Skip navigation

PREAAuditorHandbookAugust 2017

Download original document:
Brief thumbnail
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
PREA Auditor Handbook
PREA Management Office
Bureau of Justice Assistance
Office of Justice Programs
U.S. Department of Justice

National PREA Resource Center
Version 1.0
August 2017

Available online at https://www.prearesourcecenter.org/node/5341

Contents
Section I.

Background and Overview ........................................................................................ 1
Purpose of the PREA Auditor Handbook ............................................................... 1
About PREA and the Standards ............................................................................. 1

Section II.

Contracting for a PREA Audit .................................................................................... 4
Auditing Arrangements ......................................................................................... 4
Audit Contracts and Compensation ...................................................................... 5

Section III.

Auditor Code of Conduct .......................................................................................... 8
Guiding Auditor Code of Conduct Principles......................................................... 9
Identifying Potential Conflicts of Interest ........................................................... 13

Section IV.

Auditor Certification Requirements........................................................................ 15
PREA Auditor Certification Process ..................................................................... 15
Dual Certification................................................................................................. 17
Field Training Program ........................................................................................ 18
Probationary Certification Status .................................................................... 19
Auditor Reporting Requirements .................................................................... 25
Continuing Education Requirements............................................................... 27
Complaints or Concerns about Auditor Conduct ............................................ 27

Section V.

PREA Audit Methodology........................................................................................ 28
PREA Audit Instrument .................................................................................... 29
Phase One: Pre-Onsite Audit ........................................................................... 30
Phase Two: Onsite Audit ................................................................................. 39
Phase Three: Evidence Review and Interim Report ........................................ 62
Phase Four: Corrective Action and Final Report ............................................. 66
Post-Audit ........................................................................................................ 70

Section VI.

Audit Oversight ....................................................................................................... 71
Audit Assessment ............................................................................................ 72
Quality Improvement Program ....................................................................... 72
Peer Review ..................................................................................................... 74
Disciplinary Review .......................................................................................... 75
Remediation .................................................................................................... 77
Impact of Audit Oversight ............................................................................... 78
i

Section VII. Maintaining, Losing, or Giving up Certification ...................................................... 79
Voluntary Surrender of Certification ............................................................... 79
Auditor Recertification .................................................................................... 80
Auditor Suspension and Decertification .......................................................... 84
Section VIII. Auditor Resources ................................................................................................... 87
Training, Education, and Assistance for Auditors............................................ 87

Appendices

Auditor Certification Agreement .................................................................................................. 88

ii

Section I. Background and Overview
Purpose of the PREA Auditor Handbook
The purpose of the PREA Auditor Handbook (Handbook) is to articulate the Department of
Justice’s (DOJ’s) expectations for all DOJ-certified PREA auditors, establish requirements for
auditor conduct and audit methodology, provide transparency to all stakeholders regarding the
expected audit methodology, and serve as an easy-to-use reference guide for conducting high
quality, objective, comprehensive, and reliable PREA audits. The Handbook covers the
following core topics:
IMPORTANT
• Auditing contracts and compensation
• Code of conduct governing auditors
PREA auditors are required to
read this Handbook and should
• Conflicts of interest
refer to it often in the course of
• Process for becoming a DOJ-certified PREA auditor
their work. Auditors must uphold
• Requirements for maintaining DOJ PREA auditor
the requirements included in this
certification
Handbook in order to maintain
• Auditor’s role and the PREA audit process
their DOJ certification. Failure to
• The PREA Management Office’s oversight of the
follow the requirements in the
Handbook will result in
PREA audit function
disciplinary review (see Chapter
• Auditor recertification process and disciplinary
23) by the PREA Management
action by the PREA Management Office
Office, which may impact an
• Auditor resources
auditor’s DOJ certification.
Although the Handbook contains much of the essential
information that auditors need to know, it is a living document that will need to be updated and
adapted over time to meet the evolving needs of DOJ, PREA auditors, and the field.
If auditors have questions about the PREA audit process, the role of an auditor, auditor
certification requirements, or any issues that are not covered in the Handbook, they should
refer to the frequently asked questions (FAQs) issued by the DOJ PREA Working Group, which
are updated regularly on the PREA Resource Center website (see
www.prearesourcecenter.org/frequently-asked-questions). In addition, auditors can contact
the PREA Management Office by sending an email to PREACompliance@usdoj.gov or contact
the PREA Resource Center by submitting an Auditor Helpdesk Form available on the Auditor
Continuing Education and Resource Portal (Auditor Portal).

About PREA and the Standards
The Prison Rape Elimination Act (PREA) (codified at 42 U.S.C. § 15601 et seq.), created to
protect individuals from sexual abuse and sexual harassment in confinement facilities, was
passed in 2003 with unanimous support from both parties in Congress. In addition to providing
federal funding for research on sexual abuse in confinement facilities, a demonstration grant
program for state, local, and tribal jurisdictions to establish “zero tolerance” cultures for sexual
abuse and sexual harassment in confinement, and the provision of training and technical
1

assistance, PREA mandated the development of national standards to achieve the goals set
forth under the statute.
The National Prison Rape Elimination Commission (Commission) was created by PREA and
charged with developing recommended national standards for reducing sexual abuse in
confinement. A report containing the recommended national standards was published in June
2009 and conveyed to DOJ. (42 U.S.C. § 15606(e)). After extensive public comment periods and
subsequent revisions, DOJ published the final PREA Standards (Standards) in the Federal
Register on June 20, 2012 (see www.prearesourcecenter.org/sites/default/files/library/201212427.pdf). The Standards became effective on August 20, 2012 and apply to adult prisons and
jails, juvenile facilities, lockups, and community confinement facilities. The first 3-year audit
cycle began a year later on August 20, 2013.
DOJ PREA Working Group
The DOJ PREA Working Group was first established by the Attorney General to review the
Commission’s recommended standards and issue final standards “based upon the independent
judgment of the Attorney General.” (42 U.S.C. § 15607(a)(2)).
The DOJ PREA Working Group’s current mission is to provide guidance to auditors, agencies,
and facilities on how to interpret the Standards. This guidance is issued in the form of FAQs that
are posted on the PREA Resource Center website (see
www.prearesourcecenter.org/frequently-asked-questions).
The DOJ PREA Working Group’s active
PREA FAQs and the Audit
members include representatives from the
following DOJ components: Office of Justice The FAQs issued by the DOJ PREA Working Group
constitute interpretive guidance that PREA auditors
Programs’ (OJP’s) Office of the Assistant
are to follow when conducting an agency or facility
Attorney General, Bureau of Prisons, Civil
audit. All auditors are required to read, understand,
Rights Division, National Institute of
and follow the FAQs issued by the DOJ PREA Working
Corrections, Office on Violence Against
Group.
Women, Federal Bureau of Investigation,
OJP’s Bureau of Justice Assistance, OJP’s Office for Victims of Crime, OJP’s Office for Civil Rights,
OJP’s Office of the General Counsel, and OJP’s Office of Juvenile Justice and Delinquency
Prevention.
PREA Management Office
The PREA Management Office was established by the Deputy Attorney General in 2013 within
OJP’s Bureau of Justice Assistance and is responsible for:
•

Creating, implementing, and overseeing all aspects of the PREA audit function. The
PREA Management Office trains and certifies PREA auditors, provides continuing
education and training opportunities for DOJ-certified PREA auditors, and manages
PREA audit oversight.

•

Directing a robust, nationwide training and technical assistance initiative to support
jurisdictions across the country with implementing the PREA Standards. The PREA
Management Office partners with the National PREA Resource Center to provide
targeted training and technical assistance to state, local, and tribal jurisdictions across
the nation that are working to uphold their requirements under the Standards.
2

•

Overseeing the Bureau of Justice Assistance’s competitive PREA Demonstration Grant
Program, and providing support to jurisdictions that are awarded funding under this
program. The PREA statute authorizes DOJ to create, implement, and oversee a grant
program to create and enhance zero tolerance cultures for sexual abuse and sexual
harassment in confinement facilities in state, local, and tribal jurisdictions, and support
implementation of the Standards.

•

Reviewing, verifying, and responding to certifications and assurances submitted by
state and territorial governors. Each year, state and territorial governors, and the
mayor of the District of Columbia, are given the option by the PREA statute to submit to
DOJ either a certification that all confinement facilities under their operational control
are in full compliance with the Standards or to issue an assurance that they will use not
less than 5 percent of certain DOJ grant funds to come into full compliance with the
Standards in the future. States and territories that do not submit a certification or an
assurance are subject to a 5 percent reduction in certain DOJ grant funds. Additional
information can be found on the Bureau of Justice Assistance PREA page (see
www.bja.gov/ProgramDetails.aspx?Program_ID=76).

•

Leading the ongoing efforts of DOJ’s PREA Working Group to issue interpretative
guidance related to the Standards. The DOJ PREA Working Group has developed and
made available on the PREA Resource Center website FAQs that address questions of
first impression related to the PREA Standards.

National PREA Resource Center
The National PREA Resource Center was established through a competitively awarded
cooperative agreement from the Bureau of Justice Assistance in fiscal year 2010. The PREA
Resource Center represents a unique, collaborative partnership that includes a wide array of
national stakeholder organizations representing adult prisons and jails; juvenile facilities;
community corrections; tribal facilities; lockups; and victim advocacy groups.
The PREA Resource Center provides direct support, training, and technical assistance to state,
local, and tribal corrections and law enforcement professionals, victim advocates, and other key
stakeholders working to eliminate sexual abuse and sexual harassment in confinement. The
PREA Resource Center’s subject matter experts work to meet jurisdictions’ specific technical
assistance and training needs. It maintains a full online resource library, including training
curricula, resource and implementation guides, research and data, model practices and
implementation tools, and webinars that focus on areas such as prevention strategies,
improved reporting and detection, investigation, prosecution, and victim-centered responses.
The PREA Resource Center is also a critical partner in developing and managing the PREA audit
function. Specifically, the PREA Resource Center works with the PREA Management Office to
process and train PREA auditor candidates; provide additional training opportunities and
continuing education resources for DOJ-certified PREA auditors; respond to auditor questions
and requests for assistance; and continue to develop and enhance audit tools and resources to
improve the skills and knowledge of PREA auditors and enhance the reliability and integrity of
PREA audits.

3

Section II. Contracting for a PREA Audit
Before an auditor enters into a contract for a PREA audit, it is important to understand the
various types of auditing arrangements available to auditors, what should and should not be
included in an audit contract, and rules regarding auditor compensation.

Auditing Arrangements
This chapter summarizes several types of auditing arrangements that auditors may wish to use
in their audit practice.
Working Independently or Through a Third Party Entity
Auditors may work as independent contractors or conduct audits through a third party entity
(e.g., their current employer, an accreditation body, or a consulting firm). Auditors working
independently should consider obtaining professional liability insurance, since many facilities
and agencies require auditors to hold certain minimum insurance coverage. The requirements
related to insurance coverage are often described in PREA auditing requests for proposals from
agencies or facilities.
Employees of correctional agencies can be certified by DOJ to conduct PREA audits. However,
an auditor may not conduct an official PREA audit for any agency or facility under the
authority of that agency, including a private facility operated by contract, if the auditor is or
has been employed by or otherwise received financial compensation from the agency, facility,
or contractor within the past 3 years. Employment within the same state or local government
does not disqualify the auditor, so long as the auditor is not employed directly by or under the
agency that operates the facility to be audited. 1
Auditors who conduct audits through a third party entity, whether as an employee or a
contractor (e.g., for an accreditation body or consulting firm), must exercise independence and
integrity when making their determinations regarding compliance with the PREA Standards.
Each certified auditor, regardless of whether he or she works independently or through a third
party entity, is personally accountable for complying with all of the DOJ certification
requirements and for the accuracy of his or her audit findings.
Reciprocal and Circular Auditing
Facilities or agencies may wish to engage in reciprocal auditing or circular auditing. Reciprocal
auditing is when auditors employed by two different agencies or facilities audit each other’s
agency or facility. Circular auditing is when a consortium of three or more states or local
jurisdictions agree to perform no-cost audits within the consortium.
Reciprocal auditing is only permitted if the audits are conducted 12 months or more apart. 2
Similarly, circular audits are permissible so long as no impermissible reciprocal audits occur.

1
2

See 28 C.F.R. § 115.402(a)(1).
See the full FAQ here: www.prearesourcecenter.org/node/3224.

4

Lead and Secondary Auditors
Each PREA audit must have one lead auditor who is ultimately responsible for the conduct of
the audit and all work products. A lead auditor can, however, employ other DOJ-certified PREA
auditors to function as secondary auditors. The PREA Management Office strongly encourages
this kind of collaboration among certified auditors. In addition, the lead auditor may employ
support staff who are not DOJ-certified auditors to assist with auditing tasks.
Lead auditors must ensure that anyone they employ to
work on audits is free of any conflict of interest, as
described in Chapter 6. 3 Lead auditors are responsible for
any misconduct, errors, or conflicts of interest attributed to
any secondary auditors or non-certified support staff they
employ—actions that can impact the DOJ certifications of
lead and secondary auditors.

Audit Contracts and Compensation

IMPORTANT
Under no circumstances may
individuals who are not DOJcertified auditors participate or
engage in the substantive work of
a formal PREA audit unless acting
under the direction of a DOJcertified auditor.

PREA audits are conducted at the request of any federal, state, local, or private confinement
facility, or any agency that oversees such a facility. A facility or agency may contact an auditor
directly (the PREA Resource Center maintains a directory of DOJ-certified auditors) or seek the
services of an auditor through procurement announcements, advertisements, or other means.
Auditors themselves can also solicit work from agencies and facilities, consistent with their
underlying ethics restrictions.
Although not part of the audit process, procurement and contract negotiation with agencies
and facilities seeking a PREA audit are important elements of an auditor’s audit practice.
Procurement and contract negotiation may provide early opportunities for an auditor to gauge
how ready an agency or facility is for an audit, and the extent of its PREA implementation
progress. In addition, during the negotiation process, it is critical for auditors and third party
entities seeking to contract for a PREA audit to ensure that the facility understands access and
the auditing requirements and expectations that are imposed by DOJ and the PREA Standards
so that all necessary issues can be addressed and accommodated during the audit. Additional
information regarding audit contracts and compensation is detailed below.
•

3

Audit contracts must be transparent. The contract between the auditor, or third party
entity, and the audited facility or agency should address all aspects of the audit,
including the specific work to be conducted during each phase of the audit (i.e., preonsite, onsite, evidence review and interim report, and corrective action and final
report, as described in this Handbook). The fees, expenses, other compensation, and
payment schedule are also critical components of the contract; therefore, they must be
described with specificity in writing. To promote full transparency, auditors are not
permitted to receive any compensation, monetary or otherwise, not specifically
provided in the contract. However, incidental items such as water, coffee, and donuts,
if provided to the auditor, do not have to be specified in the contract, but larger items,
such as meals, or items offered frequently, free of charge, should be described in the
contract.

See the full FAQs here: www.prearesourcecenter.org/node/3222 and www.prearesourcecenter.org/node/3223.

5

•

Describing the role of third parties and support staff. The contract should identify the
lead or responsible auditor, and if applicable, list the names of all other DOJ-certified
PREA auditors and non-certified support staff who will assist the lead auditor during any
phase of the audit, and provide a brief description of the role of other staff during the
audit. The contract should also disclose the nature of any third party entity’s
involvement in the PREA audit. For example, an auditor who is hired by ABC PREA
Auditing, LLC, to conduct a PREA audit of a facility operated by XYZ County Sheriff’s
Department must describe the role of and his or her relationship to ABC PREA Auditing,
LLC, in the contract. In addition, some agencies may contract with a third party entity
that assigns an auditor after the contract is executed. In such instances, the contract
between the agency and the third party entity should be updated with an addendum
that lists the name of the lead auditor, and if applicable, lists the names and describes
the roles of all other DOJ-certified PREA auditors and non-certified support staff once
assigned by the third party entity. As a reminder, the audit report must also include
identifying information for the lead auditor and, if applicable, for all other DOJ-certified
PREA auditors and non-certified support staff who assisted during any phase of the
audit.

•

Ensuring compliance with the PREA Standards and DOJ certification requirements.
Auditors and third party entities contracting to perform an audit must ensure that
auditing contracts permit, and do not restrict, auditors’ obligations under the Standards
and the required audit methodology, as outlined in this Handbook, in FAQs issued by
the DOJ PREA Working Group, and in ongoing, mandatory continuing education
requirements for auditors (e.g., unfettered facility access, the requirement to obtain
and preserve documentation and information relied upon in making audit
determinations).

•

Ensuring sufficient time to conduct a thorough audit. To ensure that auditors comply
with the PREA Standards and follow the audit methodology described in this Handbook,
they must consider a number of important variables before discussing how long an audit
is likely to take, which will directly impact their compensation. Auditors must consider
the size and characteristics of the facility, whether secondary auditors and support staff
will be involved, and their level of experience. Regardless of whether an agency
contracts directly with an auditor or through a third party entity, the audit contract
should address these issues and must accommodate the methodological requirements
outlined in this Handbook (e.g., interviews with staff and inmates, 4 site review, and
documentation collection and review).

•

Planning for corrective action. The PREA Standards are complex and contain several
hundred specific provisions that must be substantially met in order for a facility to be
deemed in full compliance. For that reason, DOJ expects that corrective action will be
required in most cases. Therefore, contracts between auditors, or third party entities,
and agencies or facilities should allow for and support corrective action periods for
auditors to work with the agencies and/or facilities to take steps to address areas of

4

In this Handbook, the term “inmate” is used generally to refer to inmates, residents, and detainees, except when
discussing certain types of facilities or sets of Standards, in which case more specific terminology is used.

6

noncompliance identified during the audit, and for subsequent verification of the
corrective action. As such, auditors and agencies/facilities should be aware of the
limitations of using “flat fee” contracts. Such contracts pay an auditor a set fee as
compensation, regardless of whether the auditor identifies any deficiencies or requires
any corrective action. These flat fee contracts may have the unintended consequence of
inappropriately incentivizing auditors to make full compliance findings without requiring
any corrective action, even in cases where policies and/or practices are not in
compliance with the PREA Standards. In addition, auditors are not permitted to accept
bonus compensation contingent on the outcome of an audit.
In the event that the PREA Management Office receives credible allegations that an auditor
violated the above requirements in the course of an audit, among other information, the
auditor will be required to provide the PREA Management Office with a copy of the relevant
audit contract(s).

