I'll clarify that the department has always used, and continues to use, a risk-based approach when it assesses projects. As noted in the Auditor General's report, we did not have that approach properly documented. As of October of last year, we've now included that explicitly in our documentation.
