Certainly in this audit we saw that all of the five departments had put in place the structures, policies, training that were expected under the 2003 code. So I do believe they were taking it seriously.
We do have some recommendations to them that they need to complete risk assessments. And I think it's as we've been discussing earlier, this is sort of a continuous thing; it's not because you put in place the structures that you can say “We've done it and we've taken care of it”. As the secretary has pointed out, it is really the ongoing dialogue, communication, and awareness activities that need to continue.