Gifts

A “gift” is anything that has monetary value such as items, food and beverages, or services.
Except as provided in this chapter, no DOJ-certified PREA auditor, or any non-certified support
staff hired to assist an auditor, may either solicit or accept a gift from any entity or party who
has an interest related to the outcome of a particular PREA audit in which that person is
participating. Entities and parties with such an interest are considered “prohibited sources” as it
pertains to gifts.
For purposes of this restriction, the term “prohibited sources” is to be broadly construed, and
will include any and all people or organizations that could be directly or indirectly substantially
impacted by the outcome of an audit. This includes, for example:
•

All management, employees, and contractors of the facility or agency being audited

•

All inmates of the facility being audited

•

Direct relatives of individuals listed in the above two categories

•

State employees working in a state agency which oversees the work of the facility to be
audited, as well as local employees working in a local agency which oversees the work of
the facility to be audited

•

Any organization which reasonably appears to or purports at some level to represent
the interests of any of the above groups (such as a correctional officers union or a law
firm currently representing an inmate)

Additionally, for purposes of this restriction, certain items are excluded from the definition of a
gift, including items clearly not intended to curry favor in an attempt to influence an official
action of the auditor. These items include, but are not limited to:
•

Items routinely provided to visitors of the facilities free of charge such as parking

•

Modest items of food and refreshments (e.g., coffee, donuts, or soft drinks) offered
other than part of a meal

7

•

Items clearly described in the audit contract (e.g., meals or transportation provided to
the auditor while at the facility)

•

Items given in circumstances clearly indicated as based exclusively on a personal or
family relationship. However, if there is an item received based solely on a personal
relationship, it is important to note that there may be some question concerning the
ability of the auditor to perform his or her functions in an impartial manner, consistent
with the principles described in Chapter 5

•

A discount or similar benefit open to all auditors or employees

•

Items based on an outside business relationship, including items provided by an
auditor’s spouse’s employer; items provided when it is clear they were provided due to
an outside business relationship; or items provided as part of an employment search by
a prospective employer

•

Anything for which market value is paid by the auditor

Section III. Auditor Code of Conduct
PREA auditors must be independent, objective, and credible in evaluating the extent to which
confinement facilities comply with the PREA Standards. In recognition of the importance of this
obligation, DOJ has undertaken a training and certification program to facilitate uniform
understanding of the Standards by all auditors, and to oversee uniform implementation of the
auditing process.
Because PREA auditors are DOJ-certified, they are in a unique position of public trust with the
ability to impact public confidence in the integrity of the PREA audit function. Many
stakeholders rely on this audit process and its results, including federal, state, local, and private
agencies that operate or oversee confinement facilities; facility staff; treatment and service
providers; community-based advocacy organizations; courts; attorneys; and people in
confinement and their families.
This reliance on the ability of PREA auditors to conduct high quality, reliable, objective, and
comprehensive PREA audits imposes a significant obligation for them to operate within general
principles of integrity necessary to instill public confidence in the PREA audit process. The
Auditor Code of Conduct section of the Handbook identifies general principles that govern the
professional and personal conduct of auditors and the underlying rules that support these
principles. As a condition of DOJ auditor certification, auditors must comply with this code of
conduct. However, these principles are demonstrative of the standards to which an auditor will
be held. The PREA Management Office retains the discretion to review whether certain conduct
not specifically described in this section nevertheless violates the spirit and intent of this
Auditor Code of Conduct and may, therefore, subject an auditor to disciplinary action.

8

Guiding Auditor Code of Conduct Principles
This chapter discusses the core principles that auditors are expected to uphold in both their
professional and personal conduct: integrity, objectivity, confidentiality, and proficiency and
professionalism. 5
Integrity
Integrity is the virtue of being honest, fair, and trustworthy. In the context of the PREA audit,
integrity demands that auditors apply the Standards fairly, consistently, and comprehensively.
In taking such an approach, auditors demonstrate a firm commitment to upholding the overall
intent of PREA to create or enhance a culture of zero tolerance for sexual abuse and sexual
harassment inside confinement facilities, and to support policies and practices required by the
Standards to achieve this goal.
Modeling Commitment to
With these principles in mind, PREA auditors must:
the PREA Standards
1. Put forth an honest effort to execute auditing
responsibilities and apply the PREA Standards in a
fair, comprehensive, and consistent manner
2. Avoid any actions which would create the
appearance of a violation of any law or ethical
standards to a reasonable person with full
knowledge of the relevant facts
3. Model a commitment to the elimination of sexual
abuse and sexual harassment in confinement
Auditors must not:
1. Engage in any conduct of a criminal, reckless,
negligent, dishonest, deceitful, or fraudulent nature,
either by act or omission, that calls their integrity
into question
2. Misrepresent their certification credentials for any
purpose

Auditors should be able to explain
each of the Standards and the
underlying rationale for the
obligations each Standard
imposes. For more information
about DOJ’s rationale for
individual Standards, auditors
should see the preamble to the
PREA Notice of Final Rule available
on the PREA Resource Center
Website.
Auditors may encounter
resistance to PREA among some
facilities and agencies—to the
PREA statute overall or to
particular Standards and
provisions. Auditors should be
prepared for such resistance and
understand that the best defense
is their own thorough
understanding of and
commitment to the Standards.

Objectivity
PREA auditors must exhibit the highest level of professional
objectivity in gathering evidence and evaluating the policies, procedures, practices, and
operations of an audited agency or facility. Auditors must exhibit the same level of professional
objectivity in communicating information about activities and processes being examined, and in
communicating their reasons for arriving at a particular finding for every Standard and for every
provision of a Standard.

These code of conduct principles were informed by “Code of Ethics,” by The Institute of Internal Auditors North
America, Author, n.d., retrieved from na.theiia.org/standards-guidance/mandatory-guidance/Pages/Code-ofEthics.aspx; and “Government Auditing Standards,” by United States Government Accountability Office, 2007,
retrieved from www.gao.gov/new.items/d07731g.pdf.
5

9

Under no circumstances should an auditor permit anyone to inappropriately influence his or
her professional judgment regarding any part of the conduct of a PREA audit. Auditors are
obligated to report any attempt by any individual or entity, including an employee of the
audited facility or agency and an auditor’s own employer, to inappropriately influence the
outcome of an audit. Auditors can report such information directly to the PREA Resource
Center using the Urgent Helpline at 800–279–7732 (press 2 when prompted) or by sending an
email to Urgent@prearesourcecenter.org. Auditors may also notify the PREA Management
Office at PREACompliance@usdoj.gov.
With these principles in mind, PREA auditors must:
1. Act in an impartial manner, treating each situation and all parties objectively and giving
preferential treatment to no public or private organization or individual
2. Use reasonable care and diligence to obtain sufficient facts to support all statements,
conclusions, and findings of an audit
3. Make determinations regarding all audit findings on the basis of demonstrable evidence
or lack thereof
4. Include in their audit reports all evidence supporting compliance or noncompliance
which, if not included, could distort the final compliance determination
Auditors must not:
1. Knowingly misrepresent facts when expressing an opinion or finding in an audit report
2. Hold personal or financial interests which a reasonable person would think would
conflict with the conscientious performance of duties under an auditing contract
3. Maintain other employment or engage in other non-auditor activities which a
reasonable person would think would impact the public perception of the auditor’s
impartiality
4. Solicit or accept gifts from anyone associated with a particular audit (whether it is an
entity or staff which is being audited, inmates or relatives of inmates in the facility, or
any other organization, entity, or person) which would cause a reasonable person to call
into question the credibility of the audit or the impartiality of the auditor
5. Make credibility determinations based solely upon an individual’s status as an inmate,
resident, detainee, staff member, or agency official
Confidentiality
The only public aspect of a PREA audit is the final report. As discussed in greater detail below,
auditors are to maintain the confidentiality of the information they collect during the course of
a PREA audit with only three exceptions.
First, PREA Standard 115.401(j) states that auditors “shall retain and preserve all
documentation . . . relied upon in making audit determinations. Such documentation shall be
provided to the Department of Justice upon request.” See Chapter 19 for more information
about the retention and preservation of audit documentation as required by Standard
115.401(j).
10

Second, auditors are required to provide certain information relating to audits to the PREA
Resource Center in the ordinary course of business (e.g., Pre-Audit Reporting Form, Post-Audit
Reporting Form), and also in conjunction with the PREA
Media Inquiries
Management Office’s Audit Oversight Program (see
Chapters 20—24 below).
Auditors may be approached by
Third, in limited circumstances, there may be a legal or
professional (e.g., as a condition of a professional license or
auditor certification) obligation to disclose audit-related
information. In such instances, the auditor must
immediately inform the audited facility and agency. The
audited facility or agency may choose to challenge the
requirement that the auditor provide the requested
information.
Subject to the 3 exceptions above, PREA auditors must:
1. Protect the confidentiality of audit-related
information to the greatest extent possible

the media to comment on the
PREA audit process or to discuss
an audit of a particular facility or
agency. In such cases, auditors are
strongly encouraged to contact
the PREA Management Office or
the PREA Resource Center to
determine the most appropriate
response. In addition, auditors
should address media inquiries in
their contract with the
facility/agency to ensure both
parties are in agreement.

2. Ensure the anonymity of a person who reports sexual abuse or sexual harassment in a
confinement facility, when requested, to the extent allowed by law
3. Be prudent in using and protecting information acquired in the course of their duties
4. Always comply with Standard 115.403(e), which prohibits the inclusion of personally
identifiable staff 6 or inmate information in audit reports
5. Ensure that non-public information obtained in furtherance of an audit will not be used
by the auditors for any purpose other than completion of the audit, or as required by
the PREA Standards or DOJ certification requirements
6. Abide by all confidentiality agreements signed in contract with an agency or facility for a
PREA audit
Safety and Security of Audit Documentation
Auditors must handle all audit documentation with the appropriate safeguards in order to
protect information in their possession, including that which contains personally identifiable
information, personal health information, investigative records, personnel records, and other
types of sensitive information and documentation. These safeguards are particularly important
for documents that are exchanged and stored outside of the Online Audit System (see Chapter
14).
Auditors are required to:
•

Protect and safeguard all PREA information in their custody, including that which
contains personally identifiable information, commensurate with the sensitivity and
value of the data at risk

Certain key staff are permitted to be named in the auditor’s final report, including the agency head, facility head,
PREA coordinator, and PREA compliance manager.

6

11

•

Protect and safeguard all PREA information and information systems in their custody
from unauthorized access, unauthorized or inadvertent modification, disclosure,
damage, destruction, loss, theft, denial of service, and improper sanitization or use

•

Ensure the safekeeping and confidentiality of any and all sensitive correspondence
received in the course of a PREA audit, unless otherwise required by law to disclose such
information

•

Not share the passwords to their computers, laptops, or other mobile devices holding
sensitive PREA audit data

•

Not leave sensitive PREA audit-related information, in either electronic or paper format,
in a public place or outside of their supervision

•

Screen-lock or log-off any computers or devices holding sensitive PREA audit data when
outside their supervision

•

Ensure that individuals have the proper clearance, authorization, and need to know
before providing them with access to any sensitive PREA information

•

Immediately destroy when no longer needed any information not required by law or
policy to be retained

For more information on the safety and security of audit documentation, refer to the
Information Security Awareness Training on the Auditor Portal.
Proficiency and Professionalism
PREA auditors must develop and apply comprehensive knowledge of the PREA Standards, FAQs
issued by the DOJ PREA Working Group, and the requirements articulated in this Handbook.
Moreover, auditors are expected to maintain and improve their auditing skills to ensure that
their audits are high quality, reliable, objective, and comprehensive.
When the auditor enters a facility, he or she will be treated as the expert on the PREA
Standards. Administrators and staff will look to the auditor for information and guidance
regarding the specifics of PREA, and the meaning and implications of the Standards. This serious
obligation requires two core elements to be effective: first, understanding the Standards; and
second, knowing the limits of his or her knowledge.
With these principles in mind, PREA auditors must:
1. Have read and understand the PREA Standards
2. Conduct PREA audits in accordance with those PREA Standards that apply to auditors,
including, but not limited to, the requirements stated in Standards 115.401-404
3. Conduct PREA audits according to the methodology provided in this Handbook, the
PREA Auditor Candidate Training, FAQs issued by the DOJ PREA Working Group, and any
other continuing education and guidance provided by the PREA Management Office and
the PREA Resource Center in writing, in continuing auditor education, or through other
means
4. Audit an agency’s or facility’s compliance with every applicable Standard and every
provision of each of those Standards
12

5. Provide a detailed description in every audit report of the evidence used to make all
compliance determinations and how this evidence was triangulated and analyzed to
reach the compliance determinations
6. Continually seek to maintain and improve their professional knowledge, skills, and
competence, including maintaining familiarity with all FAQs issued by the DOJ PREA
Working Group and completing all continuing education requirements for auditors

Identifying Potential Conflicts of Interest
A conflict of interest arises when an individual’s official responsibilities as a PREA auditor could
affect his or her personal or financial interests or the interests of others who have been
imputed to the auditor because of the closeness of their relationship. DOJ-certified PREA
auditors have a responsibility to avoid any conflicts of interest, or the appearance of any such
conflict. Conflicts of interest may adversely impact an auditor’s ability, or perceived ability, to
conduct high quality, reliable, objective, and comprehensive audits. Therefore, auditors should
avoid any personal or financial arrangements that could create a conflict of interest, or the
appearance of a conflict of interest, that would lead a
IMPORTANT
reasonable person to question their objectivity during the
conduct of a PREA audit. Under no circumstances should an
Auditors must consider any
auditor permit someone to unduly influence his or her
business or personal relationship
professional judgment.
or other interest that might
significantly impair their
objectivity, yield an unfair
competitive advantage, or even
create the appearance of
impropriety. Such relationships
are considered to be conflicts of
interest and must be identified
and avoided by auditors.

Prior to every audit, the auditor is required to certify in
writing that he or she has no conflict of interest through any
relationship to the facility to be audited or the agency
overseeing that facility. 7 The Auditor Report Template
available on the PREA Resource Center Website (see
www.prearesourcecenter.org/node/1754) includes a
prompt for auditors to complete this information.

Relevant PREA Standard
In general, if an auditor has a financial, personal, or recent or current employment relationship
to an agency, he or she must not conduct audits for that agency. Standard 115.402 is designed
to minimize the risk of a PREA auditor having any such conflict of interest.
There are three provisions under Standard 115.402 that address auditor conflicts of interest.
These include the following:
•

7

115.402(a) – “An audit shall be conducted by: (1) A member of a correctional monitoring
body that is not part of, or under the authority of, the agency (but may be part of, or
authorized by, the relevant State or local government); (2) A member of an auditing
entity such as an inspector general’s or ombudsperson’s office that is external to the
agency; or (3) Other outside individuals with relevant experience.”

See 28 C.F.R. § 115.403(a).

13

•

115.402(c) – “No audit may be conducted by an auditor who has received financial
compensation from the agency being audited (except for compensation received for
conducting prior PREA audits) within the three years prior to the agency’s retention of
the auditor.”

•

115.402(d) – “The agency shall not employ, contract with, or otherwise financially
compensate the auditor for three years subsequent to the agency’s retention of the
auditor, with the exception of contracting for subsequent PREA audits.”

Building on Standard 115.402(a), (c), and (d), the following guidance must be used by auditors
when deciding whether to accept an offer to conduct a PREA audit of an agency or facility.
Personal Relationships
The principles outlined in Standard 115.402 apply to situations in which the auditor’s
immediate family members or close personal friends have a conflict of interest. For example, an
auditor may not conduct an audit of an agency if an immediate family member or close
personal friend has been employed by the agency within the last 3 years or has a significant
financial interest in any corporation or other business associated with housing of inmates in
that agency. An auditor also may not conduct an official PREA audit for an agency (or facility
under the authority of that agency) if the auditor has an immediate family member (including
parents, spouses, siblings, and children) or close personal friend in the custody of a facility
operated by the agency under review.
Conversely, if the auditor, an immediate family member (including parents, spouses, siblings,
and children), or close personal friend was previously incarcerated within a facility operated by
the agency under review, the auditor may conduct an official PREA audit for the agency (or
facility under the authority of that agency); however, the auditor must disclose this relationship
in the audit report.
The above requirements relating to personal relationships apply to the lead auditor, all
secondary auditors, and all non-certified support staff who an auditor may employ to assist him
or her in completing the audit.
Maintaining Impartiality
In order to maintain the objectivity of the PREA audit process, auditors should not receive both
compensation from a confinement agency for performing an official PREA audit and any other
paid employment (including contracts or consultation for audit preparation, training, or
unrelated technical assistance) from that same entity within 3 years of each other.
•

Example 1: PREA auditor Tony is hired by XYZ County Sheriff’s Department—either
directly or through a third party entity, ABC PREA Auditing, LLC—to conduct a PREA
audit of a facility operated by the XYZ County Sheriff’s Department. The following year,
Tony is contracted again to perform a food safety assessment at another facility
operated by the same Sheriff’s department.

•

Example 2: PREA auditor Tony is hired by the Sunshine Confinement Corporation—
either directly or through a third party entity, ABC PREA Auditing, LLC—to conduct a
PREA audit of a juvenile facility operated by the Sunshine Confinement Corporation on
behalf of the State A Department of Juvenile Justice. The following year, Tony is hired
14

again by the Sunshine Confinement Corporation, this time to conduct a food safety
assessment for a prison operated by the Sunshine Confinement Corporation on behalf
of the State B Department of Corrections.
•

Example 3: PREA auditor Tony is hired by the XYZ County Sheriff’s Department—either
directly or through a third party entity, ABC PREA Auditing, LLC—to provide PREArelated technical assistance to a facility operated by the XYZ County Sheriff’s
Department. The following year, Tony is contracted again to conduct a PREA audit of
that facility.

Each of these 3 examples are a problem. The first two examples above raise the possibility that
the auditor might be, or appear to be beholden to the agency where multiple employment
contracts could be contingent on a successful PREA audit (i.e., full compliance). The third
example above demonstrates a scenario in which the auditor would be evaluating his own
work. Such relationships bias the auditor’s assessment and make it more likely that the auditor
will find the facility in full compliance.
The guidance and scenarios described in this chapter are not intended to be exhaustive but
rather illustrative of what an auditor should consider when deciding whether he or she can
accept an offer to conduct a PREA audit at any particular agency or facility. Each individual case
will be different and must be examined by each auditor to ensure that he or she can conduct an
official PREA audit in a fair and objective manner. Questions regarding particular situations
should be directed to the PREA Management Office at PREACompliance@usdoj.gov.

