In regard to standards 115.21, 115.22, 115.34, and 115.71, what is required of agencies being audited, auditors, and external entities that conduct investigations of sexual abuse and harassment, and how will these obligations be audited?
There has been confusion in the field and among the auditor community about the requirements of standards 115.21, 115.22, 115.34, and 115.71 as they pertain to investigators who are external to the agency being audited. The following guidance is offered to auditors and agencies subject to a PREA audit in order to clarify what obligations auditors and audited agencies have vis-à-vis those provisions that obligate external investigative agencies to comply.
The information in this FAQ is consistent with and expands upon the FAQ that focuses on whether an auditor can find an entity being audited to be compliant with the PREA Standards if an entity external to the confining agency, which conducts criminal investigations of sexual abuse in the facility being audited, is not compliant with the external investigative entity’s obligations under the standards. To review this FAQ, please click here.
Responsibilities of Audited Agencies and Auditors under Standard 115.21
Under standard 115.21, the agency (a private, federal, state, county, or other local entity) being audited must demonstrate to the auditor that it has attempted to gain compliance from an external entity that conducts criminal investigations of sexual abuse with requirements (a) through (e) of that standard—that is, the agency being audited must have requested that the external entity responsible for investigations comply with all those provisions described in (a) through (e) of standard 115.21.
Auditors may find that the private, federal, state, county, or other local entity being audited has attempted to confirm that an external investigator is complying with (a) through (e) of the standard, and was unable to get such confirmation. In that case, the agency being audited can be found compliant with the standard, if they have documented these efforts.
Responsibilities of Audited Agencies and Auditors under Standard 115.22
The requirements of standard 115.22 work in a way that is consistent with standard 115.21. If an external entity conducts criminal investigations of sexual abuse for the agency (a private, federal, state, county, or other local entity) being audited, the agency must have a policy in place that makes explicit both the responsibilities of the agency in a criminal investigation and the corresponding responsibilities of the external investigating entity. The agency being audited also must publish that policy on its website or make it available through other means if the agency has no website of its own. There is no exception here—the policy must be in place, as it is an agency policy, not the policy of the external investigator, and the agency can describe the respective roles and responsibilities in its own policy, regardless of whether the external investigating entity has a corresponding policy of its own.
Auditors must confirm that a policy is in place that makes explicit both the responsibilities of the agency in a criminal investigation and the corresponding responsibilities of the external investigating entity, and that the agency has published that policy on its website or has made it available through other means if the agency has no website of its own.
Responsibilities of Audited Agencies and Auditors under Standard 115.34
Standard 115.34 describes the specialized training that the agency being audited must provide to its investigators in order to be PREA compliant. This standard further requires that, “any State entity or Department of Justice component that investigates sexual abuse in confinement settings must provide such training to its agents and investigators who conduct such investigations.”
The obligation of the agency being audited is to provide the required specialized training to its own investigators if they conduct sexual abuse investigations, whether administrative or criminal. External State and Department of Justice investigative entities that conduct investigations of sexual abuse in confinement bear a separate obligation to train their agents and investigators per the standard, and that obligation does not lie with the agency being audited. Auditors should not assess compliance with these training requirements by external entities.
Responsibilities of Audited Agencies and Auditors under Standard 115.71
Standard 115.71(a)-(j) sets out the requirements for both administrative and criminal investigations of sexual abuse and sexual harassment, and describes when, how, and by what standards those investigations should be conducted. standard 115.71(a)-(j) also reiterates the requirement that investigators who conduct those investigations must have received specialized training described in standard 115.34.
Standard 115.71(k) requires that any external State entity or Department of Justice component that conducts these investigations in a confinement setting do so according to the requirements laid out in this standard.
Standard 115.71(l) requires that the facility being audited cooperate with any outside investigative agency conducting sexual abuse investigations in the facility and must remain informed about the progress of the investigation.
The obligations under standard 115.71 of the agency being audited are to ensure that:
Its own investigators comply with this standard;
It cooperates with external investigators; and
It remain informed about any investigation being conducted by external investigators.
It is the responsibility of auditors to assess whether these obligations are being met by the agency being audited.
The obligation placed on external State entities and Department of Justice component investigators conducting sexual abuse investigations in a confinement facility to comply with the requirements laid out in this standard rests with the State entity or Department of Justice component. Auditors should not assess compliance with these obligations by external entities.
Summary of Implications for Auditors
Consistent with the requirements stated above of standards 115.21,115.22, 115.34, and 115.71, and as articulated in the FAQ that can be accessed by clicking here, the Department of Justice (DOJ) has determined that auditors should not:
Assess whether external entities that conduct criminal investigations of sexual abuse and sexual harassment for the agency being audited are in compliance with the PREA Standards. The sole focus of the audit is to determine whether the agency (a private, federal, state, county, or other local entity) being audited is in compliance with the standards.
Include in interim or final audit reports information about compliance with the standards on the part of external entities that conduct criminal investigations of sexual abuse and sexual harassment. The sole focus of these reports is to document whether the agency (a private, federal, state, county, or other local entity) is in compliance with the standards.
Affirmative Obligations of External Entities that Conduct Investigations to Comply with the PREA Standards
Standards 115.21, 115.22, 115.34, and 115.71 do impose affirmative obligations to comply on both external State entities and Department of Justice (DOJ) components that conduct sexual abuse investigations in confinement. Nothing in this guidance changes that obligation. However, confirming compliance with these standards by external entities during a corrections facility/agency audit is beyond the scope of that audit. DOJ is working to develop tools to assist these external entities, state and territorial governors who are responsible for certifying full compliance with the PREA Standards, and others to assess whether these external entities are in compliance with their affirmative obligations under the standards.