As detailed above, the Audit Initiation Form must be used to initiate all audits. To initiate an audit in the OAS, the form can be completed by the lead auditor or by an authorized representative of the agency or facility being audited.
Auditors please note: regardless of whether an agency or facility representative completes the Audit Initiation Form for an audit using the OAS, the lead auditor is required (as part of their certification obligations) to submit an Audit Initiation Form at least 30 days prior to the start date of the onsite portion of the audit, for each audit they conduct as lead auditor. Completion of the Audit Initiation Form by the agency or facility does not replace an auditor’s responsibility to complete the Audit Initiation Form. The purpose of this is to ensure accurate data collection and monitoring of auditor activity. Auditor reporting requirements may be found in chapter 11 of the PREA Auditor Handbook.
Once the Audit Initiation Form has been submitted and the PRC has complete information, an OAS administrator will take the necessary steps to confirm that individuals requesting access to the system are in fact authorized to access the system and submit information relevant to the agency and facility. For auditors, the OAS administrators will confirm that the auditor has an active certification and has completed the annual information security course.
For PREA Coordinators and PREA Compliance Managers, the OAS administrator will email the supervisor confirmation form(s) to the supervisor(s) indicated on the Audit Initiation Form. Each supervisor must complete and submit their supervisor confirmation form before the audit can proceed. Once the supervisor confirmation form has been submitted, an OAS administrator will call the supervisor to verify the information provided on the form. This two-step process is required to ensure that individuals with access to the system are authorized users. This helps to ensure the security of the system and to protect the materials stored in it.
After the verification process is complete, an OAS administrator will set up the audit in the OAS and users will be granted access to the OAS. All users will receive emails from the OAS indicating that an audit has been initiated and that their account has been set up (see the OAS User Guides for more information).
Note: An audit cannot begin, and access to the OAS cannot be provided, until the verification process has been completed for all agency and facility users requesting access.