Section IV. Auditor Certification Requirements
This section describes in detail the process for becoming a DOJ-certified PREA auditor and the
requirements that auditors must follow in order to maintain their certification.

PREA Auditor Certification Process
PREA Standard 115.402(a) and (b) establish minimum qualifications for PREA auditors and
direct DOJ to establish a process for auditor certification, as follows:
(a) An audit shall be conducted by:
(1) A member of a correctional monitoring body that is not part of, or under the
authority of, the agency (but may be part of, or authorized by, the relevant State
or local government);
(2) A member of an auditing entity such as an inspector general’s or
ombudsperson’s office that is external to the agency; or
(3) Other outside individuals with relevant experience.
(b) All auditors shall be certified by the Department of Justice. The Department of Justice
shall develop and issue procedures regarding the certification process, which shall
include training requirements.
To fulfill its requirements under Standard 115.402(b), DOJ has established the following
requirements for PREA auditor certification (which may be amended as needed):
1. Three years of significant auditing, monitoring, quality assurance, investigations, or
substantially similar experience with the facility type or set of Standards in which the
15

applicant seeks certification(s). When seeking both adult and juvenile certifications, an
applicant must demonstrate at least 3 years of relevant experience in juvenile settings
or with juvenile populations and at least 1 year of relevant experience in adult settings.
Experience in an adult prison, jail, or lockup that houses youthful inmates or youthful
detainees does not qualify as experience with juvenile populations or juvenile settings.
In addition to applicants who are employed by a corrections, detention, or relevant law
enforcement agency or facility, PREA auditor training and certification are also open to
applicants with related work experience in the justice system in which exposure to a
confinement agency or facility operations and contact with relevant inmate, resident, or
detainee populations are regular components of the position or role. Such positions and
roles include, but are not limited to probation and parole; prisoner re-entry; law
enforcement and public safety; legal positions, including prosecution and defense;
inmate and victim advocacy; onsite technical assistance or consultations related to
corrections and/or conditions of confinement; and other settings that provide
appropriate collateral exposure in confinement facilities.
a. Significant auditing experience means regular job responsibilities focused on the
objective, unbiased, systematic examination of information to determine the
adequacy of policies, procedures, and practices, and their compliance with
established standards or guidelines. Paper-based auditing, unless it is part of a
larger performance-based audit process, does not qualify as significant auditing
experience. Paper-based auditing includes tasks, such as fiscal or financial
reviews, examinations of accounting practices, and oversight of the work of
subordinates. Preparation for audits conducted by another person or entity also
does not quality as significant auditing experience.
b. Significant quality assurance experience entails regular job responsibilities
focused on monitoring and analyzing the outcomes and effectiveness of business
or enterprise procedures, processes, practices, and/or operations, and includes
designated responsibility for recommending and implementing changes to these
procedures, processes, practices, and/or operations to enhance outcomes and
effectiveness.
c. Significant compliance experience requires regular job responsibilities focused
on monitoring and/or inspecting facility operations to ensure that a public
agency or other regulated unit obeys specific laws, regulations, or other legal
requirements, such as a court-ordered consent decree or other enforcement
mechanism. Compliance activities may include records reviews, and responding
to internal or external requests for information. Contract monitoring, unless it is
part of a larger compliance monitoring job responsibility, does not qualify as
significant compliance experience.
d. Significant investigations experience refers to regular job responsibilities
focused on formal, systematic, and detailed examinations or assessments to
ascertain the facts involved in a situation/incident, where there are allegations
or indications of criminal or civil violations, or staff, employee, or offender
misconduct.
16

2. A bachelor’s degree from an accredited college or university, or a high school degree
and equivalent career-related experience, defined as 5 years of contemporary fulltime
public safety experience in a position which requires considerable exercise of
professional discretion.
3. Two references from professionals in the field related to a relevant set of Standards.
Individual applicants who work for a state-level auditing or compliance entity (e.g., an
employee of a state inspector general’s office) and PREA coordinators may submit
endorsements from their employing entities as substitutes for references.
4. Submission of a complete and accurate application for admission to the PREA Auditor
Candidate Training through the PREA Resource Center.
5. If accepted, attendance and full participation in the 40-hour PREA Auditor Candidate
Training provided by the PREA Resource Center.
6. Completion of a pre- and post-training examination with a score of 80 percent or
higher. 8
7. Passing a criminal records background check.
8. Participation in and completion of all requirements for the Field Training Program
(effective beginning with the July 2017 PREA Auditor Candidate Training, as described in
Chapter 9).
9. Completion and submission of the Auditor Certification Agreement.
After auditor candidates successfully complete all of the above requirements, DOJ, through the
PREA Management Office, will grant auditors with probationary certification (effective
beginning with the March 2015 PREA Auditor Candidate Training). Auditors under probationary
certification status must complete all of the requirements outlined in Chapter 10 in order to
receive full certification.
PREA auditor certification is valid for 3 years following the auditor’s original certification date. 9
At the end of this period, an auditor’s certification will expire, unless the auditor has applied for
and been granted recertification by DOJ through the PREA Management Office. Information on
the recertification process and requirements can be found in Chapter 27.

Dual Certification
Based on an applicant’s experience and work history, he or she may train and be certified to
conduct audits of adult facilities (including prisons, jails, community confinement facilities, and
lockups), juvenile facilities, or both types of facilities. Once certified by DOJ, auditors are only
authorized to conduct audits for the facility type for which they are certified.
Individuals interested in seeking dual certification to conduct audits in both juvenile and adult
facilities are encouraged to make this designation during the application process, prior to
Auditor candidates who do not achieve a passing score on their pre- or post-training examination are granted one
opportunity to retake each examination. Auditor candidates who fail the retake of the pre-training examination
will not be permitted to attend the 40-hour PREA Auditor Candidate Training.
9
The certification date for all auditors can be found under their names in the list of DOJ-certified PREA auditors on
the PREA Resource Center website (see www.prearesourcecenter.org/audit/list-of-certified-auditors).
8

17

attending the 40-hour PREA Auditor Candidate Training. However, individuals may also request
an additional certification type while onsite at the PREA Auditor Candidate Training, after
training has been completed but prior to receiving DOJ certification, or following certification
by completing a Supplemental Information Form for dual certification and receiving a passing
score of 80 percent or higher on a supplemental examination that covers topics relevant to the
additional certification type being requested. Requests for dual certification should be directed
to the PREA Resource Center by submitting the Supplemental Information Form, which can be
found under Resources in the Auditor Portal.
The PREA Management Office reviews all requests for dual certification to determine whether
the individual meets the minimum qualifications for the additional certification type being
sought, as specified below:
•

Individuals seeking adult certification must possess (in addition to the qualifications
stated above) at least 1 year of significant auditing, monitoring, quality assurance,
investigations, or substantially similar experience in adult institutions, including prisons,
jails, community confinement facilities, or lockups.

•

Individuals seeking juvenile certification must possess (in addition to the qualifications
stated above) at least 3 years of significant auditing, monitoring, quality assurance,
investigations, or substantially similar experience in a juvenile facility setting or with
juvenile populations (excluding experience in adult settings with youthful inmates or
detainees).

Individuals will be notified of the PREA Management Office’s decision by the PREA Resource
Center. If approved for dual certification, both certification types will be reflected in the list of
DOJ-certified PREA auditors on the PREA Resource Center website. The additional certification
type granted by DOJ will expire on the same date as the original certification type. Additional
information on the recertification process and requirements can be found in Chapter 27.

Field Training Program
Beginning with the July 2017 PREA Auditor Candidate Training, as a requirement for
certification, auditor candidates are required to successfully complete a training audit as part of
the Field Training Program. The goal of the Field Training Program is to provide auditor
candidates with an opportunity to transfer the knowledge and skills they attained during the
classroom-based PREA Auditor Candidate Training to a field-auditing experience in a supervised
and supportive environment. Specifically, the Field Training Program audit will strengthen
auditor candidates’ understanding of the PREA Standards, hone their auditing skills, and
provide an opportunity to implement the PREA audit methodology.
Auditor candidates are assigned a specific training audit based on geographic location and will
be expected to complete the full training audit (approximately 19 weeks for the pre-onsite
audit, onsite, and post-onsite audit phases). 10 More information about the Field Training

Participation in the Field Training Program requires approximately 35–40 hours during the pre-onsite audit
phase, a minimum of 55 “working hours” during the onsite audit phase, and 35–40 hours during the post-onsite
audit phase.

10

18

Program and what is expected of auditor candidates can be found in the Field Training Program
Syllabus and Manual, which are available in the Auditor Portal.

Probationary Certification Status
Beginning with auditors who attended the March 2015 PREA Auditor Candidate Training, all
newly certified auditors are required to enter probationary certification status and must
successfully complete all the requirements to become fully certified by DOJ. Probationary
certification status assists newly certified auditors in learning to effectively and
comprehensively communicate their audit findings. Upon completion of the probationary
certification status requirements, the PREA Management Office will review the auditor’s body
of work and make a determination as to whether or not the auditor will receive full
certification.
Probationary Certification Review Process
Auditors on probationary certification status must submit draft reports for their first two audits
for review by the PREA Resource Center prior to submitting them to the audited facility. The
goal of the PREA Resource Center’s review is to evaluate the degree to which the audit reports
clearly and thoroughly describe the auditor’s methodology, the evidence collected during all
phases of the PREA audit process, the auditor’s systematic review and analysis of the evidence,
and how the auditor connected this information to determine compliance or noncompliance for
each provision of every Standard. Based on this review, PREA Resource Center staff will provide
detailed guidance to the auditor regarding areas of strength and areas in need of improvement.
In the ordinary course of an audit, auditors are required to submit an interim report (or final
report if there is no corrective action) to the audited facility no more than 45 days after the last
day of the onsite portion of the audit. To accommodate the probationary certification review
process, the PREA Management Office has extended this timeframe to 60 days for auditors
under probationary certification status. The steps for this process are described below.
1. Regardless of whether or not auditors use the Online Audit System to conduct an audit
(see Chapter 14), auditors on probationary certification status must notify the PREA
Resource Center of a forthcoming audit for probationary certification review at least 30
days prior to the first day of the onsite portion of the audit by submitting a Pre-Audit
Reporting Form in the Auditor Portal. Following this notification, auditors should keep
the PREA Resource Center apprised of any changes in the audit timeline that may
impact its review. Auditors are also encouraged to notify the facility early in the audit
process of the revised reporting timeline. 11
2. Auditors on probationary certification status must submit their draft reports to the PREA
Resource Center within 30 days of the last day of the onsite portion of the audit. 12

The PREA Resource Center has a template letter available in the Auditor Portal that auditors are encouraged to
use to notify the audited facility of the revised audit reporting timeline for probationary certification audit report
reviews.
12
For audits that require a corrective action period, auditors must submit a draft of their interim reports. For
audits that do not require a corrective action period, auditors must submit drafts of their final reports.
11

19

3. PREA Resource Center staff review the draft report and provide the auditor with written
guidance, usually within 10 days.
4. PREA Resource Center staff will initiate a conversation with the auditor via telephone or
video conference to discuss the guidance and address any questions or concerns from
the auditor.
5. Following receipt of guidance from the PREA Resource Center, the auditor will
incorporate the guidance and submit the revised draft to the PREA Resource Center for
review.
6. PREA Resource Center Staff will review the auditor’s revised report and, as necessary,
will work with the auditor to achieve the designated objectives for quality audit
reporting and ensure that the auditor has satisfactorily integrated the guidance into his
or her report. Depending on the nature of the guidance and the individual needs of the
auditor, the PREA Resource Center may require the auditor to submit more than one
revision of the draft report.
7. Once the PREA Resource Center concludes in writing that the auditor has adequately
responded to the written guidance and made the necessary amendments, the report
must be submitted to the facility no later than 60 days after the last day of the onsite
portion of the audit. Audit reports may not be submitted to the audited facility until the
auditor is notified to do so by the PREA Resource Center.
8. Auditors will receive written notice from the PREA Resource Center indicating when the
auditor has completed his or her probationary certification review requirement for each
reviewed audit report. At this time, the auditor will also receive a brief summary report
from the PREA Resource Center detailing the written guidance provided to the auditor
through the probationary certification review process, improvements made by the
auditor, and, if applicable, areas in need of future improvement.
9. Following the auditor’s completion of his or her second probationary certification report
review, the PREA Management Office reviews the auditor’s body of work and makes a
determination as to whether or not the auditor will receive full certification. More
detailed information on the PREA Management Office’s review and probationary
certification status outcomes is provided below.
10. Regardless of whether or not auditors use the Online Audit System to conduct an audit
(see Chapter 14), auditors on probationary certification status must submit the final
audit report and required Post-Audit Reporting Form to the PREA Resource Center in
the Auditor Portal within 15 days following submission of the final report to the audited
facility (see Chapter 11 for auditor reporting requirements). Thus, for audits that require
a corrective action period, auditors are required to submit to the PREA Resource Center
both a draft of their interim audit report for probationary certification review, as well as
a copy of the final audit report that goes to the audited facility.
11. The PREA Resource Center will then conduct a final review of the auditor’s report to
ensure that the written guidance is reflected in the final product.

20

See below for additional requirements for auditors under probationary certification status.
•

Caution regarding time between probationary certification audits. Auditors are
encouraged to allow a minimum of 28 days between the onsite portions of the two
audits that an auditor submits for probationary certification review by the PREA
Resource Center. If an auditor conducts the onsite audit for his or her first two audits
within less than 28 days, that will limit the amount of time the auditor has to work with
the PREA Resource Center and may negatively impact his or her probationary
certification review outcome.

•

Probationary certification status requirements and agency-level audits. Any agencylevel audits 13 conducted by an auditor while on probationary certification status do not
count toward the two facility-based audits necessary to complete the probationary
certification status requirements. Auditors who conduct an agency-level audit while on
probationary certification status must notify the PREA Resource Center and submit their
draft reports according to the steps prescribed above. The PREA Resource Center may
review an auditor’s agency-level audit report at its discretion; however, it will not count
toward the auditor’s probationary certification review requirement.

•

Importance of incorporating guidance from the PREA Resource Center. Auditors are
expected to incorporate all guidance provided by the PREA Resource Center into their
audit reports prior to submitting them to the
IMPORTANT
audited facility. Additionally, as part of its
probationary certification review, the PREA
Auditors who successfully
Resource Center typically reviews a sample of
complete their probationary
Standards in an auditor’s report. Recognizing that
certification status requirements
reporting deficiencies related to one Standard may
and are granted full certification
status by DOJ are expected to
often be reflected in many if not all Standards in a
permanently integrate the
report, auditors are expected to apply the PREA
guidance provided by the PREA
Resource Center’s guidance to all applicable
Resource Center into their audit
Standards in the report.

•

Expectations for audit report quality. Draft audit
reports submitted to the PREA Resource Center for probationary certification review
must be well organized, complete, have few to no spelling errors, and reflect the quality
and caliber of a final publishable report that an auditor would submit to the audited
facility.

•

Instructions for auditors using the Online Audit System. Auditors on probationary
certification status who use the Online Audit System to conduct an audit must click on
the button to generate the interim report (or final report if there is no corrective action)
but must not click “SUBMIT.” Rather, the report should be saved as a PDF document and
submitted through the appropriate task in the auditor’s profile on the Auditor Portal.
This will initiate review of the draft report. Once the auditor has received written notice
from the PREA Resource Center indicating that he or she has completed the

reporting practice.

The agency-level audit refers to an audit of only a handful of Standards that impose requirements at the agency
level only.

13

21

probationary certification requirement for the audit report under review, the auditor
may then click “SUBMIT” and send the report to the facility.
Probationary Certification Status Review Criteria
The criteria used to review probationary certification reports are derived from the
requirements in the PREA Standards 14 and primarily focus on the degree to which the auditor
provides adequate discussion and description of the following:
•

Audit methodology (e.g., interview selection, documentation sampling, and site review
steps)

•

All evidence relied upon to make a compliance determination for each provision of
every Standard

•

The systematic review and analysis of all evidence relied upon to make a compliance
determination for each provision of every Standard (i.e., the reasoning that connects all
relevant evidence to each compliance determination)

•

Where applicable, all identified deficiencies, recommended corrective action steps, and
the method(s) used to verify completion and institutionalization of the corrective
action(s)

Additionally, PREA Resource Center staff review auditors’ reporting materials to ensure that
auditors completed the audit reporting forms in a timely manner; used the required audit
report template and completed it in full; and provided accurate and consistent information
across the audit reporting forms and audit reports. The PREA Resource Center staff also assess
the degree to which auditors incorporated the written guidance provided and, when applicable,
applied it across the entirety of the audit report. To support auditors in successfully completing
the probationary certification review process, the PREA Resource Center provides auditors with
sample audit reports that reflect the minimum level of quality that auditors should follow in
their reporting practice. These sample audit reports are intended to be a helpful resource for
auditors on probationary certification status, and while it is permissible for auditors to use
some of the sample audit report language to organize and structure their audit reports, they
are not intended to serve as a template that should simply be copied. All auditors are
responsible for the originality and quality of their audit reports.
The PREA Resource Center’s review is not intended to challenge the findings of auditors, but
rather to determine whether and the extent to which auditors connect evidence, reasoning,
and conclusions in a way that clearly demonstrates the basis for finding compliance or
noncompliance for each provision of every Standard. The role of the PREA Resource Center
staff during the probationary certification review period is to help auditors improve their report
writing skills and achieve a minimum standard of quality in their audit reporting. This review,
however, does not constitute an endorsement of an auditor’s findings by the PREA Resource
Center or DOJ.

14

See 28 C.F.R. §§ 115.403(b), 115.403(c), and 115.403(d).

