So that will be coming forward and will be made public sometime next year, and we will be reporting to Parliament on the results of that probably in the spring of 2010.
But for departments and agencies, we go through a risk-based approach to try to determine the major risks to the department or agency accomplishing its mandate. We also do that on cross-cutting issues, be they human resources, IT management, or information management, etc.
The other day we were actually doing one on the Department of Finance and OSFI and the whole financial regulatory system, asking, what are the biggest risks in there and how do we audit those risks? Then we develop a plan over five years, and we have to sit down after that and ask, how many can we actually do in a year? What skills do we have, and how do we stagger them, depending on our resourcing?
That's generally how we pick the audits we do. There are, of course, the committee requests that come in, which we assess and try to accommodate to the extent we can.