started with the company, we obviously needed something to address the internal audit and SOX work, but I quickly learned that Melissa was going to be implementing enterprise risk management or expanding that across the company and Uriah also needed a tool for cybersecurity. So we did make a conscious decision at that point in time that the risk and controls across the company are shared amongst all the groups, and that we’re no longer working in silos, but working as one MDA.” – Scott Page, Director, Internal Audit at MDA 

Tell us a little about your experience during the implementation process, and what are some of the early wins you’ve achieved?

“I found when rolling out the RiskOversight module of AuditBoard, the AuditBoard team exceeded my expectations. They were extremely helpful in guiding us. Our process for RiskOversight was very new at MDA and we were just establishing the best practices that we wanted to follow, so having AuditBoard with an established tool being able to support us through that initial stage was very helpful. Even though we only rolled out AuditBoard a few quarters ago, I can already see that I’m getting valuable feedback back through our risk assessment process. People are spending that extra time to dig a little bit deeper into the assessments, and I’m feeling more confident in the assessment data that I’m getting back from the tool.” – Melissa Cass, Director, Business Operations at MDA

What efficiencies have you seen from implementing the AuditBoard platform as a single source of truth across audit, risk, and compliance? 

“The benefit is we only collect information once from an individual who’s part of the process, and then are able to reuse that evidence multiple times to answer many different questions in the business. An example would be, in our case, we’re really focused on the CMMC framework, but most of those framework requirements have commonality to the NIST frameworks or even ISO 27001. So if we’ve collected the evidence and we have it, it allows us to make strategic decisions as a business.” – Uriah McCann, Director, Cybersecurity at MDA

“It’s estimated for my group that we’ve gained about a 25% efficiency on the processes that we would’ve conducted in the past. What that gives us is that time back to actually go in and analyze and review the information versus preparing the information to get it out to senior management or an audit committee report.” – Scott Page, Director, Internal Audit at MDA 

How has centralizing your work in AuditBoard helped you eliminate silos and gain real-time visibility across audit, risk, and compliance?

“With AuditBoard, we’re able to see all of the relevant risks from other parts of the business. If certain controls are being tested as part of our internal controls process that have relevance to cybersecurity, now we are able to see that information across the organization versus in one vertical. That helps flow that information back into our enterprise risk management side of the equation. Having all the information in one platform gives us the visibility that we didn’t have before.” – Uriah McCann, Director, Cybersecurity at MDA

“AuditBoard has exceeded my expectations on ease of use, being able to customize the exports that you need for reporting. The dashboards are fantastic and easy to configure, depending on the data that you need to present. The feedback from using the tool has been only positive.” – Melissa Cass, Director, Business Operations at MDA