22

Probationary Certification Status Outcomes
Upon completion of an auditor’s two required probationary certification reviews by the PREA
Resource Center, the PREA Management Office will review the auditor’s body of work and
make a determination as to whether or not the auditor will receive full certification. In making
this determination, the PREA Management Office will consider the following probationary
certification review information:
•
•
•

Performance on the two probationary certification report reviews according to the
review criteria listed above
Degree of improvement between the initial and final report drafts for each probationary
certification review
Degree of improvement between the first and second probationary certification report
reviews

In addition, the PREA Management Office will consider an auditor’s compliance with the
following:
•
•
•
•
•
•
•
•
•
•

The PREA Auditor Code of Conduct
The PREA Auditor Certification Agreement
PREA Standards governing auditor conduct
FAQs issued by the DOJ PREA Working Group
The PREA Auditor Handbook
PREA auditor requirements articulated in the PREA Auditor Candidate Training
Required PREA auditor continuing education
PREA auditor reporting requirements
Peer review requirements
Remediation steps required by the PREA Management Office

Finally, the PREA Management Office considers any allegations regarding auditor misconduct
(including, but not limited to negligence, criminal conduct, malfeasance, gross fraud, and
conflict of interest), as well as any credible evidence of serious misapplication or
misinterpretation of one or more PREA Standards.
The PREA Management Office will normally notify the auditor of its determination no more
than 60 days following the auditor’s completion of all the probationary certification status
requirements. Full certification status will be granted to those auditors who follow all of the
probationary certification status requirements listed in this chapter; meet a minimum threshold
of quality on their probationary certification reports; demonstrate measurable improvement in
their probationary certification reports, when applicable; and comply with the PREA auditor
certification requirements articulated in this Handbook.
The PREA Management Office may deny full certification status to any PREA auditor who fails
to follow all of the probationary certification status requirements listed in this chapter; meet a
minimum threshold of quality on probationary certification reports; demonstrate measurable
improvement in audit reporting, when applicable; and/or comply with the PREA auditor
certification requirements articulated in this Handbook (see full list of the PREA Management
Office’s probationary certification status review considerations above). If the PREA
Management Office learns that an auditor under probationary certification status has
23

conducted one or more audits without completing the requirements outlined in this chapter,
the PREA Management Office may deny full certification status. Forgetting or claiming not to
have known of the probationary certification status requirements is not an adequate
justification for failure to comply with them.
Auditors who are denied full certification status will not be authorized to conduct any PREA
audits, and their names will be removed from the list of DOJ-certified PREA auditors on the
PREA Resource Center website. If an auditor has any contractual obligations to conduct audits
for which the onsite portion is scheduled on or after the effective date of denial of full
certification, the auditor must immediately notify the appropriate officials in the facility or
agency of his or her denial of full certification to discuss contract termination, as appropriate. If
an auditor has any in-progress audits for which he or she has completed the onsite portion, the
auditor must immediately notify the appropriate officials in the facility or agency of his or her
denial of full certification and ask those officials for instruction regarding completion of the
contracted tasks. If the officials from the agency or facility expect the auditor to complete the
post-onsite audit work, the auditor will be temporarily authorized to complete the audit
through the final report. In such instances, auditors must report all in-progress audits to the
PREA Management Office at PREACompliance@usdoj.gov and provide the date upon which
those audits are expected to conclude (i.e., when the final report will be submitted to the
audited facility).
Unless otherwise specified by the PREA Management Office, auditors who are denied full
certification are permitted to apply again to become certified as PREA auditors, but they must
go through the regular application and training process. During the application review process,
the circumstances of an auditor’s denial of full certification and his or her past auditing
performance and conduct will be considered in evaluating the applicant’s suitability to become
certified to conduct PREA audits.
Appealing a Determination to Deny Full Certification Status
Within 30 days of the date of Notice of Denial of Full Certification from the PREA Management
Office (unless the PREA Management Office specifies a different due date), auditors have the
option to appeal the PREA Management Office’s determination. Written appeal must be made
to the PREA Management Office by email at PREACompliance@usdoj.gov and must:
•
•

Consist entirely of directly relevant written materials
Include all necessary explanations, information, or other materials in response to the
allegations described in the Notice of Denial of Full Certification

Any false statements made in support of an appeal may be subject to criminal prosecution,
including under 18 U.S.C. § 1001, and are subject to review by the Office of Justice Programs
Office of the General Counsel and the DOJ Office of the Inspector General.
The PREA Management Office may amend the Notice of Denial of Full Certification at any time
prior to its final disposition. If such an amendment includes any new material allegations of
fact, the auditor will have the opportunity to appeal the new allegations in the amended Notice
of Denial of Full Certification. An auditor’s appeal of the new allegations in the amended Notice
of Denial of Full Certification must be written and provided to the PREA Management Office in
accordance with the procedures outlined above no later than 30 days after the PREA
24

Management Office provides the PREA auditor with the amended Notice, unless the PREA
Management Office establishes a different due date.
If no appeal is received by the PREA Management Office within 30 days after the date of the
Notice of Denial of Full Certification (without reasonable justification or excuse), such:
1. Constitutes a waiver of the right to contest the allegations in the Notice of Denial of Full
Certification, and
2. Will result in the denial of full certification of the PREA auditor without further notice to
the PREA auditor, and
3. The denial of full certification will be considered to be final as of the date indicated in
the Notice of Denial of Full Certification.
If an appeal is received by the PREA Management Office within 30 days after the date of the
Notice of Denial of Full Certification, it will be carefully considered by the PREA Management
Office. The PREA Management Office will make its determination and provide written notice of
its decision to:
•
•

Confirm the denial of full certification (including the reasons therefor), or
Rescind the denial of full certification, which may include mandatory remediation steps
or other requirements

Denial of full certification will remain in effect while the appeal is under consideration.

Auditor Reporting Requirements
Auditors conducting an audit outside of the Online Audit System 15 (i.e., conducting a paper
audit) must fulfill the following reporting requirements:
Complete and submit Pre-Audit Reporting Form. The Pre-Audit Reporting Form collects
basic information about scheduled audits, including the expected dates for the onsite
portion of the audit, the location of the audit, and the facility and/or agency to be
audited. Auditors must complete and submit this form to the PREA Resource Center at
least 30 days prior to the first day of the auditor’s onsite visit to the facility.

•

15

•

Complete and submit Post-Audit Reporting Form. The Post-Audit Reporting Form
collects detailed information regarding the characteristics of the audited facility and/or
agency, the dates for the onsite portion of the audit, the audit location, and descriptive
information regarding the auditor’s methodology and compliance with his or her
obligations under the PREA Standards. Auditors must complete and submit this form to
the PREA Resource Center no more than 15 days following the date upon which the final
report was submitted to the audited facility and/or agency.

•

Submit final audit report. Auditors must submit their final audit reports to the PREA
Resource Center no more than 15 days following the date upon which the final report
was submitted to the audited facility and/or agency. There is an upload feature in the
Post-Audit Reporting Form for auditors to submit their final audit reports. Refer to

Refer to Chapter 14 for more information on the Online Audit System.

25

Chapter 18 for important information regarding final audit report formatting
requirements.
Links to the above reporting forms are available on the dashboard of the Auditor Portal. For
auditors who start an audit in the Online Audit System but,
Auditors on Probationary
for any reason, complete the audit outside of the Online
Certification Status
Audit System, they must submit their Pre- and Post-Audit
Reporting Forms and final audit reports using the available
As described in Chapter 10,
forms in the Auditor Portal.
Auditors who use the Online Audit System to conduct an
audit must complete the information relevant to the Preand Post-Audit Reporting Forms directly in the Online Audit
System and will not need to submit separate forms to the
PREA Resource Center. The Online Audit System also
preserves a copy of the final audit report; therefore,
auditors who complete an audit using the Online Audit
System do not need to submit their final audit reports
separately to the PREA Resource Center.

regardless of whether or not
auditors use the Online Audit
System to conduct an audit,
auditors on probationary
certification status must submit a
Pre-Audit Reporting Form, PostAudit Reporting Form, and the
final audit report to the PREA
Resource Center in the Auditor
Portal according to the specified
timelines.

In addition to the above forms, all auditors, regardless of whether or not they conduct audits
using the Online Audit System, must fulfill the following reporting requirements:
•

Complete and submit Annual Audit Reporting Form. This form captures the number of
audits an auditor conducted in a calendar year. If an auditor did not conduct any audits
between January 1 and December 31 of a given calendar year, or if he or she only
participated in an audit in a role other than as the lead auditor, the auditor must still
complete the Annual Audit Reporting Form and indicate his or her involvement by
typing a “0” in the appropriate space on the form. All auditors, including those who did
not conduct any audits in a given calendar year, must complete and submit this form to
the PREA Resource Center by the specified due date following the conclusion of each
calendar year.
The Annual Audit Reporting Form can only be accessed in the Auditor Portal; therefore,
all auditors, regardless of whether or not some or all of their audits were conducted in
the Online Audit System, must complete and submit an Annual Audit Reporting Form in
the Auditor Portal by the designated deadline each year.

•

Report Changes to Auditor Contact Information. Auditors are required to provide the
PREA Resource Center with a current and functioning email address, physical address,
and telephone number, and to update this information as necessary by submitting an
Auditor Contact Information Change Form, which is available in the Resources section of
the Auditor Portal. Auditors must be able to receive and read all communications from
the PREA Resource Center, the PREA Management Office, and DOJ in a timely fashion.
Failure to receive or read time-sensitive correspondence that imposes an obligation on
or notifies an auditor of disciplinary action is not a viable defense against steps taken by
the PREA Management Office that may impact an auditor’s certification.

26

All reporting forms must be fully and accurately completed. The submission of false or
incomplete information, or failure to comply with these reporting requirements, may result in
disciplinary action by the PREA Management Office that impacts an auditor’s DOJ certification.

Continuing Education Requirements
All auditor continuing education coursework is available on the Auditor Portal. Auditors can
expect no more than 10 hours of required continuing education coursework each year. All
required continuing education courses are delivered in a web-based format that can be
accessed at any time on the Auditor Portal. The PREA Resource Center will provide ample
notice of upcoming continuing education courses required by the PREA Management Office,
and auditors must complete all the required coursework by the designated due date. Failure to
comply with the auditor continuing education requirements may result in disciplinary action by
the PREA Management Office that impacts an auditor’s DOJ certification.

Complaints or Concerns about Auditor Conduct
All auditors are required to disclose to the PREA Management Office any information about
themselves or any credible information about other auditors regarding possible misconduct or
failure to follow proper procedures as outlined in this Handbook. The duty for auditors to
disclose such information creates a culture of awareness and reporting that supports effective
PREA implementation and accountability in the auditing process. The following two subsections
describe the PREA Management Office’s expectations for self-disclosure and reporting of
information related to possible misconduct of another auditor.
Self-Disclosure
Auditors must immediately disclose to the PREA Management Office any actions that constitute
grounds for disciplinary review or disciplinary action (see Chapter 23 and Chapter 28), including:
•

Any arrest or criminal conviction

•

Any finding of liability for fraud or other unlawful behavior that may bear on an
auditor’s honesty or credibility

•

If an auditor is found culpable of, pleads guilty to, or pleads no contest to any
misconduct, sexual abuse, sexual harassment, or related conduct through any criminal,
civil, or administrative investigation or legal proceeding

•

If an auditor is released from or voluntarily leaves employment or contract while under
criminal, civil, or administrative investigation for any misconduct, sexual abuse, sexual
harassment, or related conduct

Auditors must report such information directly to the PREA Management Office via email at
PREACompliance@usdoj.gov. Given the serious nature of the behaviors listed above, such
disclosures will be sent directly to disciplinary review where any appropriate remediation steps
and/or disciplinary action will be determined by the PREA Management Office on a case-bycase basis.

27

Reporting Knowledge or Information about another Auditor
Auditors are required to report any knowledge or information pertaining to possible auditor
misconduct, concerns regarding an auditor’s compliance with DOJ’s certification requirements,
or other actions that constitute grounds for disciplinary review or disciplinary action (see
Chapter 23 and Chapter 28). The Auditor Feedback Form, located on the PREA Resource
Center’s website (see www.prearesourcecenter.org/audit/auditor-feedback-form), is the
mechanism for submitting complaints or concerns about auditor conduct. Auditors are strongly
encouraged to provide specific, factual information about the behavior or conduct of a specific
auditor. Complaints that lack sufficient details will greatly limit the ability of the PREA
Management Office to respond to identified issues or concerns.
In addition to auditors, corrections agencies and facilities, members of the law enforcement
community, advocates, and other key stakeholders working to eliminate sexual abuse and
sexual harassment in confinement are strongly encouraged to report complaints or concerns
about auditor conduct using the above-discussed Auditor Feedback Form. Such information is
critical for maintaining the integrity of the PREA audit function.
Where adequate information is provided, the PREA Management Office reviews and analyzes
the report as part of the audit assessment process described in Chapter 20. Based on the nature
and severity of the report, the PREA Management Office will use the information provided,
taken together with auditor performance information gathered during the assessment phase,
to determine the appropriate interventions and/or disciplinary action. More detailed
information regarding definitions of and sanctions for auditor misconduct is provided in
Chapter 23.

Section V. PREA Audit Methodology
The PREA audit function represents an important and fundamental shift in the way that
correctional audits are traditionally performed. The PREA Standards establish an audit process
that is designed to assess compliance not only through
Auditing in Teams
written policies and procedures but also whether such
policies and procedures are reflected in the knowledge and
Because of the rigorous, practiceday-to-day practices of staff at all levels. The PREA
based audit methodology required
Standards also require inmates to received adequate
by the PREA Standards and the
fact that auditors must assess
education on accessing essential PREA services. As such, the
compliance with more than 300
success of the PREA audit function relies on a rigorous,
specific requirements or
practice-based audit methodology.
provisions in the Standards,
auditors are strongly encouraged
to conduct audits in teams.
Working in a team allows auditors
to share the work associated with
the PREA audit, review each
other’s work products,
troubleshoot issues or challenges
that may arise through the course
of an audit, and draw from the
expertise of peer auditors.

The audit methodology described in this section is grounded
in the auditing requirements in the PREA Standards
(115.401, 115.402, 115.403, 115.404) and FAQs issued by
the DOJ PREA Working Group. The methodology is also
informed by an analysis of PREA audit data collected from
auditors as well as PREA auditing best practices and lessons
learned from the field.
The purpose of this section of the Handbook is to clearly
articulate DOJ’s expectations for the conduct of PREA audits
28

and establish guidelines and minimum requirements for the audit methodology during each
phase of the audit. This information is also intended to enable auditors to effectively navigate
the negotiation and contracting stage of audit procurement, and ensure that the agreed upon
timeframes, costs, and overall audit processes reflect sound methodology and are conducive to
the conduct of high integrity audits.
Each chapter listed below represents a distinct phase of the audit process and includes
important information regarding specific DOJ requirements for the PREA audit methodology, a
description of PREA auditing tools, auditing tips and best practices, and decision-making aids to
help auditors successfully meet DOJ’s expectations for high quality, reliable, objective, and
comprehensive audits.

PREA Audit Instrument
Pursuant to Standard 115.401(d), “The Department of Justice shall develop and issue an audit
instrument that will provide guidance on the conduct of and contents of the audit.” To fulfill
this requirement, DOJ developed an Audit Instrument for each set of PREA Standards—
including Prisons and Jail Standards, Lockup Standards, Community Confinement Standards,
and Juvenile Facility Standards—which include a series of guiding documents and tools that
auditors are required to use when conducting an audit.
For each set of Standards, the Audit Instrument includes the following:
•

Pre-Audit Questionnaire. Approximately 6 to 8 weeks prior to the auditor’s onsite visit
to the facility, the auditor will work with the facility to complete the Pre-Audit
Questionnaire, which identifies the minimum information and supporting documents
that the facility should submit to the auditor before the onsite audit begins.

•

Auditor Compliance Tool. This tool is used during each phase of the PREA audit to guide
auditors in making compliance determinations for each provision of every Standard,
including the evidence auditors should collect to assess compliance.

•

Site Review Instructions. These describe the areas of the facility to be toured;
operations and practices to be observed; and questions that should be asked of staff
and inmates in order to conduct a thorough site review.

•

Interview Protocols. These protocols are used by auditors to interview staff and inmates
as part of the audit. Auditors are not limited to the interview questions included in the
protocols; rather, these questions are designed to serve as a starting point for eliciting
information about the facility’s compliance with the PREA Standards. Auditors are
strongly encouraged to use the interview protocols in conjunction with the Auditor
Compliance Tool and ask additional questions based on information they collect
throughout the audit process. Responses to the interview questions will be part of the
auditor’s compliance assessment.

•

Audit Report Template. This template is used by auditors to produce a final report that
will be delivered to the audited facility and ultimately published on the agency’s
website.

•

Process Map. This facility resource describes the audit process from start to finish, such
as the steps involved, important timeframes, and what to expect from the auditor.
29

When a facility is well informed and can prepare in advance, the audit is more likely to
occur smoothly and without delays.
•

Checklist of Documentation. This provides a non-exhaustive list of the documentation
that should, at minimum, be requested from the facility as part of an audit, and is a
helpful resource for both auditors and facilities.

Additional information on when and how to use the above resources is detailed in Chapters 15–
18. All components of the Audit Instrument can be accessed and downloaded at
www.prearesourcecenter.org/node/1754.
Online Audit System
The Online Audit System is designed to help agencies, facilities, and auditors streamline,
organize, and automate much of the PREA audit process in a secure, user friendly environment.
The Online Audit System guides auditors through the entire audit process and provides
provision-specific instructions regarding interviews with inmates and staff, documentation
collection and review, and observations made during the site review that will shape the
auditor’s compliance determination for each provision of every Standard. In addition, all
documentation collected through the course of the audit, including the auditor’s notes, are
organized by Standard and securely stored in the Online Audit System for easy reference.
Auditors who use the Online Audit System to conduct an audit can access all components of the
Audit Instrument in the system. In particular, the Pre-Audit Questionnaire, Auditor Compliance
Tool, and Audit Report Template are integrated into the Online Audit System workflow,
allowing auditors to easily organize audit documentation, keep track of their notes for each
Standard, coordinate information sharing with the facility, and seamlessly complete each step
of the audit process.
Auditors are strongly encouraged to use the Online Audit System. Additional information on
how to use the system, system features, and available training webinars can be accessed in the
Resources section in the Auditor Portal. User Guides and contact information for technology
support can also be accessed at www.prearesourcecenter.org/audit/online-auditsystem/access-and-support.

