The PREA Online Audit System (OAS) is designed to help agencies, facilities, and auditors to streamline, organize, and automate much of the PREA audit process in a secure, user-friendly environment. The OAS is built in a secure environment that meets rigorous federal security requirements mandated by the Federal Information Security Management Act (FISMA), and provides a safe electronic platform for agencies/facilities and auditors to communicate and share information securely. Agencies/facilities can upload sensitive audit documentation, including documentation that contains personally identifying information (PII) or personal health information (PHI); and auditors are able to access and review this documentation directly within the secure environment. This eliminates the need to use less secure means of communication and information exchange. The OAS also enables useful storage features, such as a document library and links of documents to relevant Standards, which helps to streamline the audit process.
There are currently two ways that auditors can use the OAS:
- conduct the audit and complete their reporting requirements fully in the OAS; or
- conduct the audit using the paper audit instruments and complete their reporting requirements in the OAS Paper Audit Reporting Portal. The OAS Paper Audit Reporting Portal allows auditors using the paper audit instruments to conduct an audit to complete their reporting requirements and upload audit documentation within the OAS. Auditors may opt to upload documentation to the OAS to satisfy their documentation retention requirements. Auditors may also be required to upload documentation to the OAS if DOJ requests documentation for selected audits.
Starting in Spring 2022, the paper audit instrument option will be retired, and auditors will be required to use the OAS to conduct audits and complete their reporting requirements. After this transition is complete, in Spring 2022, the PREA Management Office will consider, on a case-by-case basis, exceptions that may require an auditor to conduct an audit using the paper audit instrument. In these rare circumstances, auditors approved to conduct an audit using the paper audit instrument will be required to complete their reporting requirements using the OAS Paper Audit Reporting Portal. Auditors should be aware that these approvals will be exceptional, and all audit stakeholders should be prepared to use the OAS as required by Spring 2022.
Additional information on how to use the system, system features, and available training webinars can be accessed in the Resources section in the Auditor Portal. User guides and contact information for technology support can also be accessed below.
Click the icon below to view a short video that introduces the OAS and explains its basic functions and features. Auditors should note that the video is also one part of a required course accessible on the PRC Training and Resource Portal.
As detailed in the Audit Initiation section, the Audit Initiation Form must be used to initiate all audits.
Once the Audit Initiation Form has been submitted and the PRC has complete information, an OAS administrator will take the necessary steps to confirm that all individuals requesting access to the system are in fact authorized.
For auditors, the OAS administrators will confirm that the auditor has an active certification and has completed the annual information security course.
For PREA Coordinators and PREA Compliance Managers who are new to the OAS, the OAS administrator will complete the new user confirmation process. The first step in the new user confirmation process is to email the Supervisor Confirmation Form(s) to the supervisor(s) indicated on the Audit Initiation Form. Each supervisor must complete and submit their Supervisor Confirmation Form. Once their forms have been submitted, an OAS administrator will call the supervisor to verify the information provided on the form. This two-step process is required to ensure that individuals with access to the system are authorized users. This helps to maintain the security of the system and to protect the materials stored in it. Once a PREA Coordinator or Compliance Manager is confirmed, their confirmation is valid for one year. After one year, all users will need to be reconfirmed (see below).
For PREA Coordinators and PREA Compliance Managers with existing OAS accounts, the OAS administrator will check to see whether the user requesting access has been confirmed at their role for the facility or agency in the past year. If the user has been confirmed at their role for the facility or agency in the past year, the OAS administrator does not need to complete the reconfirmation process. If the user has not been reconfirmed within the past year, the OAS administrator will send an email to the user’s supervisor to confirm they are still in the same role. Verbal communication is not required for reconfirmation. Finally, if a user has an existing OAS account, but has changed role, facility, or agency, the OAS administrator will need to complete the new user confirmation process.
After the verification process is complete, an OAS administrator will set up the audit and users will be granted access to the OAS. All users will receive emails from the OAS indicating that an audit has been created and that their account has been set up (see the OAS User Guides for more information). Users who are new to the Online Audit System will receive a separate email from the OAS with their log-in information. New users should log in to the OAS as soon as possible after receiving this initial email to set up their password and two factor authentication (Duo authentication).
Note: An audit cannot begin, and access to the OAS cannot be provided, until the verification process has been completed.
