Thank you, Madam Chair.
We issue management letter points after most of our financial audits, as throughout the course of our audits we find opportunities to improve internal controls, streamline operations or improve financial reporting practices. We take the time to make some of those recommendations and get management's commitment to a timeline and an action plan in order to continue to improve financial reporting.
Those are, then, very important. We started to monitor them and follow them up a few years ago, because we recognize that some of them take a long time to resolve and others are resolved more quickly. We thought that a more rigorous follow-up would keep the pressure on departments and Crowns to improve their practices.
Most that remain unresolved in the longer buckets are really about IT access. We always carry out work to make sure that we didn't find any inappropriate access, but as you can imagine, so many individuals access IT systems that it takes rigour to stay on top of warning about proper access and removing it when an individual leaves an organization or changing it when they change functions.
It would be up to the departments to tell you individually why they take so long, but I think it's because of the vastness of how many individuals have access to systems, hence why we're seeing some time to weed through all of that.