PREA audit assignment system

On October 31, 2018, an amendment to the Prison Rape Elimination Act (PREA) was passed by Congress and signed into law under the U.S. Parole Commission Extension Act of 2018 (2018 PREA amendment). The 2018 PREA amendment includes a number of important changes to the PREA statute related to the oversight of PREA auditors certified by the Department of Justice (DOJ). These changes include the implementation of an audit assignment system, to be established and administered by the PREA Management Office, “for assigning certified auditors to Federal, State, and local facilities” (see 34 U.S.C. § 30307(e)(8)(C)). The full statute can be found here.

The PREA audit assignment system is informed by the insights and perspectives of impacted stakeholder groups—such as PREA auditors, PREA coordinators, adult and juvenile corrections directors, advocates, and other corrections and law enforcement practitioners—and serves the core goals of:

  • Training and certifying highly qualified candidates to become DOJ-certified PREA auditors. 
  • Evaluating the work of auditors and holding them accountable for meeting high standards of audit quality and integrity.  
  • Increasing auditors’ awareness of, and adherence to, DOJ certification requirements, including the PREA Auditor Code of Conduct. 
  • Improving transparency by providing corrections practitioners, advocates, families of incarcerated individuals, and other members of the public with real-time, actionable information about upcoming audits. 

The audit assignment system is comprised of the following five elements:

  1. PREA auditor training and certification program.
  2. Public, searchable database of DOJ-certified PREA auditors. 
  3. PREA audit oversight program designed to ensure the high quality and integrity of PREA audits.
  4. Audit initiation process, including submission of the audit contract, and rules for auditors to conduct PREA audits of local, state, and federal confinement facilities.
  5. Publicly available audit information.

Each element is described in greater detail below.

PREA Auditor Training and Certification Program

To be certified as a PREA auditor, auditor candidates must meet minimum experience requirements; submit a complete and accurate application; and successfully complete all training requirements, including:

  • Attendance and full participation in the PREA Auditor Candidate Training and Field Training Program
  • Completion of and achieving a passing score on pre- and post-training examinations
  • Passing a criminal records background check
  • Signing the Auditor Certification Agreement
  • Completion of all probationary certification status requirements 

The full PREA auditor certification and training process and requirements are detailed in the PREA Auditor Handbook.

Public, Searchable Database of DOJ-Certified PREA Auditors

Once certified by DOJ, the names of PREA auditors, including their certification date and certification type, are made publicly available on a searchable database located on the PREA Resource Center website. Agencies and facilities seeking an auditor, as well as DOJ-certified PREA auditors seeking audit support staff, are able to search the database for auditors. 

PREA Audit Oversight Program

The PREA Management Office operates under a statutory obligation to evaluate all PREA auditors for compliance with the Auditor Certification Agreement, the PREA Auditor Handbook, the DOJ Audit Instrument, and to take remedial or disciplinary action where necessary. See 34 U.S.C. § 30307(e)(8)(A)(iii). To fulfill its obligation to evaluate an auditor’s performance, the PREA Management Office, through the PREA Audit Oversight Program, monitors and reviews the work of DOJ-certified PREA auditors, with the goal of ensuring the high quality and integrity of PREA audits.

Auditors who fail to follow their certification requirements are subject to remedial or disciplinary action, up to and including suspension or decertification. Full details regarding the PREA Audit Oversight Program are provided in the PREA Auditor Handbook.

Audit Initiation Process and Rules

PREA audits may be conducted at the request of any federal, state, local, or private confinement facility, or any agency that oversees such a facility. A facility or agency may contact an auditor directly by using the searchable auditor database, or seek the services of an auditor through procurement announcements, advertisements, or other means. Auditors may also solicit work from agencies and facilities.

All DOJ-certified PREA auditors are required to comply with the conditions of the Auditor Certification Agreement when contracting for and conducting an audit. Specifically, the PREA Standards and PREA Auditor Handbook establish minimum guidelines for conducting high quality, reliable, objective, and comprehensive audits. These guidelines prohibit personal and financial conflicts of interest, require auditors to adhere to an auditor code of conduct, impose conditions on audit contracts and compensation (e.g., transparency, compliance with the PREA Standards and DOJ auditor certification requirements, restrictions on gifts); and establish a detailed PREA audit methodology that auditors are to follow. 

Once an agency or facility has identified and contracted with a PREA auditor, either directly or in coordination with a third party entity (e.g., the auditor’s current employer or a consulting firm), the following steps must be taken to initiate the audit and receive approval from the PREA Management Office. It is important to note that, pursuant to this FAQ issued by the DOJ PREA Working Group, auditors are required to be a party to the contract or agreement with the facility and/or agency to be audited.

