We have access to a broad range of information that is at times protected and that we can't talk about. I always love talking about audit, so if you really want to geek out on audit, I would encourage you to go to the back of our audit reports, where we have an “about the audit” section. It does list for you our audit criteria.
We follow Canadian auditing standards, which means we have to gather sufficient and appropriate audit evidence. What that might look like will depend on the topic we're auditing, but the expectations that we hold the department to are listed in the back. They're agreed to with the department, and then we look to their information, the databases they may have and the contracts they may have. We will go to other countries to look for examples and other sources. We always try to have criteria that are outside of the federal government to be able to identify gaps and talk about best practices when we can.
It's a little more complicated in the defence space, given that a lot of it is protected, but rest assured that we've seen the information we need to see. It's rigorous enough that you can follow up. You can rely on it.