As detailed above, the Audit Initiation Form must be used to initiate all audits. To initiate an audit in the OAS, the form can be completed by the lead auditor or by an authorized representative of the agency or facility being audited. 

Auditors please note: regardless of whether an agency or facility representative completes the Audit Initiation Form for an audit using the OAS, the lead auditor is required (as part of their certification obligations) to submit an Audit Initiation Form at least 30 days prior to the start date of the onsite portion of the audit, for each audit they conduct as lead auditor. Completion of the Audit Initiation Form by the agency or facility does not replace an auditor’s responsibility to complete the Audit Initiation Form. The purpose of this is to ensure accurate data collection and monitoring of auditor activity. Auditor reporting requirements may be found in chapter 11 of the PREA Auditor Handbook. 

Once the Audit Initiation Form has been submitted and the PRC has complete information, an OAS administrator will take the necessary steps to confirm that individuals requesting access to the system are in fact authorized to access the system and submit information relevant to the agency and facility. For auditors, the OAS administrators will confirm that the auditor has an active certification and has completed the annual information security course. 

For PREA Coordinators and PREA Compliance Managers, the OAS administrator will email the supervisor confirmation form(s) to the supervisor(s) indicated on the Audit Initiation Form. Each supervisor must complete and submit their supervisor confirmation form before the audit can proceed. Once the supervisor confirmation form has been submitted, an OAS administrator will call the supervisor to verify the information provided on the form. This two-step process is required to ensure that individuals with access to the system are authorized users. This helps to ensure the security of the system and to protect the materials stored in it. 

After the verification process is complete, an OAS administrator will set up the audit in the OAS and users will be granted access to the OAS. All users will receive emails from the OAS indicating that an audit has been initiated and that their account has been set up (see the OAS User Guides for more information).

Note: An audit cannot begin, and access to the OAS cannot be provided, until the verification process has been completed for all agency and facility users requesting access.

The OAS Paper Audit Reporting Portal provides a secure system for auditors who conduct their PREA audits using the paper audit instrument to upload their audit report, complete their post-audit reporting obligation, and upload the evidence used to make compliance determinations. The OAS Paper Audit Reporting Portal stores all important documents in one place without risking loss, theft, or any intercepted communications. 

Auditors who choose to report their audit using the OAS Paper Audit Reporting Portal must provide information about the audited facility, select overall compliance determinations, upload the final audit report, and complete the post-audit reporting information. The auditor may also upload documentation used to make compliance determinations. These steps are all completed directly within the Online Audit System; there is no need to complete any steps outside of the OAS. Completing and submitting an audit via the OAS Paper Audit Reporting Portal fulfills the auditor’s reporting requirements.  

Additional information on how to use the system, system features, and available training webinars will be accessible in the resources section in the PRC Training and Resource Portal. User guides and contact information for technology support can also be accessed below.

The PREA Online Audit System (OAS) allows users to complete facility or agency audits. The agency audit focuses on the audit of certain PREA Standards and provisions that either impose a burden solely on the confinement agency or for which the responsibility may be shared by the agency and its operated facilities. The results of an agency audit will be valid only for one year following the completion of the agency audit, and any facility audits initiated during that audit will benefit from the agency-level findings. If the agency audit becomes out of date, those Standards that are part of the agency audit will automatically become the responsibility of each facility auditor.  

Facility audits within that agency will not include a re-audit of those Standards and provisions that cover operations conducted solely by the agency or central office. However, certain Standards or provisions that are part of the agency audit may be re-audited at the facility level, if the facility has some responsibility separate from the agency's responsibility for those Standards or provisions. For example, if an agency has a collective bargaining agreement governed by Standard 115.66, but facilities within that agency have their own collective bargaining agreements with their staff, those facility agreements will have to be audited during the facility audit. If there are no separate facility agreements (i.e., the facility has no shared responsibility for the collective bargaining agreements), as determined by the facility auditor, then that Standard need not be audited at the facility level.

The OAS allows for the seamless sharing of specific information across audits within an agency, and allows an agency audit to suffice where only agency operations are implicated — thus creating tremendous efficiencies for auditors and agency- and facility-based staff who are responsible for preparing for an audit.

Use of the agency audit feature in the OAS also allows agencies to share extensive information prior to facility audits, without having to send that information separately to each facility. Once agency-level information is completed in the OAS, that information is available to each facility associated with the agency. When facility-based audit preparation begins, the facility PREA Coordinator or PREA Compliance Manager can pull relevant agency policies and information into the Pre-Audit Questionnaire for their facility audit. This reduces the burden on the facility and ensures that agency-level information is consistent across all facilities that benefit from the agency audit in a given year.  

Agency audit standards 

The agency audit is an audit of a limited number of PREA Standards that regulate operations and behaviors that take place solely at the agency or central office level, or that are a shared responsibility between the agency and its operated facilities. These Standards are:

• 115.11(b) PREA Coordinator
• 115.12 Contracting with other entities for the confinement of inmates
• 115.17 Hiring and promotion decisions
• 115.66 Preservation of ability to protect inmates from contact with abusers
• 115.87 Data collection
• 115.88 Data review for corrective action
• 115.89 Data storage, publication, destruction
• 115.401(a) and (b) Frequency and scope of audits
• 115.403(f) Audit content and findings

Facility and Agency Users

PREA Compliance Manager OAS User Manual
PREA Coordinator OAS User Manual

Auditors

PREA Auditor OAS User Manual

The Online Audit System (OAS) technical support team is available to answer any OAS-related questions, provide assistance with accessing or using the system, or to provide individual or group tutorials on how to get the most out of the OAS. 

For technology support with the OAS, please contact the PRC’s OAS technical support via email at techsupport@PREAaudit.org, or via our toll-free number at 800-279-2216.