For questions about audit and user account creation in the Online Audit System, contact OAS tech support.
The OAS Paper Audit Reporting Portal provides a secure system for auditors who conduct their PREA audits using the paper audit instrument to upload their audit report, complete their post-audit reporting obligation, and upload the evidence used to make compliance determinations. The OAS Paper Audit Reporting Portal stores all important documents in one place without risking loss, theft, or any intercepted communications.
Auditors who choose to report their audit using the OAS Paper Audit Reporting Portal must provide information about the audited facility, select overall compliance determinations, upload the final audit report, and complete the post-audit reporting information. The auditor may also upload documentation used to make compliance determinations. These steps are all completed directly within the Online Audit System; there is no need to complete any steps outside of the OAS. Completing and submitting an audit via the OAS Paper Audit Reporting Portal fulfills the auditor’s reporting requirements.
Additional information on how to use the system, system features, and available training webinars will be accessible in the resources section in the PRC Training and Resource Portal. User guides and contact information for technology support can also be accessed below.
The PREA Online Audit System (OAS) allows users to complete facility or agency audits. The agency audit focuses on the audit of certain PREA Standards and provisions that either impose a burden solely on the confinement agency or for which the responsibility may be shared by the agency and its operated facilities. The results of an agency audit will be valid only for one year following the completion of the agency audit, and any facility audits initiated during that audit will benefit from the agency-level findings. If the agency audit becomes out of date, those Standards that are part of the agency audit will automatically become the responsibility of each facility auditor.
Facility audits within that agency will not include a re-audit of those Standards and provisions that cover operations conducted solely by the agency or central office. However, certain Standards or provisions that are part of the agency audit may be re-audited at the facility level, if the facility has some responsibility separate from the agency's responsibility for those Standards or provisions. For example, if an agency has a collective bargaining agreement governed by Standard 115.66, but facilities within that agency have their own collective bargaining agreements with their staff, those facility agreements will have to be audited during the facility audit. If there are no separate facility agreements (i.e., the facility has no shared responsibility for the collective bargaining agreements), as determined by the facility auditor, then that Standard need not be audited at the facility level.
The OAS allows for the seamless sharing of specific information across audits within an agency, and allows an agency audit to suffice where only agency operations are implicated — thus creating tremendous efficiencies for auditors and agency- and facility-based staff who are responsible for preparing for an audit.
Use of the agency audit feature in the OAS also allows agencies to share extensive information prior to facility audits, without having to send that information separately to each facility. Once agency-level information is completed in the OAS, that information is available to each facility associated with the agency. When facility-based audit preparation begins, the facility PREA Coordinator or PREA Compliance Manager can pull relevant agency policies and information into the Pre-Audit Questionnaire for their facility audit. This reduces the burden on the facility and ensures that agency-level information is consistent across all facilities that benefit from the agency audit in a given year.
Agency audit standards
The agency audit is an audit of a limited number of PREA Standards that regulate operations and behaviors that take place solely at the agency or central office level, or that are a shared responsibility between the agency and its operated facilities. These Standards are:
- 115.11(b) PREA Coordinator
- 115.12 Contracting with other entities for the confinement of inmates
- 115.17 Hiring and promotion decisions
- 115.66 Preservation of ability to protect inmates from contact with abusers
- 115.87 Data collection
- 115.88 Data review for corrective action
- 115.89 Data storage, publication, destruction
- 115.401(a) and (b) Frequency and scope of audits
- 115.403(f) Audit content and findings
Facility and Agency User Guides
Auditor User Guide
Issue Log Instructions
PDF of Revised Post-Audit Reporting Information Questions (Dec 2021)
This document was generated from the Online Audit System. While the formatting of this document will be different from the formatting in the system itself, the content is the same. Refer to the OAS for the final polished version of the post-audit reporting information questions.
The Online Audit System (OAS) technical support team is available to answer any OAS-related questions, provide assistance with accessing or using the system, or to provide individual or group tutorials on how to get the most out of the OAS.
For technology support with the OAS, please contact the PRC’s OAS technical support via email at techsupport@PREAaudit.org, or via our toll-free number at 800-279-2216.
To provide feedback and/or suggestions for the OAS, please complete the OAS feedback form.