Phase One: Pre-Onsite Audit
Prior to assessing a facility in person, there are a number of important steps for auditors to
carry out during the pre-onsite audit phase. During this phase, which should last approximately
6–8 weeks, the auditor should communicate frequently with facility staff and agency leadership
about the audit process, set expectations and timelines, and discuss logistics for all phases of
the audit. The auditor should work with facility staff to post notices of the upcoming audit
throughout the facility to ensure that inmates have the ability to correspond with auditors in a
manner that is consistent with the facility’s confidential treatment of legal mail, that auditors
review the information and documentation submitted by the facility via the Pre-Audit
Questionnaire and conduct outreach to local advocacy organizations for information relevant to
PREA compliance and sexual safety at the audited facility.

30

These important activities that should be undertaken by the auditor during the pre-onsite audit
phase can be broken down into the following four core steps:
1. Audit Planning and Logistics
2. Posting Notice of the Audit
3. Reviewing Facility Policies, Procedures, and Supporting Documentation
4. Conducting Outreach to Advocacy Organizations
These steps are intended to ensure that auditors focus on multiple sources of information
during the audit process and reduce the workload in later phases of the audit. Additional details
are provided for each of these steps below.
Audit Planning and Logistics
As described above, the pre-onsite audit phase provides an important opportunity for auditors
to communicate with facility staff and agency leadership regarding the audit process, discuss
expectations for the facility and the auditor, review key elements of the contract, and
coordinate logistics for the onsite portion of the audit. It is recommended that auditors conduct
an initial kickoff meeting 16 with key facility and agency staff, and establish a schedule for
continued communication throughout the audit process.
Establishing Audit Goals and Expectations
From the beginning of the audit, it is important for the auditor to establish a positive working
relationship with key facility staff and agency leadership, and to approach the audit as an
opportunity for positive change that will benefit everyone working and living in the facility.
PREA auditors have the difficult yet important job of conducting an objective audit that
assesses compliance with every provision of every Standard and upholds the spirit and intent of
the PREA Standards, while also collaborating with facilities during the corrective action stage of
the audit to reach the shared goal of PREA compliance and, more importantly, sexual safety
within the facility. Auditors should use this early communication with the facility to clearly
articulate their role as an auditor and what the facility can
Corrective Action
expect during each stage of the PREA audit.
It is also important to make clear that the audit, including
Recognizing the number and
any required corrective action, is not intended to be a
complexity of the requirements in
“gotcha” process. While corrective action may be perceived
the PREA Standards, DOJ
purposefully included corrective
as failure by confinement facilities and agencies seeking
action in the Standards to serve as
PREA compliance, DOJ views corrective action as an
a helpful tool for facilities and
opportunity to enhance safety and promote a zero
agencies to work in collaboration
tolerance culture for sexual abuse and sexual harassment.
with their PREA auditor to address
In fact, the PREA audit was built on the assumption that full
challenges related to sexual
compliance with every discrete provision would, in most
safety.
cases, require corrective action. It is important for auditors
to emphasize this message throughout the audit process. By characterizing the audit as an

In most cases, the initial kickoff meeting will be held via teleconference or videoconference; however, auditors
who live in close proximity to the audited facility or agency may opt to conduct this kickoff meeting in person.

16

31

opportunity for positive change, the auditor sets realistic expectations for the initial findings of
the audit and frames the process as one that is of value to the facility or agency.
Communicating Key Information on the Audit Process
In contrast to traditional correctional audits, which largely focus on facility and agency policies
and procedures, the PREA audit relies on a rigorous, practice-based methodology that assesses
whether policies and procedures have been institutionalized. It is important for auditors to
educate the facility about what it means to conduct a practice-based audit, describe each phase
of the audit process and the core activities undertaken by the auditor (e.g., in-depth site review
to directly observe and assess relevant correctional practices), and make it clear that a PREA
audit will be unlike other correctional audits the facility has received in the past.
Further, it is critical that the agency and facility understand that, under the PREA Standards,
auditors are entitled to unfettered access to all areas of the facility, personnel, contractors,
volunteers, and inmates, as well as a wide variety of sensitive and confidential documentation
and information. See, generally, Standard 115.401. Agencies also must understand the auditor’s
obligation to obtain and preserve all documentation and information relied upon in making
audit compliance determinations. See, generally, Standard 115.401. This information must be
communicated by the auditor to a variety of staff and administrators within an agency (e.g.,
medical and mental health providers, agency- and facility-based investigators, human resources
personnel, agency and facility training personnel, and classification and risk screening staff).
Any disagreements regarding access to relevant documentation and information within an
agency or facility should be addressed and resolved prior to the onsite portion of the audit. A
facility’s failure to provide an auditor with access to the necessary documentation or all areas
of the facility could lead to a finding of noncompliance with Standard 115.401 and any
underlying substantive Standards for which the facility has failed to meet its burden of
demonstrating compliance. For additional information, see the callout box on p.37.
To help the facility prepare for each stage of the audit, the auditor should send the facility a
copy of the Process Map, which is described in Chapter 14.
Coordinating Audit Logistics
The following list provides an overview of some basic logistics that the auditor should discuss
with the facility prior to the auditor’s onsite visit to the facility:
•

Establish a primary point of contact (POC) at the facility or agency who will be
responsible for completing the Pre-Audit Questionnaire; responding to questions and/or
requests for additional information from the auditor; coordinating and confirming
posting of the audit notice; and assisting with other agreed-upon tasks. Although it is
very helpful to identify a primary POC at the facility, auditors should emphasize and
clearly convey the expectation that one person in a facility or agency cannot do all of the
work associated with preparing for and completing a PREA audit. A team of
administrators and staff at the audited agency or facility must work together to support
the auditor throughout the process. To that end, auditors are also encouraged to
identify a secondary POC at the facility who is involved in the audit process, can assist
the primary POC, and serve as a backup should the primary POC be unavailable.

•

Agree on deadlines for key milestones in the audit process.
32

•

Develop an audit schedule.

•

Review key elements of the audit contract (e.g., any permissible limitations on
scheduling or contingencies based on facility emergencies).

•

Discuss logistics for the onsite phase of the audit, including but not limited to
transportation to and from the facility, meals, daily schedule for the audit, meeting
space, work space with internet access and adequate outlets, permissible technology
(e.g., laptop, cell phone, digital camera) and other necessary audit materials (e.g.,
binders, notebooks, writing utensils), dress code, and security procedures. In addition,
the auditor and the facility should determine where and how interviews will be
conducted with inmates and staff, and the staff coverage needed to most efficiently and
effectively use facility resources while onsite.

Posting Notice of the Audit
Standard 115.401(n) states, “Inmates, residents, and detainees shall be permitted to send
confidential information or correspondence to the auditor in the same manner as if they were
communicating with legal counsel.” To accomplish this communication with the auditor,
auditors are responsible for working with the facility to ensure that inmates are given adequate
notice of the audit and the information necessary to communicate confidentially with the
auditor if they choose. Auditors should inquire early in the process how the facility plans to
ensure the confidentiality of such communication.
When and Where to Post the Notice
It is strongly recommended that auditors instruct facilities to post the notice of the upcoming
PREA audit at least 6 weeks prior to the onsite portion of the audit throughout the facility, in
places where it will be visible to all inmates and staff (e.g.,
Accessibility of the Audit
visiting areas, housing units, and recreational spaces). See
Notice
the callout box on this page for additional
Auditors are encouraged to work
recommendations on ensuring accessibility of the audit
with facilities to ensure that the
notice.
What the Notice Should Include
The notice of an upcoming PREA audit should include the
following information:
•

Scheduled dates of the audit

•

Purpose of the audit

•

Name of the auditor

•

Up-to-date contact information for the auditor

•

An explicit and factually accurate statement
regarding the confidentiality of any communication
between the auditor and inmates who respond to
the notice. Specifically, the notice should include the
limitations of confidentiality pursuant to any
mandatory reporting laws or policies that apply to
33

PREA audit notice is accessible to
all inmates, including those with
disabilities, with limited reading
ability, with limited English
proficiency, in restrictive housing,
and with mail restrictions. For
example, the auditor should work
with a facility to identify the most
commonly spoken language other
than English so that the notice can
be translated into one or more
languages. It is also recommended
that the notice be posted on
brightly colored paper using large
font and easy-to-read language. A
sample audit notice in both
English and Spanish can be found
on the Auditor Portal.

the auditor. See subsection on Navigating Mandatory Reporting Laws and Policies in
Chapter 16.
Due to the potential volume of correspondence, a P.O. Box is recommended for receiving
confidential (i.e., legal) mail.
Auditors’ Responsibility to Verify Posting of the Notice
Auditors should confirm that the notice has been properly posted by the deadline established
by the auditor and the facility. One verification method is to ask the facility to take datestamped photographs of the notice and its placement throughout the facility, and send these to
the auditor in advance of the onsite portion of the audit. If the auditor is not able to verify
placement of the notices prior to the onsite audit, he or she may also use direct observations
and interviews with inmates and staff to verify the placement of and timeframe when the PREA
audit notice was posted.
Confidential Correspondence with Inmates and Staff
Auditors should also plan to receive confidential correspondence from inmates and staff, and
should take one or more of the following steps to adequately respond to such correspondence.
•

Interviews with Inmates. Except where such correspondence clearly does not relate to
PREA or sexual safety in the audited facility, auditors must strive to include those
inmates who submit correspondence in their interview selections (using the relevant
protocols), unless the inmates are no longer in the custody of the facility.

•

Interviews with Staff. Auditors should generally take the same approach with staff who
submit correspondence, and ensure that such staff are included in the interview process
and given an opportunity to speak directly about any concerns or issues voiced in the
correspondence.

•

Reviewing Documentation. Auditors should attempt to follow up on issues voiced by
inmates and/or staff during the documentation review stage of the audit to determine
whether such issues are reflected in facility documentation and, where applicable, the
extent to which the facility followed the appropriate policies and procedures in
response to the issues or concerns identified.

•

Responding to Urgent Correspondence. In cases where correspondence indicates that
an inmate is in imminent harm or threatening self-harm or harm to others, the auditor
should make any appropriate notifications. For example, when auditors are informed
that a resident in a juvenile facility alleges current abuse, the auditor should determine
whether there is a legal requirement to notify child protective services or another
designated entity. In the absence of a legal requirement, the auditor should determine
whether such a disclosure would be proper. When auditors receive information that an
adult inmate is in imminent danger of abuse, auditors should promptly notify the agency
PREA coordinator or other designated individual or entity. However, auditors must
carefully balance the need to report with any specific requests and expectations the
inmate may have regarding confidentiality or anonymity.

34

Reviewing Facility Policies, Procedures, and Supporting Documentation
Standard 115.401 articulates the auditor’s right to access and the requirements for reviewing
facility and agency documentation throughout all four phases of the PREA audit (see callout box
for a list of applicable provisions and requirements). To facilitate a thorough review of facility
and agency policies, procedures, and supporting documentation in advance of the onsite audit,
auditors are strongly encouraged to reach out to
the facility as early as 8 weeks, and absolutely no
Auditor Access to Documentation
later than 6 weeks, prior to going onsite to a
• 115.401(f) – “The auditor shall review all
facility to begin this review process.
relevant agency-wide policies,
Completing the Pre-Audit Questionnaire
The tool used to gather information at this
preparatory stage is the Pre-Audit Questionnaire,
which identifies the minimum information and
supporting documents that the facility should
submit to the auditor before the onsite audit
begins.

•

•

procedures, reports, internal and
external audits, and accreditations for
each facility type.”
115.401(g) – “The audits shall review, at
a minimum, a sampling of relevant
documents and other records and
information for the most recent one-year
period.”
115.401(i) – “The auditor shall be
permitted to request and receive copies
of any relevant documents (including
electronically stored information).”
115.401(l) – “The auditor shall review a
sampling of any available videotapes and
other electronically available data (e.g.,
Watchtour) that may be relevant to the
provisions being audited.”

Typically, these documents and information
include publicly available or non-sensitive
information. However, auditors are entitled to
•
request and receive sensitive and/or non-public
documents and information at any stage of the
audit process, including during the pre-onsite
audit phase. Reviewing some additional
categories of substantive documents prior to the
onsite portion of the audit may permit the auditor to work more efficiently while onsite at the
facility. In particular, auditors are strongly encouraged to request that the facility provide (at a
minimum) a list of all allegations of sexual abuse and sexual harassment received in the 12
months preceding the audit (or longer if determined necessary by the auditor).
The facility’s ability to produce this information prior to the auditor’s onsite visit to the facility
will provide an important early indicator of the facility’s audit preparedness and level of
compliance. In the event that a facility cannot produce this list, the auditor should clearly
communicate to the facility that, as a result, there is a high probability that it will be out of
compliance with several other Standards that rely on this list to assess compliance, such as
Standards 115.61–115.68, which describe the facility’s responsibilities for responding to inmate
reports of sexual abuse and sexual harassment. Of course, as with any stage of the audit
process and explained elsewhere, auditors must use appropriate safeguards to ensure such
information is not inadvertently disclosed to unauthorized parties.
Additionally, auditors should request a diagram of the physical plant (i.e., building plan) and
review it before the onsite visit to the facility. Becoming familiar with the physical plant
structure allows auditors to thoroughly plan the facility site review and confirm that all areas of
the facility are observed.
The auditor should provide the Pre-Audit Questionnaire to the facility sufficiently early in the
process (approximately 6 to 8 weeks prior to the onsite audit) to permit the facility to provide
35

all the necessary information to the auditor at least 4 weeks before the auditor arrives onsite.
During the planning and logistics stage of the pre-onsite audit, the auditor and the facility
should agree upon a date for the Pre-Audit Questionnaire to be completed by the facility. The
deadline for completion should allow for adequate time in advance of the auditor’s onsite visit
to the facility for follow-up questions and additional documentation requests.
The auditor should also work with the facility to identify a facility staff member (e.g., PREA
coordinator, PREA compliance manager) who will coordinate and lead completion of the PreAudit Questionnaire and ensure that all of the auditor’s questions are adequately addressed. As
previously stated, auditors should inform facilities that neither completion of the Pre-Audit
Questionnaire nor the PREA audit is one person’s responsibility. It is a responsibility that is
shared by the designated facility POC, facility leadership, and key staff who oversee various
facility operations (e.g., classification, medical, mental health, food services, education, and
contract administration). Auditors should encourage facility POCs to work with a team of staff
from departments across the facility or agency to collect the required documentation and
complete the Pre-Audit Questionnaire. Encouraging this collaborative process from the
beginning of the audit will prepare staff across the facility and agency for the onsite phase of
the audit, and create broader awareness of sexual safety and the PREA audit process.
Completion of the Pre-Audit Questionnaire and the auditor’s initial analysis of facility and
agency documentation are critical components of the audit process. These steps lay the
foundation for the audit and form the basis for the auditor’s understanding of the facility’s
operations, terminology, structure, population, and other important information.
For auditors who use the Online Audit System, the designated POC at the facility can upload the
completed Pre-Audit Questionnaire directly to the online platform. The documents are stored
and available for review by the auditor. Another benefit of using the Online Audit System is that
information provided in the Pre-Audit Questionnaire will auto-populate portions of other tools
and templates the auditor will use later in the process (e.g. the Auditor Compliance Tool and
audit report). This is a time saver for auditors who otherwise have to type the same information
into different forms. For auditors who are not utilizing the Online Audit System, the completed
Pre-Audit Questionnaire and related documents can be emailed or saved onto an encrypted
portable drive and mailed to the auditor. For information on auditor requirements for
maintaining the safety and security of audit documentation, refer to Chapter 5.
Once the Pre-Audit Questionnaire is complete and all documentation has been received, the
auditor should conduct a thorough review, identify gaps or issues with the submitted
documentation, and follow up with the facility POC with requests for additional information
and/or documentation, as needed. To facilitate and document this process, auditors are
encouraged to use the Issue Log and File Review Template, which are available in the Auditor
Portal. In preparation for the onsite phase of the audit, auditors are strongly encouraged to
begin completing the pre-onsite audit portions of the Auditor Compliance Tool during their
review of the Pre-Audit Questionnaire (see Chapter 16 for additional details on completing the
Auditor Compliance Tool).
Because most PREA Standards require some form of documentation to verify the facility’s
compliance, auditors are required to review a large number and variety of documents. To help
facilitate this review process, auditors are strongly encouraged to begin using the Checklist of
36

Documentation while reviewing the facility’s completed Pre-Audit Questionnaire and to
continue using the Checklist of Documentation throughout the audit process. Along with the
Pre-Audit Questionnaire, the auditor is encouraged to send
IMPORTANT
the facility’s designated POC the Checklist of Documentation
and any additional identified categories of documents the
If at any point in the course of the
auditor deems relevant so that the facility has a complete
audit a facility or agency denies an
auditor access to documentation,
listing of the documents the auditor will need to review
the audit report should reflect
onsite and can prepare in advance to make them available
“Does Not Meet Standard” for
when the auditor arrives. The volume of documentation
Standard 115.401. In addition, if
requested can be overwhelming for facilities; thus, auditors
an auditor is denied access to
are also encouraged to highlight which documents listed in
documents relevant to the
the Checklist of Documentation the auditor is specifically
facility’s compliance with any
looking for the facility to submit as part of the Pre-Audit
underlying substantive Standard,
agencies will likely have failed to
Questionnaire, as opposed to, for example, documentation
fulfill their burden of
that may be typically collected during the onsite portion of
demonstrating compliance with
the audit.
the Standards pursuant to
Standard 115.401(e). In such
cases, the auditor should similarly
reflect a finding of “Does Not
Meet Standard” with respect to
the underlying substantive
Standard.

Prior to going onsite to a facility, auditors are encouraged to
review the facility and/or agency website and conduct a
broad web search on the audited facility in advance of the
audit to determine if there is any relevant information that
may shed light on the culture and history of the facility such
as recent budgetary or staffing changes, legal action against
the facility (e.g., federal consent decree), press clippings, and other information that might
inform the audit.
Conducting Outreach to Advocacy Organizations
The final pre-onsite audit task for auditors is to conduct outreach to relevant advocacy
organizations. PREA Standard 115.401(o) states, “Auditors shall attempt to communicate with
community-based or victim advocates who may have insight into relevant conditions in the
facility.”
This step in the pre-onsite audit phase is important because it provides the auditor with an
opportunity to learn about issues of sexual safety and related concerns at the facility that may
impact the audit. In particular, there are times when external inmate or victim advocates have
information about sexual abuse and sexual harassment at the facility that may not otherwise
become apparent to an auditor during the course of the audit. It is also important to note that
auditors may not always be successful in reaching advocacy organizations during the pre-onsite
audit phase. In such instances, auditors should make multiple attempts to connect with
advocacy organizations throughout the audit process to ensure their important perspectives
are included in the auditors’ analyses and findings.
State or local coalitions against sexual assault operate in nearly all states, are easily identified
using online searches, and serve as a good place to begin learning about the information that
community-based or victim advocates may have.

