This particular transaction that you refer to was approved by cabinet in the normal course of events. What's important from an internal audit perspective or from a control perspective is that if it's sole source, it has to be disclosed as sole source, so that management can then make their own assessment in terms of whether it is reasonable.
It's not for me to make that policy decision. My job there is to make sure that there's a control framework in place and that if a certain protocol is not followed, the reason is transparent and is reported.
At that point I've done my job, and it is for members or stakeholders to ask those questions.