Auditors are permitted and encouraged to conduct the majority of their documentation collection and review remotely; this applies to auditors conducting facility- and agency-level audits. Auditors should use the onsite portion of the audit as an opportunity to supplement the documentation selection conducted pre-onsite by sampling:
- Any documents that could not be obtained prior to the onsite audit (e.g., documents that were unavailable pre-onsite, documents of allegations in the period of time between the submission of the PAQ and the onsite phase of the audit, documents that have been updated/revised prior to the onsite phase of the audit).
- Relevant records for persons confined in the facility, staff, contractors, and volunteers who the auditor interviewed onsite (e.g., training records, background check records, risk screening records, education records of confined persons, medical files, and investigative files) for corroboration purposes.
Auditors must follow the relevant PREA Standards (including 115.401(f), 115.401(g), 115.401(i), and 115.401(l)), and should carefully review the Auditor Compliance Tool and the Checklist of Documentation to confirm that they have reviewed all relevant documentation for each audit. Even remotely, auditors are always required to select documents for review, themselves, and must not rely on the facility or agency to make these selections.6
The Online Audit System provides a secure, electronic platform for auditors to collect and review sensitive audit documentation, including audit documentation that contains Personally Identifying Information (PII) or Personal Health Information (PHI), provided by audited facilities and agencies. The Online Audit System keeps all important documents in one place without risking loss, theft, or intercepted communications.
6 PREA Auditor Handbook, p.59.