37

The following is a non-exhaustive list of federal agencies and national organizations that
provide online directories of state and local victim service organizations and are current as of
the date of publication of this Handbook:
•

Office on Violence Against Women (OVW)
www.justice.gov/ovw/local-resources

•

OVC Training and Technical Assistance Center (OVC TTAC)
ovc.ncjrs.gov/findvictimservices/about.html

•

Just Detention International (JDI)
www.justdetention.org/service/

•

The Rape, Abuse & Incest National Network (RAINN)
www.rainn.org/state-resources

•

National Sexual Violence Resource Center (NSVRC)
www.nsvrc.org/organizations?tid=8&

Although not required by the PREA Standards, for audits of juvenile facilities, auditors should
also conduct outreach to the state and/or local department of children’s services to determine
if there have been any reports of sexual abuse or sexual harassment submitted by residents or
staff at the audited facility that the department may permissibly share. Similarly, for audits of
adult facilities, auditors should conduct outreach to state and/or local adult protective services,
agencies that are generally responsible for monitoring abuse, neglect, and exploitation of older
adults and adults with physical or cognitive disabilities. Some states also maintain external
oversight bodies that publish reports or may have useful information for an auditor.
Auditors who are unable to identify a community-based or advocacy organization may contact
the PREA Resource Center for assistance. Once advocacy organizations have been identified,
auditors must conduct interviews with administrative staff in these organizations and solicit
information relevant to PREA compliance, including any knowledge staff may have about issues
of sexual safety in the audited facility and any support services the organization may provide for
incarcerated individuals at the audited facility. Auditors must take and preserve notes of these
interviews, and include relevant information obtained from these individuals or organizations in
the triangulation—the process of weighing multiple forms of evidence to assess compliance—of
evidence and determinations of facility compliance in the final phases of the audit.
Estimating Time to Complete the Pre-Onsite Audit
Auditors should be prepared to commit significant time to the pre-onsite audit phase. The
actual time necessary for a given audit will depend on several factors, including the type of
facility; its size; the degree to which the facility is prepared for the audit; and, importantly, the
completeness, organization, and comprehensiveness of the materials the facility provides.
Auditors should plan to spend 40 to 50 hours on the pre-onsite audit phase.
Auditors should also remember that less work in the pre-onsite audit phase will likely mean
more work in the onsite and post-onsite phases of the audit. If the pre-onsite audit work takes
less time because the facility provides little or incomplete information, then the auditor should
plan to make up that work onsite doing additional documentation reviews and during the postonsite audit phase conducting additional follow-up work. For example, documents or categories
38

of documents that are incomplete or unavailable during any phase of the audit will necessarily
require follow-up requests for the missing documents and time to review those documents.
The auditor should provide the facility or agency with realistic estimates of the time an audit
will require, and should keep the audited facility updated on significant changes to the audit
schedule.
Review of Auditor Tools for Phase One of the PREA Audit
Pre-Audit Questionnaire
Auditor Compliance Tool
Checklist of Documentation
Process Map

•
•
•
•

Phase Two: Onsite Audit
During the onsite phase of a PREA audit, auditors conduct a thorough examination of the entire
facility, observe routine activities, interview staff and inmates, and review and retain key
documents maintained by the facility. These activities can be broken down into the following
three core components of the onsite audit:
•

Site Review

•

Conducting Interviews

•

Documentation Selection and Review

These core components form the foundation of a practice-based audit methodology. An
auditor’s fidelity to these steps is critical for conducting a high quality, reliable, objective, and
comprehensive audit. It is important to remember that the primary purpose of the onsite
phase of the PREA audit is to assess the day-to-day practices used by facility staff to promote
sexual safety. It is not appropriate to focus only or primarily on written policies and procedures
when conducting a PREA audit. The importance of auditors’ observations, interviews with staff
and inmates, and review of facility documentation is reflected in Standard 115.401(e), which
states, “The agency shall bear the burden of demonstrating compliance with the standards.”
Therefore, an agency must be compliant not only in policy but must also demonstrate
institutionalization of the Standards in its day-to-day practices. An agency or facility that is
unable to provide sufficient evidence of compliance, or provides substantially conflicting
information or evidence regarding compliance, has failed to meet its burden. Significantly, the
unavailability of documentation or information required to adequately evaluate and
demonstrate compliance requires a finding of “Does Not Meet Standard” for Standard
115.401(e).
While working onsite, auditors should rely on the Auditor Compliance Tool to gather and
organize information they will use to make compliance determinations. The Auditor
Compliance Tool walks the auditor step by step through each provision of every Standard,
pairing the provision itself with the detailed requirements for compliance and noting how, as
well as when, during the audit process the auditor should verify that the facility meets those
requirements. Auditors must keep thorough notes while working on site. Notes are a critical
element of the audit process because they help auditors recall important details when it comes
time to write the audit report. They are also required under Standard 115.401(j), which states,
39

“The auditor shall retain and preserve all documentation (including, e.g., video tapes and
interview notes) relied upon in making audit determinations. Such documentation shall be
provided to the Department of Justice upon request.” For this reason, the Auditor Compliance
Tool provides space for the auditor to describe observations, reflections, follow-up questions,
and other comments. When onsite, the auditor should also verify any information that the
facility provided during the pre-onsite audit phase that may lead to a finding of noncompliance
with the Standards. Using the Auditor Compliance Tool consistently throughout the audit allows
the auditor to keep track of the evidence collected for each Standard and more easily identify
those Standards that may need additional follow up while onsite.
Each step in the onsite audit phase is described in greater detail below.

Site Review
PREA Standard 115.401(h) states, “The auditor shall have access to, and shall observe, all areas
of the audited facilities.” In order to meet the requirements in this Standard, the site review
portion of the onsite audit must include a thorough examination of the entire facility. As stated
in Chapter 15, auditors should request a diagram of the physical plant during the pre-onsite
audit phase and become familiar with the facility layout to ensure that all areas of the facility
are thoroughly observed. The site review is not a casual tour of the facility. It is an active,
inquiring process that includes talking with staff and inmates to determine whether, and the
extent to which, the audited facility’s practices demonstrate compliance with the Standards.
The review of practices during the site review requires active engagement with critical facility
functions such as intake and risk screening; cross-gender announcement; grievance process;
use of signage throughout the facility (e.g., notice of the
IMPORTANT
audit, PREA posters); activity in the housing units; bathroom
and shower procedures; staffing ratios; cameras and
Auditors are encouraged to have
surveillance technology deployment and use; working
informal conversations with
condition of telephones, kiosks, and other devices; access to
inmates and staff during the site
reporting entities; and supervision practices. Auditors must
review; however, these
watch closely during the site review and are strongly
conversations do not constitute a
encouraged to have facility staff walk them through routine
formal interview for the purpose
of complying with Standard
practices such as risk screening, and pay close attention and
115.401(k) and meeting the
ask questions during this process. For example, auditors are
interview requirements set forth
strongly encouraged to accompany an incoming inmate
in this Handbook.
through the initial screening process—questioning staff
along the way—to thoroughly understand how the process works in practice. This contributes
significantly to the auditor’s understanding of how the facility conducts this function and
provides a better basis for determining where there may be issues in need of corrective action.
If allowed by the facility, the auditor is also encouraged to take photographs of facility areas
that present problems with compliance (e.g., cells that allow for direct sight into toilet areas)
and/or where the facility may be exceeding a Standard or otherwise demonstrating a promising
practice (e.g., victim-centric design and placement of PREA inmate education materials). With
permission from the facility, photographs of promising practices may serve as useful examples
for auditors to provide to staff and administrators during subsequent audits. Auditors should

40

take care to abide by all facility restrictions on photography and should only take photographs
of the physical plant.
The Audit Instrument includes Site Review Instructions to guide auditors in conducting a
comprehensive site review. In addition, auditors are encouraged to use the Site Review
Template to document this process, which can be found on the Auditor Portal. Some areas of a
facility require more attention than others, and the auditor should read and follow the Site
Review Instructions carefully. For instance, facility staff may advise the auditor that inmates are
not allowed in a particular area of the facility or that there are certain areas where only staff
have access (e.g., closets, offices). Because these are spaces where sexual abuse may be more
likely to occur, the auditor should ensure that these areas of the facility are observed during the
site review. Even when taking great care, the auditor may need to re-inspect certain areas of
the facility later in the process if information obtained from interviews, documentation review,
or other sources raises questions or concerns. As stated above, auditors must also take
thorough notes and document their observations during the site review. This will allow the
auditor to conduct a more efficient and thorough review of the evidence during the post-onsite
audit phase.
Defining a Housing Unit
While conducting the site review, auditors should take care to accurately count the number of
housing units according to the definition issued by the DOJ PREA Working Group. Facilities
often define a housing unit differently from the definition under the PREA Standards; thus,
auditors should not rely solely on the number of housing units the facility reports during
contract negotiations or during the pre-onsite audit phase. Auditors should make an
independent determination regarding the number of housing units during the site review to
ensure that they are able to fully comply with the interview sampling requirements described in
the next subsection and appropriately assess the facility’s compliance with the Standards that
may be impacted by this determination. In particular, auditors should note that, according to
the definition from the DOJ PREA Working Group, a single control room that connects multiple
pods does not constitute a single housing unit. But rather, the “architectural design and
functional use of these multiple pods indicate that they are managed as distinct housing units.”
The DOJ PREA Working Group defines a housing unit as follows: 17
The question has been raised in particular as it relates to facilities that have
adjacent or interconnected units.
The most common concept of a housing unit is architectural. The generally agreedupon definition is a space that is enclosed by physical barriers accessed through
one or more doors of various types, including commercial-grade swing doors, steel
sliding doors, interlocking sally port doors, etc. In addition to the primary entrance
and exit, additional doors are often included to meet life safety codes. The unit
contains sleeping space, sanitary facilities (including toilets, lavatories, and
showers), and a dayroom or leisure space in differing configurations.
Many facilities are designed with modules or pods clustered around a control
room. This multiple-pod design provides the facility with certain staff efficiencies
17

See www.prearesourcecenter.org/node/3209.

41

and economies of scale. At the same time, the design affords the flexibility to
separately house inmates of differing security levels, or who are grouped by some
other operational or service scheme. Generally, the control room is enclosed by
security glass, and in some cases, this allows inmates to see into neighboring pods.
However, observation from one unit to another is usually limited by angled site
lines. In some cases, the facility has prevented this entirely by installing one-way
glass.
Both the architectural design and functional use of these multiple pods indicate
that they are managed as distinct housing units.
Conducting Interviews
The interview process is among the most important, and most challenging, elements of a PREA
audit. Interviews are also a mandatory part of the auditing process. There are two PREA
Standards that address an auditor’s responsibility to conduct interviews. Standard 115.401(k)
states, “The auditor shall interview a representative sample of inmates, residents, and
detainees, and of staff, supervisors, and administrators.” Standard 115.401(m) provides the
auditor the right to conduct confidential interviews, stating, “The auditor shall be permitted to
conduct private interviews with inmates, residents, and detainees.”
The objective of conducting one-on-one interviews with inmates is to provide a safe space
where inmates can freely discuss their experiences at and perspectives of the facility on
sensitive issues related to sexual safety. Although not specifically required by the Standards,
private interviews with staff also help to uncover information and perspectives that may not
surface when individuals are speaking in the company of others. For this reason, auditors are
strongly encouraged to conduct interviews with only one staff member at a time in a private
setting to ensure they are accurately capturing that
IMPORTANT
individual’s knowledge of the PREA Standards, sexual safety
in confinement, and his or her specific roles and
Auditors who do not take and
responsibilities.
maintain interview notes will be
The Audit Instrument includes six interview protocols for
interviewing different categories of inmates and staff as
listed below:
•

Agency head or designee

•

Warden or designee

•

PREA coordinator/PREA compliance manager

•

Specialized staff

•

Random staff

•

Inmates

out of compliance with Standard
115.401(j). Auditors should take
comprehensive notes during all
inmate and staff interviews. In
most cases, it is not possible to
rely on memory to reconstruct
what was said, by whom, or at
what point. Notes are the best
way for auditors to guide their
evaluation of interview content
and its relationship to other
evidence when making
compliance determinations for
each provision of every Standard.

Each interview protocol is designed to elicit information
about practices in the facility that relate to specific PREA Standards and more general attitudes
about preventing and responding to sexual abuse and sexual harassment. It is important to
remember that these interview protocols are just the starting point for a conversation that
42

yields useful information. The protocol questions are not intended to provide a script for use
during the interview, but rather serve as a guide or checklist to ensure that auditors understand
what information must be gained from the interview. If read as a script, the auditor would be
asking leading questions that will not yield useful information. Additionally, the protocols do
not cover every Standard that auditors may need to cover during a particular interview.
Auditors should use the interview protocols in conjunction with the Auditor Compliance Tool
and information collected throughout the audit process to inform what additional information
should be covered.
The subsections below provide more detailed guidance for conducting individual interviews
with inmates and staff. This guidance is not a substitute for the interview protocols in the Audit
Instrument. Auditors are required to use the appropriate protocols as the foundation for every
interview.
Navigating Mandatory Reporting Laws and Policies
Each state and territory has its own mandatory reporting laws that require certain individuals to
report incidents or suspicions of abuse, neglect, or maltreatment of vulnerable persons. The
most familiar of these laws govern the reporting of child abuse and neglect, but there are also
laws in many jurisdictions that require reporting abuse and neglect of elderly, disabled, or other
vulnerable individuals, which may include incarcerated persons.
Before committing to an audit, the auditor should determine whether he or she qualifies as a
mandatory reporter in the jurisdiction where the audit will take place. Auditors should work
with the requesting facility and agency to learn the mandatory reporting laws in that
jurisdiction and any rules the facility or agency may have, how to comply with relevant laws and
policies, and the identity of the entity or individual designated to receive such reports. Auditors
are strongly encouraged to include clear and specific details regarding mandatory reporting in
their contracts with facilities and agencies, as well as in the audit notices that are posted
throughout the facility.
In practical terms, mandatory reporting places limits on an auditor’s ability to assure
confidentiality. Prior to interviewing or having informal conversations with any inmate or staff
member, the auditor must explain any mandatory reporting requirements.
For more information on mandatory reporting, The Project on Addressing Prison Rape at the
American University Washington College of Law maintains a repository of mandatory reporting
laws in all 50 states (see www.wcl.american.edu/endsilence/statesurveys.cfm).
Interviewing Inmates
The perspectives of inmates are essential to understanding the practices, procedures, and
culture of a confinement facility. The objectives of inmate interviews are to understand the
facility’s practices from the inmate’s perspective and determine the extent to which inmates
are knowledgeable about the facility’s obligations to keep them safe from sexual abuse and
sexual harassment. As required under Standard 115.401(k), auditors must interview a
representative sample of inmates, and must use information collected during these interviews
to inform compliance determinations during the post-onsite audit phase.
The subsections below detail specific guidance regarding the appropriate sampling
methodology and the minimum number of inmates that auditors are required to interview.
43

Interviews with Randomly Selected Inmates
Auditors must obtain an up-to-date inmate roster (or the equivalent) on or just before the first
day of the audit, and use this roster to make random interview selections. It is highly
recommended that auditors obtain an inmate roster that is organized by housing unit. This will
ensure that auditors select an interview sample that is geographically diverse, meaning that the
inmates an auditor selects should be from as many housing units as possible in different
locations throughout the facility. Auditors are also advised to obtain an inmate roster that is
sorted alphabetically to assist, when necessary, with identifying specific inmates and crossreferencing with other information collected during the audit.
Auditors should be aware that interview selections may be subject to change for a variety of
reasons such as inmate refusals or operational factors (e.g., discharge of a selected
interviewee). To minimize disruption to the audit process and to the audited facility’s normal
routine, alternate selections should be identified in advance. Where feasible, auditors should
also oversample in housing units that house specialized subpopulations. Oversampling refers to
the practice of selecting more individuals from a subgroup than would generally be the case if
everyone in the population had an equal chance of being selected. For example, if an auditor is
conducting one inmate interview per housing unit in a facility that has 10 male housing units
and 2 female housing units, the auditor would only capture interviews with 2 female inmates.
But, if the auditor oversamples by selecting four to six female inmates for interviews, this will
help to ensure their perspectives and experiences are adequately represented in the audit
findings, even though women are a distinct minority in this facility. Other specialized
subpopulations that may be housed together include inmates housed in medical or mental
health wings, protective custody units, and special programming units, among others.
Auditors should plan to spend at least 20 minutes on each random inmate interview in order to
elicit useful information. While conducting these interviews, auditors should also be prepared
to ask additional follow-up questions from the targeted inmate interview protocols where
appropriate. For example, an auditor may learn during the course of a random inmate interview
that the inmate experienced prior sexual abuse and is limited English proficient (LEP). In this
scenario, the auditor should ask questions from the applicable targeted interview protocols
included in the Audit Instrument.
Interview rubrics listing the required number of random inmate interviews by facility type and
population size are presented below in Tables 1–4.
Interviews with Targeted Inmate Populations
Assessing a facility’s day-to-day practices for ensuring the sexual safety of all inmates is a crucial
element of the audit. One of the ways to get a strong sense of these practices and of actual
sexual safety is to interview appropriate numbers of the most vulnerable populations in
custody. Auditors must ensure that these populations are adequately represented in the
interview process. To accomplish this, auditors should work with the facility to obtain a list of all
inmates that fall within the prescribed target populations, including their housing units, so
auditors can ensure geographic diversity. Auditors must attempt to interview a selection of
inmates belonging to each of the following targeted populations.
•
•

Youthful inmates/detainees confined in adult prisons, jails, and lockups
Youthful inmates held in segregated housing to provide sight and sound separation
44

•
•
•
•
•
•
•
•

Inmates with a physical or cognitive disability
Inmates who are LEP
Transgender and intersex inmates
Lesbian, gay, and bisexual inmates
Inmates placed in segregated housing for their own protection from sexual victimization
Juvenile residents in isolation in juvenile facilities
Inmates who reported sexual abuse that occurred in the facility
Inmates who reported prior sexual victimization during risk screening

