No, it's actually a policy that Treasury Board issues. It tasks each department with doing an annual assessment of their internal control environment, on an ongoing basis.
They have to disclose what they've done to monitor the internal control environment. That includes audits, but more importantly preventative measures. They're on the hook, then, to also take action on any known weaknesses. There are known weaknesses. The internal control environment is not perfect.
That, to me, is the biggest shift we've seen, that disclosure and that focus on internal controls.
The take-away for me on this is whether we have done enough to ensure that in that internal control assessment we've put enough emphasis on fraud as being part of it.