Submission of an Audit Initiation Form. The Audit Initiation Form is used to initiate all audits. This form collects basic information from a PREA auditor about scheduled audits, including the expected dates for the onsite portion of the audit, the location of the audit, the facility and/or agency to be audited, and the auditing arrangement and compensation structure. All auditors must complete and submit, or confirm, the Audit Initiation Form for each audit they conduct as lead auditor. 

The auditor must submit or confirm the Audit Initiation Form at least 30 days prior to the first day of the auditor’s onsite visit to the facility.

As part of the audit assignment system, auditors are required to submit a copy of the audit contract with the audited agency and confirm that they are party to the contract or agreement with the audited facility and/or agency to be audited. Audit contracts will be reviewed during the approval process of the Audit Initiation Form to determine whether the minimum conditions, outlined below, are met. If an auditor is unable to meet one or more of the conditions and/or fails to fully and accurately complete or confirm the Audit Initiation Form, the auditor will not be approved to proceed with the audit. All auditing agreements must, at a minimum:

  1. Be signed by all relevant parties, including the audited agency, lead auditor, and third-party entity (e.g., the auditor’s current employer, an accreditation body, or a consulting firm), if applicable.
  2. Include the following information:
    • The name of the lead auditor.
    • The facility(ies) to be audited by the auditor.
    • Anticipated dates for the onsite phase of the audit(s).
    • With the exception of audits conducted as part of a circular auditing arrangement (i.e., audit consortium), fees, expenses, and other forms of compensation paid to the auditor for completing the agreed upon audit(s).

This condition applies whether the auditor is being compensated directly by the audited facility and/or agency or through a third-party entity (e.g., the auditor’s current employer, an accreditation body, or a consulting firm). Some facilities and/or agencies may contract with a third-party entity that assigns an auditor after the contract is executed. In such instances, prior to the submission or confirmation of the Audit Initiation Form, the auditor must ensure that the contract between the facility and/or agency and the third-party entity is amended or supplemented to include the lead auditor as one of the parties to the contract. When applying this requirement, the term “contract” is defined according to DOJ’s broad interpretation to include any memorandum of understanding or intergovernmental or interagency agreement. 

For a downloadable checklist that details the contract elements required by the Audit Assignment System, click here

And for an up-to-date response to questions that have been raised about these requirements, see this downloadable information sheet.

Additionally, the auditor must sign a confirmation attesting to the following conditions for the relevant audit: 

  • The auditor does not have any conflict of interest (as defined in the PREA Standards and the PREA Auditor Handbook).
  • The auditor agrees to abide by the requirements of the Auditor Certification Agreement.
  • The auditor is a party to the contract or agreement with the facility and/or agency to be audited (as detailed in the PREA Auditor Handbook).

Audit Initiation Form Approval. If all the above conditions are met and the auditor fully and accurately completes or confirms the Audit Initiation Form 30 days prior to the first day of the auditor’s onsite visit to the facility, the auditor will be approved to proceed with the audit and will receive an email notification of such. Auditors are not to proceed with an audit unless an approval email has been issued by the PREA Management Office granting the auditor permission to conduct the audit. This approval applies only to the auditor who is named in the Audit Initiation Form as lead auditor. If the lead auditor approved to conduct the audit is unable to complete the audit, another auditor may not proceed as lead auditor without first submitting or confirming an Audit Initiation Form.   

If an auditor is unable to meet one or more of the conditions and/or fails to fully and accurately complete or confirm the Audit Initiation Form, the auditor will not be approved to proceed with the audit. If an auditor conducts an audit without first receiving approval, he or she will be subject to disciplinary action by the PREA Management Office, up to and including suspension or decertification. Such disciplinary action against the auditor will not impact the validity of a completed audit for which the auditor failed to obtain prior approval. 

If an auditor fails to submit or confirm the Audit Initiation Form at least 30 days prior to the first day of the onsite portion of the audit, he or she will be prompted to provide an explanation for the late submission. Auditors who consistently fail to submit or confirm the Audit Initiation Form by the deadline may be subject to disciplinary action by the PREA Management Office. 

Publicly Available Audit Information

Once the Audit Initiation Form is approved, information about the audit will be posted to the PREA Resource Center website so that corrections practitioners, advocates, families of incarcerated individuals, and other members of the public can view a list of upcoming audits. The website will include details about each audit, including the assigned auditor, facility and agency information, scheduled onsite audit dates, and a copy of the final PREA audit report once completed. A link will be provided so that interested stakeholders can contact the auditor directly to provide information about relevant conditions at the facility. 

