As of 2016, the PREA Online Audit System was launched to help agencies, facilities, and auditors streamline, organize, and automate much of the PREA audit process in a secure, user-friendly environment.
The OAS is built in a secure environment that meets rigorous federal security requirements mandated by the Federal Information Security Management Act (FISMA), and provides a safe electronic platform for agencies/facilities and auditors to communicate and share information securely. Agencies/facilities can upload sensitive audit documentation, including documentation that contains personally identifying information (PII) or personal health information (PHI); and auditors are able to access and review this documentation directly within the secure environment. This eliminates the need to use less secure means of communication and information exchange. The OAS also enables useful storage features, such as a document library and links of documents to relevant standards, which helps to streamline the audit process.
As of June 30, 2022, all auditors are required to use the Online Audit System for conducting and reporting PREA audits.
Available training webinars can be accessed under the webinars page of the PRC website. You will also find a short video below that introduces the OAS and explains its basic functions and features. For all other questions please contact OAS Technical Support.
User Roles
There are three main user roles in the OAS: Auditor, PREA Coordinator, and PREA Compliance Manager.
All auditors will use the OAS to conduct and report PREA audits. This includes reviewing the Pre-Audit Questionnaire (PAQ) submitted by the agency/facility, completing the PREA Auditor Compliance Tool (ACT), as well as generating the interim report (when applicable) and final report for the audit. Auditors will also satisfy their reporting requirements to the Department of Justice (DOJ) by answering questions pertaining to their audits in the system.
PREA Coordinators are responsible for assisting with or completing the PAQ on behalf of their agency. Completing the PAQ includes completing the Facility Information page, as well as responding to questions, or “measures,” regarding the agency’s/facility’s characteristics, policies, procedures, staffing, etc.. The PREA Coordinator will be asked to upload relevant documentation for their auditor to review as part of the PREA audit. An agency can request as many PREA Coordinators as necessary in the OAS; however, there can only be one Primary PREA Coordinator. All other PREA Coordinators requested will be listed as Secondary PREA Coordinators and assigned on an audit-by-audit basis.
PREA Compliance Managers are responsible for assisting with or completing the PAQ on behalf of their facility. Completing the PAQ includes filling out the Facility Information page, as well as responding to questions, or “measures,” regarding the facility’s characteristics, policies, procedures, staffing, etc.. The PREA Compliance Manager will be asked to upload relevant documentation for their auditor to review as part of the PREA audit. A facility can request as many PREA Compliance Managers as necessary in the OAS. It is important to note that there is no hierarchy for Compliance Managers in the system. All Compliance Managers have the same permissions and functions as the other assigned Compliance Manager(s) for that facility.
Audit Process
There are five significant steps throughout the audit process in the OAS:
- The first step is for the OAS technical support team to process an audit initiation and then create it in the OAS. All users tied to the audit will be informed that the requested audit has been created.
- The next step is for the PREA Coordinator/PREA Compliance Manager to begin their work on the PAQ. Once the PAQ is completed, the PREA Coordinator/PREA Compliance Manager will submit it to the auditor for review. This indicates that the audit has begun.
- Once the auditor goes onsite they will begin working through the ACT. This tool is used during each phase of the PREA audit to guide the auditor in making compliance determinations for each provision of every standard.
- Once the ACT is filled out, the audit will either go to corrective action or, if all standards are found compliant, the final report is generated. Corrective action only occurs when the auditor has submitted an interim audit report with one or more standards not met. This initiates a corrective action period for the audit where the agency/facility and the auditor will work in collaboration to address noncompliance.
- Lastly, once that is completed, the final report is generated.
Please note: Agencies/facilities are strongly encouraged, but not required, to complete the PAQ in the OAS (unless otherwise contractually obligated to do so). However, agencies and facilities who choose not to complete the PAQ in the OAS must, at minimum, complete the Facility Information section of the PAQ, check each topic is ready for audit, and submit an otherwise "blank" PAQ. This will allow the auditor to complete their work in the OAS, as required.