In that audit, we actually found that a few things contributed to the weaknesses that we saw.
It's important to say that the government has controls in place, but we didn't see them being consistently applied or monitored, which is a concern. We raised our concerns because the government is at the early stages of moving to the cloud.
Some of that was a lack of understanding of the roles and responsibilities over who should do that ongoing, continuing monitoring of these. Also, when we spoke to some of the departments, we found that they did not have the funding to maintain them over the long term. When Shared Services was set up, a lot of the funding was moved to Shared Services as all the servers moved to a central location. As you bring some of that management back to the departments, there is the need to support the departments in identifying the long-term operating costs. That's where there is an element missing. Departments are trying to find that in their current funding base.
There needs to be a more long-term, sustainable solution if the cloud is going to be an option for many departments going forward.