There are two things, and I'll be quick.
I think the Auditor General has been balanced in her assessment. She has made the point that we've made progress and improved our risk-based planning for oversight in particular, which is in paragraph 5.20, while pointing out the areas where we have gaps and need to make improvements.
We collect a lot of information through the inspection activities and through the SMS. There is a data-driven risk assessment process that then guides two things.
One is where we target further oversight or where we target regulations. I'll give you an example. In our SMS audits, we've seen some issues around employee training. As we've investigated some incidents, we've discovered problems resulting from inconsistent employee training. We've had multiple points of evidence from our inspections, our audits and even our incidents that say there's an issue with employee training. We've taken that to do two things.
In the follow-up to this report, I look at indicators on employee training on our SMS audits, but we're also in the process of revising and updating our regulations and standards on employee training, because we think we've identified an area where we can—