Access the Online Audit System
Standard 115.401(d) requires DOJ to “develop and issue an audit instrument that will provide guidance on the conduct of and contents of the audit.” To fulfill this requirement, DOJ developed an audit instrument for each set of PREA Standards: prisons and jails, lockups, community confinement facilities, and juvenile facilities. Each instrument includes a series of guiding documents and tools that auditors are required to use when conducting an audit.
The audit instrument is comprised of two components:
- The core components consist of the Pre-Audit Questionnaire, the Auditor Compliance Tool, and the Audit Report Template. These core components are built directly into the Online Audit Instrument and automatically populate designated information from one component to the next.
- The evidence collection components include the interview protocols, site review instructions, and checklist of documentation. The evidence collection components of the audit instrument are accessible via the PRC website and are intended to direct auditors on the identification and collection of the necessary evidence base required to demonstrate the audited facility’s compliance in practice.
As of June 30, 2022, all auditors are required to use the Online Audit System for conducting and reporting PREA audits. The PREA Management Office will consider, on a case-by-case basis, exceptions that may require an auditor to conduct an audit using the paper audit instrument. In these rare circumstances, auditors approved to conduct an audit using the paper audit instrument will be required to complete their reporting requirements using the OAS Paper Audit Reporting Portal. Auditors should be aware that these approvals will be exceptional and limited.
More details about the OAS
The PREA Online Audit System (OAS) is designed to help agencies, facilities, and auditors to streamline, organize, and automate much of the PREA audit process in a secure, user-friendly environment. The OAS is built in a secure environment that meets rigorous federal security requirements mandated by the Federal Information Security Management Act (FISMA), and provides a safe electronic platform for agencies/facilities and auditors to communicate and share information securely. Agencies/facilities can upload sensitive audit documentation, including documentation that contains personally identifying information (PII) or personal health information (PHI); and auditors are able to access and review this documentation directly within the secure environment. This eliminates the need to use less secure means of communication and information exchange. The OAS also enables useful storage features, such as a document library and links of documents to relevant Standards, which helps to streamline the audit process.
Additional information on how to use the system, system features, and available training webinars can be accessed in the Resources section in the Auditor Portal. User guides and contact information for technology support can also be accessed below.
You will also find a short video below that introduces the OAS and explains its basic functions and features. Auditors should note that the video is also one part of a required course accessible on the PRC Training and Resource Portal.
Audit and user account creation in the Online Audit System
As detailed in the Audit Initiation section, the Audit Initiation Form must be used to initiate all audits.
Once the Audit Initiation Form has been submitted and the PRC has complete information, an OAS administrator will take the necessary steps to confirm that all individuals requesting access to the system are in fact authorized.
For auditors, the OAS administrators will confirm that the auditor has an active certification, has completed the annual information security course, and has been approved by the PREA Management Office to proceed with the audit (as outlined in the PREA Audit Assignment System tab found here).
For PREA Coordinators and PREA Compliance Managers who are new to the OAS, an OAS administrator will complete the new user confirmation process. First, an administrator will email the Supervisor Confirmation Form(s) to the supervisor(s) indicated on the Audit Initiation Form. Each supervisor must complete and submit their Supervisor Confirmation Form. Once their forms have been submitted, an OAS administrator will call the supervisor to verify the information provided on the form. This two-step process is required to ensure that individuals with access to the system are authorized users. This helps to maintain the security of the system and to protect the materials stored in it. Once a PREA Coordinator or Compliance Manager is confirmed, their confirmation is valid for one year. After one year, all users will need to be reconfirmed (see below).
For PREA Coordinators and PREA Compliance Managers with existing OAS accounts, an OAS administrator will check to see whether the user requesting access has been confirmed at their role for the facility or agency in the past year. If the user has been confirmed at their role for the facility or agency in the past year, the OAS administrator does not need to complete the reconfirmation process. If the user has not been reconfirmed within the past year, the OAS administrator will send an email to the user’s supervisor to confirm that the user is still in the same role. Verbal communication is not required for reconfirmation. Finally, if a user has an existing OAS account, but has changed role, facility, or agency, the OAS administrator will need to complete the new user confirmation process.
After the verification process is complete, an OAS administrator will set up the audit and users will be granted access to the OAS. All users will receive emails from the OAS indicating that an audit has been created and that their account has been set up (see the OAS User Guides for more information). Users who are new to the Online Audit System will receive a separate email from the OAS with their log-in information. New users should log in to the OAS as soon as possible after receiving this initial email to set up their password and two factor authentication (Duo authentication).
Note: An audit cannot begin, and access to the OAS cannot be provided, until the verification process has been completed.
For questions about audit and user account creation in the Online Audit System, contact OAS tech support.
The OAS agency audit
The PREA Online Audit System (OAS) allows users to complete facility or agency audits. The agency audit focuses on the audit of certain PREA Standards and provisions that either impose a burden solely on the confinement agency or for which the responsibility may be shared by the agency and its operated facilities. The results of an agency audit will be valid only for one year following the completion of the agency audit, and any facility audits initiated during that audit will benefit from the agency-level findings. If the agency audit becomes out of date, those Standards that are part of the agency audit will automatically become the responsibility of each facility auditor.
Facility audits within that agency will not include a re-audit of those Standards and provisions that cover operations conducted solely by the agency or central office. However, certain Standards or provisions that are part of the agency audit may be re-audited at the facility level, if the facility has some responsibility separate from the agency's responsibility for those Standards or provisions. For example, if an agency has a collective bargaining agreement governed by Standard 115.66, but facilities within that agency have their own collective bargaining agreements with their staff, those facility agreements will have to be audited during the facility audit. If there are no separate facility agreements (i.e., the facility has no shared responsibility for the collective bargaining agreements), as determined by the facility auditor, then that Standard need not be audited at the facility level.
The OAS allows for the seamless sharing of specific information across audits within an agency, and allows an agency audit to suffice where only agency operations are implicated — thus creating tremendous efficiencies for auditors and agency- and facility-based staff who are responsible for preparing for an audit.
Use of the agency audit feature in the OAS also allows agencies to share extensive information prior to facility audits, without having to send that information separately to each facility. Once agency-level information is completed in the OAS, that information is available to each facility associated with the agency. When facility-based audit preparation begins, the facility PREA Coordinator or PREA Compliance Manager can pull relevant agency policies and information into the Pre-Audit Questionnaire for their facility audit. This reduces the burden on the facility and ensures that agency-level information is consistent across all facilities that benefit from the agency audit in a given year.
Agency audit standards
The agency audit is an audit of a limited number of PREA Standards that regulate operations and behaviors that take place solely at the agency or central office level, or that are a shared responsibility between the agency and its operated facilities. These Standards are:
- 115.11(b) PREA Coordinator
- 115.12 Contracting with other entities for the confinement of inmates
- 115.17 Hiring and promotion decisions
- 115.66 Preservation of ability to protect inmates from contact with abusers
- 115.87 Data collection
- 115.88 Data review for corrective action
- 115.89 Data storage, publication, destruction
- 115.401(a) and (b) Frequency and scope of audits
- 115.403(f) Audit content and findings
Facility and Agency User Guides
PREA Compliance Manager OAS User Manual
PREA Coordinator OAS User Manual
Auditor User Guide
Issue Log Instructions
PDF of Revised Post-Audit Reporting Information Questions (Dec 2021)
This document was generated from the Online Audit System. While the formatting of this document will be different from the formatting in the system itself, the content is the same. Refer to the OAS for the final polished version of the post-audit reporting information questions.