Dear CFB dev team, you should have though about ALL the data when you implemented the IRP and you should NOT be asking for more money now so you can do it properly. Oh, and you should have already implemented the user access policy in keeping with the SecPol and not made your own up because it was difficult for the 3rd party suppliers to use. Asking me for money to fix this is not going to wash.
A cynic might suggest that you are just trying to find work to keep your team together between other developments!