If I had a project, for example, and the Auditor General came in five years later to tell me why it went wrong after the project was done, my question would be, “Why didn't we bring him in on day one, ask him what the requirement was for compliance, and whether it was actually required?” Then we could have built those compliance requirements in at the very beginning in an iterative way.
It's the same thing with government. A classic would be security.
André and I have had this chat about risk. The risk in government is binary. It's no risk. Push the risk to the private sector.
In the private sector, risk is dealt with through an actuary, and they put a dollar amount on it. Can we do that in government? I don't know, but risk and that kind of thing is very challenging.
Compliance we can do, though. Compliance we run into in the private sector, and we just bring the people in on the team. Instead of being the road blocker at the end, they also have to pursue the same goal, not to stop the project but to enable it and to ensure that it complies.