The website will also include a link to the Auditor Feedback Form so that stakeholders can submit information regarding an assigned auditor to the PREA Management Office. In the event that the PREA Management Office receives credible allegations that an auditor violated his or her auditor certification requirements in the course of an audit, the PREA Management Office may take appropriate disciplinary action against the auditor, up to and including suspension or decertification, as described in the PREA Auditor Handbook. In cases where disciplinary action is taken against an auditor, depending on when the complaint is received and the timing of the audit, the PREA Management Office may notify the agency/facility so that it may identify a different auditor to conduct the audit, if warranted.

Contracting for an audit

PREA audits are conducted at the request of any federal, state, local, or private confinement facility, or any agency that oversees such a facility. A facility or agency may contact an auditor directly (the PRC maintains a directory of DOJ-certified auditors) or seek the services of an auditor through procurement announcements, advertisements, or other means. Auditors themselves may also solicit work from agencies and facilities, consistent with the underlying ethical requirements stated in the PREA Auditor Handbook.

PREA audits can only be conducted by individuals certified by DOJ and who possess a currently active certification. The process of finding an active, certified auditor and securing an audit agreement is up to the agency and/or facility in need of an audit. Neither DOJ nor the PRC are involved in the contracting, scheduling, or fee schedules associated with PREA audits. 

Contracting party: lead auditors and audit support staff

Each PREA audit must have one lead auditor who is responsible for the conduct of the audit and all work products. A lead auditor can, however, employ other DOJ-certified PREA auditors to function as secondary auditors. The DOJ PREA Management Office strongly encourages this kind of collaboration among certified auditors. The lead auditor may also employ support staff who are not DOJ-certified auditors to assist with auditing tasks. It is important to know that auditors who have been decertified or who are on suspension may not participate in PREA audits, including as a subcontracted agent of a PREA auditor. See 34 U.S.C. §30307(e)(8)(B)(i). Agencies and facilities searching for an auditor, as well as DOJ-certified PREA auditors seeking audit support staff, are strongly encouraged to check the list for the names of auditors who have been decertified and auditors who are suspended, to ensure that the selected auditor and any support staff employed by the auditor are eligible to conduct a PREA audit.

Contracting party: agencies and facilities

Agencies and facilities should be aware that auditors have minimum requirements for the proper conduct of an audit (including, for example, compliance with the audit methodology requirements in the PREA Standards and PREA Auditor Handbook, and allowing for an adequate amount of time spent on site), and no agreement for auditing services should include provisions that conflict with these minimum requirements. In addition, DOJ requires, at minimum, that audit contracts: are transparent; describe the roles and responsibilities of all third parties and support staff; and allow for corrective action planning and implementation. 

Facilities or agencies may wish to engage in reciprocal auditing or circular auditing. Reciprocal auditing occurs when auditors employed by two different agencies or facilities audit each other’s agency or facility. Circular auditing occurs when a consortium of three or more states or local jurisdictions agree to perform no-cost audits within the consortium.

Reciprocal auditing is only permitted if the audits are conducted 12 months or more apart (see full FAQ). Similarly, circular audits are permissible so long as no impermissible reciprocal audits occur. Agreements for these arrangements usually result from negotiations among the agencies involved; however, agencies in reciprocal or circular auditing arrangements should know that DOJ requires that the lead auditor must be a party to the contract or other agreement that underlies the audit.

Contracting party: third-party entities

Auditors may work as independent contractors or conduct audits through a third-party entity (e.g., their current employer, an accreditation body, or a consulting firm).

Auditors who conduct audits through a third-party entity (e.g., for an accreditation body or consulting firm), whether as an employee or a contractor, must exercise independence and integrity when making their determinations regarding compliance with the PREA Standards. Each certified auditor, regardless of whether he or she works independently or through a third-party entity, is personally accountable for complying with all of DOJ’s certification requirements and for the accuracy of his or her audit findings.

Employees of correctional agencies can be certified by DOJ to conduct PREA audits. However, an auditor may not conduct an official PREA audit for any agency or facility under the authority of that agency, including a private facility operated by contract, if the auditor is or has been employed by or otherwise received financial compensation from that agency, facility, or contractor within the past 3 years. Employment within the same state or local government does not disqualify the auditor, so long as the auditor is not employed directly by or under the agency that operates the facility being audited (§115.402).

Auditor restrictions on gifts

Agencies and facilities should understand that no DOJ-certified PREA auditor, or any non-certified support staff hired to assist an auditor, may either solicit or accept a gift from any entity or party who has an interest related to the outcome of a particular PREA audit in which that person is participating. DOJ defines a “gift” as anything that has monetary value such as items, food and beverages, or services.