Thank you for a very insightful question.
I think the Auditor General's assessment of our challenge here is fair. We were not systematically pulling information from our SMS audits to shape our risk-based oversight. We were doing it in some cases, but not all, and most importantly, we didn't have a documented system that the AG could find to show that we were doing it. We are building this in, and we believe that it will be a significant improvement towards having a more robust risk-based oversight system. We're taking the steps now to build it in.
I would add, if I may go back to the Auditor General's remark about the time, that sometimes in the past we may have taken a bit longer than we should have to execute some recommendations. We are really trying to time-bind our follow-up actions. There are a series of material improvements, which we shall have done by the end of 2021, to respond to the recommendations coming from this audit, and this is one of them.