The number of interviews of individuals in the targeted populations must comport with the
requirements presented in Tables 1–4 below. In some facilities, auditors may be told that there
are no members of one or more of the targeted populations. Auditors have a responsibility to
corroborate such a statement, and can do so based on information obtained from the Pre-Audit
Questionnaire; documentation reviewed onsite; and discussions with screening, classification,
medical, and mental health staff, among others.
Auditors should evaluate the extent to which a facility appropriately and consistently collects,
maintains, and tracks relevant information about whether an inmate is a member of a targeted
population. If the auditor is not persuaded that the facility is sufficiently able to consistently
identify members of the targeted populations, then the auditor should not be willing to accept
claims of “none here” without further probing. Auditors should also be aware of other
Standards that may be impacted by a facility’s inability to identify members of certain targeted
populations. For example, a facility that is unable to identify any inmates who are lesbian, gay,
bisexual, transgender, intersex (LGBTI) or gender nonconforming may not be meeting its
obligations for screening inmates for risk of victimization and abusiveness under Standard
115.41. In addition, the auditor should use interviewing opportunities with other inmates to
explore whether there are members of the targeted populations in the facility but unidentified
by facility staff. When deemed appropriate, the auditor should attempt to conduct an interview
with inmates identified in this manner.
Inmates selected from these targeted populations should be interviewed first using the
Random Sample of Inmates interview protocol, followed by the appropriate targeted inmate
interview protocol. It may also be appropriate to interview
IMPORTANT
an inmate using more than one targeted inmate interview
protocol. For example, if an inmate identifies as LGBTI, is a
Interviews with inmates who have
reported sexual abuse are not
victim of prior sexual abuse, and is being held in segregated
intended to gather information to
housing due to risk of sexual victimization, it would be
determine the validity of the
appropriate to interview that inmate using four interview
report. The purpose is to
protocols: the Random Sample of Inmates interview
document, from the alleged
protocol, the Transgender and Intersex Inmates; Gay,
victims’ perspectives, what
Lesbian, and Bisexual Inmates interview protocol; the
happened when they reported the
Inmates Placed in Segregated Housing (For Risk of Sexual
incident, whether they feel that
the report was handled properly,
Victimization/Who Allege to Have Suffered Sexual Abuse)
and whether required services
interview protocol; and the Inmates who Disclosed Sexual
were provided.
Victimization During Risk Screening interview protocol. In
such circumstances, a single interviewee will satisfy multiple interview requirements, as
discussed in the next subsection in greater detail.
45

Interviews with inmates in the targeted interview populations will likely require additional time.
The amount of time will vary depending on the particular protocol, as well as the volume and
type of information shared by the inmate. Auditors should plan for and schedule their time
accordingly.
Selecting a Representative Sample of Inmates
Standard 115.401(k) requires that auditors “shall interview a representative sample of inmates,
residents, and detainees.” Representative sampling means that auditors must select a group of
inmates whose characteristics reflect the total inmate population in the audited facility. In
order to guide auditors in conducting an adequate number of inmate interviews, the PREA
Management Office has established detailed requirements that prescribe the minimum number
and types of inmate interviews that must be conducted according to the facility type and total
inmate population.
The interview rubrics presented in Tables 1–4 below provide the minimum number of inmate
interviews that must be conducted for each facility type: Prisons and Jails, Lockups, Community
Confinement Facilities, and Juvenile Facilities. When determining the required number of
inmate interviews, auditors should first determine the total inmate population as of the first
day of the onsite portion of the audit. This should be based on the inmate roster and in
conjunction with other information such as discharges, inmate programming (e.g., work
release, inmates temporarily out of the facility for medical appointments or court
appearances), and other factors that may impact the facility population during the audit.
Auditors should then use this information to identify the inmate interview requirements that
match the type of audited facility and the population size (as of the first day of the onsite
portion of the audit) detailed in Tables 1–4 below. Using the guidance presented earlier in this
chapter, auditors should then select the requisite number of random and targeted inmate
interviewees.
Guidelines for Inmate Interviews
Before using the interview rubrics in Tables 1–4 below to identify the required number of
inmate interviews, auditors must first understand how the core requirements in the rubrics are
defined.
•

Overall Minimum Number of Inmate/Resident/Detainee Interviews. This number
refers to the absolute minimum number of inmates/residents/detainees that the
auditor is required to interview during an audit. The number of random and targeted
interviews should meet or exceed the overall minimum interview threshold. Even when
an auditor is unable to conduct the minimum number of targeted interviews (e.g., the
facility does not house a certain targeted population), the auditor must select additional
inmates/residents/detainees in order to meet the minimum threshold. 18

•

Minimum Number of Random Inmate/Resident/Detainee Interviews. This number
refers to the minimum number of inmates/residents/detainees that the auditor is
required to randomly select and interview during an audit.

For very small facilities, auditors may be unable to meet the overall minimum number of
inmate/resident/detainee interviews. See the Subsection below titled “Required Documentation when Interview
Requirements Are Not Met” for guidance on how to document any deviations from the minimum threshold.

18

46

•

Minimum Number of Targeted Inmate/Resident/Detainee Interviews. This number
refers to the minimum number of targeted inmates/residents/detainees that the
auditor is required to interview during an audit. Importantly, the requirement refers to
the minimum number of individuals who are required to be interviewed, not the
number of protocols used. Thus, in cases where an auditor uses multiple protocols
during one interview, it will only count as one
IMPORTANT
inmate interview for the purpose of meeting the
overall threshold for targeted inmate interviews. For
The numbers presented in the
example, if an auditor is completing an audit of a jail
interview rubrics represent the
absolute minimum numbers of
with fewer than 50 inmates and conducts an
interviews that auditors must
interview with an inmate who is LEP, reported prior
conduct during an audit. Failure to
sexual victimization during risk screening, and is a
conduct the required numbers of
youthful inmate, that interview will satisfy three of
interviews may result in
the five individual targeted interview requirements,
disciplinary action by the PREA
but the auditor must still conduct four more
Management Office that impacts
interviews with inmates from the other targeted
an auditor’s DOJ certification.
populations in order to meet the overall threshold.
Auditors are strongly encouraged
Therefore, in many cases, the number of targeted
to conduct more interviews where
interview protocols used will likely exceed the
feasible and necessary. For
example, if an auditor learns of
number of individuals interviewed from targeted
significant issues with sexual
populations.

•

Breakdown of Targeted Inmate/Resident/Detainee
against a particular group of
Interviews. The breakdown of targeted interviews is
inmates, the auditor should
conduct additional interviews with
intended to guide auditors in interviewing the
inmates from that group.
appropriate cross-section of
inmates/residents/detainees who fall within these
special populations. Because individuals may often fall within multiple targeted
populations, in many cases one interview will likely satisfy multiple individual targeted
interview requirements. See the example above under the definition of Minimum
Number of Targeted Inmate/Resident/Detainee Interviews.

abuse or sexual harassment

When using the interview rubrics, auditors must be aware of the following guidelines:
•

Formal interviews with inmates. The numbers presented in the interview rubrics
pertain only to formal interviews conducted using the interview protocols included in
the Audit Instrument. Informal conversations with inmates during the site review, while
strongly encouraged, do not count toward the number of inmate interviews required for
each audit.

•

Importance of conducting interviews with inmates in a private setting. It is critical that
inmates have an opportunity to speak privately with an auditor. Remember that
Standard 115.401(m) provides the auditor with the right to conduct confidential
interviews, stating, “The auditor shall be permitted to conduct private interviews with
inmates, residents, and detainees.” As such, auditors may have informal conversations
with groups of inmates during the site review process; however, auditors may not count

47

these group conversations with inmates toward meeting the requisite number of inmate
interviews.
•

All inmate interviews are voluntary. An inmate can refuse to participate without
consequences. In this event, auditors must select additional inmates, as necessary, to
meet the minimum required number of inmate interviews. When an inmate chooses not
to participate in an interview, auditors are encouraged to continue speaking with the
interviewee for a commensurate amount of time about topics that are unrelated to
PREA (e.g., hobbies, sports, television) so that other inmates and staff cannot detect
who participated in an interview and who did not. Importantly, if the interviewee begins
to discuss information related to PREA or the conversation migrates to PREA-related
topics, the auditor must again ask the inmate if he or she would like to answer questions
related to PREA. Only if the inmate agrees to participate in the interview should the
auditor allow the conversation to continue regarding PREA and sexual safety within the
facility.

•

Ensuring that inmates are free from external pressure to participate. Before beginning
an interview, the auditor should ask the inmate to confirm that he or she has not been
pressured by anyone to consent to be interviewed, to refuse to be interviewed, or
coached on what to say during the interview.

•

How to count random and targeted inmate interviews. A single interview cannot be
double counted as both a random and a targeted interview. If it becomes apparent
during the course of an interview with an inmate selected at random that he or she falls
within one or more of the required targeted inmate populations, and the auditor uses
additional protocols to capture the relevant information, the auditor can count the
interview as either a random interview or as a targeted interview, but not both.

•

How to meet the minimum threshold for targeted inmate interviews. If an auditor is
unable to identify an inmate from one of the targeted inmate populations (e.g., the
facility does not house youthful inmates) or an inmate belonging to a targeted
population does not wish to participate in an interview, the auditor must select inmates
from other targeted populations in order to meet the minimum number of targeted
inmate interviews. If the auditor is unable to interview an adequate number of inmates
to meet the minimum threshold for targeted interviews, he or she should then conduct
additional random inmate interviews in order to comply with the overall minimum
number of interviews. As stated above, these additional random inmate interviews
cannot count toward meeting the targeted inmate interview requirements. Rather,
auditors must thoroughly document why the required number of targeted inmate
interviews could not be met and their strategy for conducting additional random inmate
interviews in order to meet the overall minimum number of required interviews. By way
of example, if an auditor is completing an audit of a jail with fewer than 50 inmates, and
he or she is only able to conduct 3 targeted inmate interviews, that auditor will then
need to conduct 2 additional random inmate interviews (for a total of 7 random inmate
interviews) to meet the overall minimum threshold of 10 inmate interviews.

48

•

Interviewing inmates who submit confidential correspondence. As stated in the
previous chapter, in their interview selections, auditors must strive to include any
inmates who submit confidential correspondence unless an inmate is no longer in the
custody of the facility or the correspondence clearly does not relate to PREA or sexual
safety in the audited facility. For the purpose of meeting the minimum number of
inmate interviews, such interviews may be counted as random or targeted depending
on the nature of the interview.

•

Ensuring a geographically diverse sample of inmates. When selecting inmates for
interviews, whether targeted or random, auditors must ensure that the sample is
geographically diverse, meaning that the inmates an auditor selects should be from as
many housing units as possible in different locations throughout the facility. In cases
where the number of housing units is greater than the number of required interviews,
there should ideally not be any interviewees selected from the same housing unit,
although this may be constrained by the number and location of certain targeted inmate
populations. Conversely, where the number of housing units is less than the number of
required interviews, auditors should select at least one inmate from each housing unit
for an interview.

•

Documenting how geographic diversity was achieved. In the audit report, auditors
must thoroughly document how geographic diversity was achieved in the interview
selection process (i.e., total number of housing units, number of housing units by
gender, and the number of interviews conducted in each housing unit). When
determining how much information is appropriate to report, auditors must take care to
ensure that those inmates who participated in an interview are not identifiable to staff
and others based on the information provided. If an auditor is unable to follow the
guidelines above for achieving geographic diversity, he or she must clearly articulate the
reason.

•

Ensuring adequate gender representation. In facilities that house both male and female
inmates, auditors must ensure that both genders are represented in their interview
sample.

•

Making independent interview selections. When selecting inmates for interviews,
auditors are required to make their own interview selections and are not to rely on the
facility or agency to make these selections. The purpose of this is to ensure that all
inmate interview selections are conducted objectively.

49

TABLE 1: REQUIRED NUMBER OF INMATE INTERVIEWS
Prisons and Jails
Interview Type

0–50
Overall Minimum Number of
At least 10
Inmate Interviews
Minimum Number of Random
At least 5
Inmate Interviews
Minimum Number of Targeted
At least 5
Inmate Interviews
Breakdown of Required Targeted Inmate Interviews
Youthful Inmates
At least 1
Inmates with a Physical
At least 1
Disability

51–100
At least 16

Inmate Population Size*
101–250
251–500
501–1,000
At least 20
At least 26
At least 30

1,001–2,500
At least 40

2,501+
At least 50

At least 8

At least 10

At least 13

At least 15

At least 20

At least 25

At least 8

At least 10

At least 13

At least 15

At least 20

At least 25

At least 2
At least 1

At least 2
At least 1

At least 2
At least 1

At least 3
At least 1

At least 3
At least 1

At least 4
At least 1

Inmates who are Blind, Deaf, or
Hard of Hearing

At least 1

Inmates who are LEP
Inmates with a Cognitive
At least 1
At least 1
Disability
Inmates who Identify as
At least 1
At least 1
At least 1
At least 1
Lesbian, Gay, or Bisexual
Inmates who Identify as
At least 1
At least 1
At least 2
Transgender or Intersex
Inmates in Segregated Housing At least 1
At least 1
At least 1
At least 1
for High Risk of Sexual
Victimization
Inmates Who Reported Sexual
At least 1
At least 1
At least 2
At least 3
Abuse
Inmates Who Reported Sexual
At least 1
At least 1
At least 2
Victimization During Risk
Screening
*Inmate population size is based on the actual population on the first day of the onsite portion of the audit.

50

At least 1
At least 1

At least 1
At least 1

At least 1
At least 2

At least 1

At least 2

At least 3

At least 2

At least 3

At least 4

At least 1

At least 2

At least 2

At least 3

At least 4

At least 4

At least 2

At least 3

At least 3

TABLE 2: REQUIRED NUMBER OF DETAINEE INTERVIEWS
Lockups
Interview Type

0–50
At least 10

51–100
At least 16

Overall Minimum Number of
Detainee Interviews
Minimum Number of Random
At least 5
At least 8
Detainee Interviews
Minimum Number of Targeted
At least 5
At least 8
Detainee Interviews
Breakdown of Required Targeted Detainee Interviews
At least 1
At least 2
Juvenile/Youthful Detainees
At least 1
At least 1
Detainees with a Physical
Disability

Detainee Population Size*
101–250
251–500
At least 20
At least 26

501+
At least 30

At least 10

At least 13

At least 15

At least 10

At least 13

At least 15

At least 3
At least 1

At least 4
At least 1

At least 4
At least 1

At least 1
At least 1
At least 1
Detainees who are Blind, Deaf,
or Hard of Hearing
Detainees who are LEP
At least 1
At least 1
At least 1
At least 2
At least 1
At least 1
At least 1
At least 2
At least 2
Detainees with a Cognitive
Disability
Detainees Identified as
At least 2
At least 3
At least 3
At least 4
At least 5
Potentially Vulnerable to Sexual
Victimization During Risk
Screening (not otherwise
identified above)**
*Detainee population size is based on the actual population on the first day of the onsite portion of the audit.
**Standard 115.141 includes a limited number of criteria for assessing detainees for risk of sexual victimization; therefore,
auditors must attempt to identify and interview detainees who present characteristics (not already captured in Standard
115.141) that may put them at high risk for victimization such as identification as lesbian, gay, or bisexual; identification as
transgender or intersex; and detainees who experienced prior victimization. Because lockup facilities are not required to
collect information on characteristics not listed in Standard 115.141, the facility may not have an official record of detainees
who present these other risk factors; however, the auditor may be able to identify these detainees through interviews with
other detainees and staff, and review of detainee records (e.g., medical or mental health records).

51

TABLE 3: REQUIRED NUMBER OF RESIDENT INTERVIEWS
Community Confinement Facilities
Interview Type

0–50
At least 10

51–100
At least 16

Overall Minimum Number of
Resident Interviews
Minimum Number of Random
At least 5
At least 8
Resident Interviews
Minimum Number of Targeted
At least 5
At least 8
Resident Interviews
Breakdown of Required Targeted Resident Interviews
At least 1
At least 1
Residents with a Physical
Disability

Resident Population Size*
101–250
251–500
At least 20
At least 26
At least 10

At least 13

At least 15

At least 10

At least 13

At least 15

At least 1

At least 1

At least 1

Residents who are Blind, Deaf,
or Hard of Hearing
Residents who are LEP
At least 1
Residents with a Cognitive
At least 1
At least 1
At least 1
Disability
At least 1
At least 1
At least 2
At least 2
Residents who Identify as
Lesbian, Gay, or Bisexual
At least 1
At least 2
At least 3
At least 3
Residents who Identify as
Transgender or Intersex
Residents Who Reported Sexual At least 1
At least 2
At least 2
At least 3
Abuse
Residents Who Reported Sexual At least 1
At least 1
At least 1
At least 2
Victimization During Risk
Screening
*Resident population size is based on the actual population on the first day of the onsite portion of the audit.

52

501+
At least 30

At least 1
At least 1
At least 2
At least 2
At least 3
At least 3
At least 2

TABLE 4: REQUIRED NUMBER OF RESIDENT INTERVIEWS
Juvenile Facilities
Interview Type

0–50
At least 10

51–100
At least 16

Overall Minimum Number of
Resident Interviews
Minimum Number of Random
At least 5
At least 8
Resident Interviews
Minimum Number of Targeted
At least 5
At least 8
Resident Interviews
Breakdown of Required Targeted Resident Interviews
At least 1
At least 1
Residents with a Physical
Disability

Resident Population Size*
101–250
251–500
At least 20
At least 26

501+
At least 30

At least 10

At least 13

At least 15

At least 10

At least 13

At least 15

At least 1

At least 1

At least 1

Residents who are Blind, Deaf,
or Hard of Hearing
Residents who are LEP
At least 1
Residents with a Cognitive
At least 1
At least 1
Disability
At least 1
At least 1
At least 1
At least 1
Residents who Identify as
Lesbian, Gay, or Bisexual
At least 1
At least 2
At least 2
Residents who Identify as
Transgender or Intersex
Residents in Isolation
At least 1
At least 1
At least 1
At least 1
Residents Who Reported Sexual At least 1
At least 2
At least 2
At least 3
Abuse
Residents Who Reported Sexual At least 1
At least 2
At least 2
At least 3
Victimization During Risk
Screening
*Resident population size is based on the actual population on the first day of the onsite portion of the audit.

