There is nothing specifically in the audit about that, I'm afraid, so I don't have a direct answer to that.
I would say generally, though, that under the government policy on security, and in the departments' security plans we spoke about a little bit earlier in the meeting, one of the things they would be wanting each department to look at is their general risks to ensure that they would be doing whatever is necessary to try to mitigate those risks.