That is correct, Mr. Chair. We did not audit the security practices. The audit focus is on the reporting requirement and whether those departmental security plans were formally approved. At the time of the audit, about half of them did not have an approved departmental security plan.
On May 13th, 2015. See this statement in context.