The good news is that the approach achieved the objectives up front. Now we're looking, basically, at the clean-up of doing the additional verification work.
There are different methods of doing that. Typically—and this is what's used in auditing—you don't audit every single transaction that a department does. You take a risk-based approach, if I'm correct, or a sampling approach, to look at where those problem areas could be, and then make a series of assumptions after that. We'll hear more, I'm sure, when we have a further study on this report from Revenue Canada. They have different methods, including this risk-based method.
Could you just talk about the difference between the two, and why you think that every single transaction should be examined?