At least 1
At least 1
At least 1
At least 2
At least 2
At least 1
At least 3
At least 3

Required Documentation when Inmate Interview Requirements Are Not Met
Auditors must make all reasonable efforts to conduct the required numbers of inmate
interviews. Where this is not possible, auditors must clearly describe their sampling process and
the reason why the thresholds could not be achieved. For example, even after extensive
probing, an auditor may be unable to meet the required number of interviews for a particular
targeted inmate population. In such a case, the auditor must describe in the audit report the
steps he or she took to identify an inmate within the targeted population and the information
he or she obtained through that process.
Additionally, for some smaller facilities, auditors may be required to interview every inmate,
resident, or detainee in the audited facility, including facilities with an actual population of 10
or fewer. Auditors should plan for some flexibility in these very small facility settings, but this
flexibility should facilitate interviews of all inmates, residents, and detainees, as appropriate.
One exception to this is when one or more inmates declines to be interviewed. If for any
reason, regardless of facility size, an auditor does not conduct the minimum numbers of
interviews prescribed above, he or she must thoroughly document this in his or her notes and
include a discussion of why this was not possible in the audit narrative portion of the audit

53

report. Auditors must be mindful, however, to ensure that those inmates who participated in
an interview are not identifiable to staff and others based on the information provided.
Interviewing Staff
Staff interviews are another important element of a PREA audit. Standard § 115.401(k) requires
that “the auditor shall interview a representative sample of . . . staff, supervisors, and
administrators” in each audited facility. The primary purpose of interviewing facility staff is to
determine whether and to what extent they understand their responsibilities under the PREA
Standards, as well as the obligations imposed on the facility and agency. In addition, interviews
of staff provide information on the extent to which a zero tolerance culture for sexual abuse
and sexual harassment has been implemented in the facility and agency.
Similar to interviews with inmates, auditors must conduct interviews with a random sample of
staff selected from varying shifts and work assignments, as well as targeted interviews with
staff who have specialized roles and responsibilities within the facility. The Audit Instrument
includes interview protocols for both random and specialized interviews with staff.
The subsections below detail specific guidance regarding the appropriate sampling
methodology and the minimum number of staff that auditors are required to interview.
Interviews with Randomly Selected Staff
As stated above with regard to conducting interviews with inmates, representative sampling
means that auditors must select a sample that adequately
IMPORTANT
represents the full complement of staff in the audited
Auditors are required to make
facility.
their own staff interview

To accomplish this, auditors are required to conduct at least selections and are not to rely on
12 interviews with randomly selected staff during the onsite the facility or agency to make
portion of the audit. Using the sampling guidance
these selections.
prescribed in the random staff interview protocol, auditors
must randomly select line staff representing a diverse cross-section of work assignments and
must also ensure that they interview at least one staff member from each shift. Importantly,
auditors should be aware that 12 random staff interviews represent the absolute minimum
number of interviews that auditors must conduct during an audit. Auditors are strongly
encouraged to conduct more interviews where feasible and necessary.
Remember that, like interviews with inmates, interviews conducted with staff are also
voluntary. However, in cases where staff opt not to participate in the interview or respond to
certain questions, auditors should inform staff that their decision not to participate may impact
the audit findings, and the auditor may have to find the facility out of compliance with certain
Standards if they are unable to adequately corroborate information through interviews with
staff. If this occurs, auditors must select additional staff, as necessary, to meet the minimum
number of interviews required, as described above. Additionally, before beginning an interview,
the auditor should ask the staff member to confirm that he or she has not been pressured by
anyone to consent to be interviewed, to refuse to be interviewed, or coached on what to say
during the interview.

54

Random staff interviews should require approximately 20 minutes, but may go significantly
longer depending on the amount of information staff have to contribute. In general, auditors
should develop an interviewing practice that enables them to elicit as much useful information
from staff as possible (see the callout box with useful interviewing tips below).
Interviews with Specialized Staff and Leadership
In addition to random staff interviews, auditors must conduct targeted interviews with staff
who have specialized roles and responsibilities. These interviews are designed to help the
auditor determine whether or not particular roles and responsibilities outlined in the PREA
Standards are operational in the facility. Interviews with specialized staff must include all of the
following, when applicable:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

Agency contract administrator
Intermediate or higher level facility staff responsible for conducting and documenting
unannounced rounds to identify and deter staff sexual abuse and sexual harassment
Line staff who supervise youthful inmates, if any
Education and program staff who work with youthful inmates, if any
Medical and mental health staff
Non-medical staff involved in cross-gender strip or visual searches
Administrative (human resources) staff
Sexual Assault Forensic Examiner (SAFE) and Sexual Assault Nurse Examiner (SANE) staff
Volunteers and contractors who have contact with inmates
Investigative staff
Staff who perform screening for risk of victimization and abusiveness
Staff who supervise inmates in segregated housing
Staff on the sexual abuse incident review team
Designated staff member charged with monitoring retaliation
First responders, both security and non-security staff
Intake staff

Interviews with the following facility and agency leadership are required:
•
•
•
•

Agency head or designee
Warden/facility director/superintendent or designee
PREA coordinator
PREA compliance manager

Auditors must interview the staff as indicated by the specialized staff interview protocols in the
Audit Instrument. Importantly, specialized staff selected for an interview do not also count
toward satisfying the minimum threshold for random staff interviews discussed above. Auditors
should be aware that specialized staff interviews should generally be conducted independently
of the random staff interviews. These are distinct staff, and the interview protocols should be
used separately. However, some staff randomly selected for interviews may serve in one or
more of the specialized roles listed above such as first responder, intake staff, staff who
supervise inmates in segregated housing, staff who perform screenings for risk of victimization
and abusiveness, non-medical staff involved in cross-gender strip or visual searches, and line
55

staff who supervise youthful inmates. If during the course of an audit, it becomes apparent that
the majority of line staff serve in one or more of these roles, it is recommended that the auditor
include the relevant protocols when interviewing randomly selected staff. For example, in a
facility where all line staff serve as first responders, it is recommended that the auditor use
both the Interview Guide for a Random Sample of Staff protocol and the Security Staff and NonSecurity Staff who Have Acted as First Responders protocol when conducting interviews with
randomly selected staff. In such circumstances, the auditor may count these interviews toward
satisfying the requirement for both the applicable specialized staff interviews and random staff
interviews.
In addition to the specialized staff listed above, there may be other staff who the auditor should
speak with in order to understand the facility’s operations and to conduct a comprehensive
audit. Although there are no specialized staff interview protocols for these staff positions,
auditors are strongly encouraged to conduct interviews with mailroom staff, staff who develop
and/or deliver training, the chaplain, classification staff, designated union representative or
members of bargaining units (when applicable), information technology staff who can assist
with relevant data collection, and other positions as deemed necessary.
Specialized staff interviews will vary in different settings. Depending on the size and
characteristics of the facility, certain specialized staff roles envisioned in the PREA Standards
will not exist, and the auditor must determine which member(s) of the current staff to
interview. Additionally, staff in some facilities may be responsible for more than one of the
specialized staff duties. Therefore, more than one interview protocol may apply to an interview
with a single staff member. For example, if an auditor selects a nurse who conducts screenings
for risk of sexual victimization or abusiveness and who is employed through an organization
that contracts with the facility for medical services, the auditor should use three interview
protocols: Medical and Mental Health Staff, Volunteers and Contractors who Have Contact with
Inmates, and Staff who Perform Screening for Risk of Victimization and Abusiveness.
Due to the diverse nature of specialized staff roles, and the need to combine or adapt the
relevant protocols when staff serve in multiple specialized roles, the time necessary to
interview these staff may range from 30 minutes to 1.5 hours; thus, auditors should be
prepared to change the audit schedule as needed to accommodate these interviews. When
necessary, auditors may also opt to conduct interviews with certain specialized staff by phone
such as agency investigators located in a different region of the state or SAFE or SANE staff
employed by a nearby hospital.
Auditors should plan to interview a diverse cross-section of both volunteers and contractors
who perform different roles in the facility such as religious, education, medical, mental health,
programming, and maintenance. Auditors should conduct two to four interviews with
volunteers and another two to four interviews with contractors who have contact with inmates.
Auditors should also conduct interviews with approximately two to four investigative staff, both
at the facility and agency levels. Auditors are encouraged to interview more than one staff
member serving in other specialized roles as well, when deemed necessary and feasible.

56

Required Documentation when Staff Interview Requirements Are Not Met
Auditors must make all reasonable efforts to meet the staff interviewing requirements outlined
above. The PREA Management Office recognizes, however, that it will not always be possible to
achieve the requisite number of staff interviews due to a number of factors (e.g., number of
staff, facility operations). This may be particularly relevant for audits of smaller facilities where
there are fewer staff in the facility than the required number of interviews. If for any reason,
regardless of facility size, an auditor does not conduct the minimum number of staff interviews
prescribed above, he or she must thoroughly document this in his or her notes and include a
discussion of why this was not possible in the audit narrative portion of the audit report.
Effective Strategies for Interviewing Staff and Inmates
•

Use open-ended rather than “yes/no” questions.

•

Keep an open mind; listen carefully to everything the person is saying; and take the person’s
comments seriously.

•

Work to establish a positive rapport and trust with the person being interviewed.

•

Be sure that the person being interviewed fully understands the purpose of the interview.

•

Schedule interviews to be minimally disruptive to facility operations, without cutting short individual
interviews or reducing the total number of interviews.

•

Request a private, quiet location to conduct interviews (e.g., classroom, attorney/client visitation
room). It is also preferable to identify an interview space where facility staff can observe the
interview through a window and to position the inmate with his or her back to the window.

•

Never allow other staff members or inmates to participate or sit in on an interview.

•

Never conduct group interviews.

•

Do not re-ask questions that have already been answered by the person being interviewed.

•

Take notes during each interview for use later when information that has been collected is
triangulated and the compliance determinations are made.

Documentation Selection and Review
There are four provisions under Standard 115.401 that address auditor access to and
requirements for reviewing facility and agency documents. These include the following:
•
•
•
•

115.401(f) – “The auditor shall review all relevant agency-wide policies, procedures,
reports, internal and external audits, and accreditations for each facility type.”
115.401(g) – “The audits shall review, at a minimum, a sampling of relevant documents
and other records and information for the most recent one-year period.”
115.401(i) – “The auditor shall be permitted to request and receive copies of any
relevant documents (including electronically stored information).”
115.401(l) – “The auditor shall review a sampling of any available videotapes and other
electronically available data (e.g., Watchtour) that may be relevant to the provisions
being audited.”

57

While working on site, auditors must review a variety of documents, including, but not limited
to personnel files, inmate intake and screening records, staff training records, documentation
of inmate education, and sexual abuse investigation reports. Information contained in these
documents is crucial to forming an accurate impression of what a facility does to protect
inmates from sexual abuse and sexual harassment, and how staff respond to incidents when
prevention fails. Accordingly, auditors should plan to spend a significant amount of time on
documentation review during the onsite portion of the audit.
Auditors should remember that the PREA audit is not an
IMPORTANT
audit of policies and procedures only. It is primarily an audit
of practice. The objective for the auditor is to examine
It is the auditor’s responsibility to
review all relevant
enough evidence to make a compliance determination
documentation, and it is the
regarding the audited facility’s actual practice. Policies and
responsibility of the audited
procedures do not demonstrate actual practice, although
agency or facility to provide
they are the essential baseline for establishing practice and
complete and accurate
should be reviewed carefully. Some facility practices may be documentation for the 12 months
reflected in documents, which should be sampled and
(or more) prior to the date of the
reviewed appropriately. However, in order to gather
audit.
sufficient evidence to make a compliance determination,
documentation must be reviewed in tandem with observations made during the site review and
with information obtained during interviews with inmates and staff. Each of these sources of
information—interviews, observations, and documentation—should be used to corroborate the
others. This is an integral part of the triangulation process.
The available relevant documentation will vary among facilities based on a number of factors
such as facility size and operations, the extent of record keeping, and the record-keeping
format (i.e., electronic or paper records). Auditors should carefully go through the Auditor
Compliance Tool and the Checklist of Documentation to confirm that they have sampled and
reviewed all relevant documentation for each audit. The Checklist of Documentation provides
an extensive list of relevant documentation and is an important tool that auditors should use to
ensure they meet their requirements for documentation review under the Standards.
It is important to remember that documents received in advance of the onsite portion of the
audit—typically non-sensitive materials such as policies or procedures—are not suitable
substitutes for onsite documentation review. Documents submitted by facilities through the
Pre-Audit Questionnaire during the pre-onsite audit phase must not be taken as representing a
complete or accurate picture of facility operations in practice. Such documents are self-selected
and are not always an appropriate basis for making compliance determinations.
Document Sampling
In order to ensure that a representative sample of documents are selected for review, auditors
should start the document sampling process with a comprehensive list of inmates, staff, and
relevant records. Auditors need to first understand the universe they are sampling from. The
table below provides a summary of important types of lists that auditors should request from
the facility; however, for a more extensive inventory, auditors should refer to the Checklist of
Documentation. Some of these lists are also the starting point for making interview selections
58

from both staff and inmates; thus, auditors may already have these lists as a result of the
interviewing process. In addition, auditors should take care to supplement the official lists they
obtain from facilities with information they learn onsite through observations and interviews
with staff and inmates. For example, a facility may indicate
IMPORTANT
that there are no inmates who identify as LGBTI; however,
through the course of interviews with inmates and staff, an
As with interview selections,
auditors are required to select
auditor may identify one or more inmates who fall within
documents for review and must
this specialized population. These inmates should be
not rely on the facility or agency
included in the auditor’s sample for both interviews and
to make these selections.
document review, where appropriate.
Access to these lists is critical for determining facility compliance with the PREA Standards. It is
very difficult, if not impossible, to find compliance if a facility is unable to provide some of these
lists. If the facility is unable to provide the information indicated, the auditor should work with
the facility to produce the necessary information. The auditor may have to find the facility out
of compliance with one or more Standards if pertinent information and documentation cannot
be obtained.
TABLE 5: LISTS FOR DOCUMENT SAMPLING
All Facility Types

List
Facility Type
Complete inmate roster*
All
Youthful inmates/detainees
Prisons, Jails, and Lockups
Inmates with disabilities
All
Inmates who are LEP
All
LGBTI Inmates
All
Inmates in segregated housing
Prisons and Jails
Residents in isolation
Juvenile Facilities
Inmates/residents who reported sexual abuse
All
Inmates/residents who reported sexual victimization
Prisons, Jails, and Juvenile
during risk screening
Facilities
Complete staff roster
All
Specialized staff (see interview protocols for full list)
All
All contractors who have contact with inmates
All
All volunteers who have contact with inmates
All
All grievances made in the 12 months preceding the
All
audit
All incident reports from the 12 months preceding the
All
audit
All allegations of sexual abuse and sexual harassment
All
reported for investigation in the 12 months preceding
the audit
All hotline calls made during the 12 months preceding
All
the audit
* Inmate roster is based on the actual population on the first day of the onsite portion of the audit.

Once these lists are received, the auditor can begin selecting documents for review. Each
auditor’s strategy for documentation review during the onsite portion of the audit may vary

59

slightly; however, the purpose of this section is to guide auditors in reviewing an adequate
sample of documents.
Where there is a collection of records to review—such as staff, contractor, and volunteer
training records; background check records; supervisory rounds logs; risk screening and intake
processing records; inmate education records; medical files; and investigative files—auditors
must review a representative sample of each type of record. It is important to remember that
many types of records will require auditors to follow the document trail to determine whether
or not the facility followed the required protocol in the PREA Standards; thus the number of
records reviewed will vary by facility. For example, each inmate should have a screening record
in his or her file. In cases where the screening record indicates that the inmate disclosed prior
victimization, the auditor must follow that inmate’s records to determine, for example,
whether the facility provided the appropriate medical and/or mental health follow-up required
under Standard 115.81(a)/115.381(a) and provided appropriate housing and programming
assignments pursuant to Standard 115.42/115.242/115.342. To facilitate this review process,
auditors are encouraged to use the File Review Template, which is available on the Auditor
Portal.
As discussed in Chapter 15, auditors should review records that pertain to issues voiced by
inmates and/or staff who submitted confidential correspondence to the auditor during earlier
phases of the audit to determine whether such issues are reflected in the facility’s
documentation and, where applicable, the extent to which the facility followed the appropriate
policies and procedures in response to the identified issues or concerns.
In addition to sampling the records, as described above, auditors must also conduct more
targeted sampling of documentation related to sexual abuse and sexual harassment allegations.
For facilities with 20 or fewer sexual abuse and sexual harassment allegations in the past 12
months, auditors should review at least 10 records that document the facility’s response,
including, but not limited to inmate grievances, risk screening records (including re-screening),
housing and programming information, first response records, investigative referrals (if
appropriate), investigative files, pertinent medical and mental health records, retaliation
monitoring records, sexual abuse incident review records, and records of notification to
inmates. In facilities that have more than 20 allegations of sexual abuse or sexual harassment in
the past 12 months, it is recommended that auditors review at least 10 records plus an
additional 10 percent of the remaining records over 20. For example, if a facility has 70
allegations of sexual abuse or sexual harassment in the past 12 months, the auditor should
review a minimum of 15 investigative files. Additionally, while it is important to sample both
sexual abuse and sexual harassment allegations, auditors should prioritize the review of sexual
abuse allegations.
Auditors should also ensure that they review a cross-section of cases that are pending,
substantiated, unsubstantiated, and unfounded; criminal and administrative; and involving
both staff-on-inmate and inmate-on-inmate allegations. For investigations that are ongoing,
auditors should prioritize reviewing those cases that are further along and should be mindful
not to select open cases where possible criminal prosecution may be affected. Investigations
that were just recently initiated before the auditor arrived onsite may not bear much
60

substantive information for the purpose of assessing compliance with PREA. When identifying
allegations for review, auditors should also be aware that such files may not be labeled using
language that is consistent with the Standards. For example, many facilities may not refer to
certain comments or behaviors that are sexually offensive as sexual harassment; therefore,
auditors should work with the facility staff to understand how such incidents are catalogued in
their records and also be prepared to search the investigative files and incident logs for other
common words or phrases that may meet the definition of sexual harassment. Interviews with
information technology staff can often surface helpful information regarding how the facility
categorizes and documents relevant allegations in electronic databases.
Estimating Time to Complete the Onsite Audit
The time to complete the onsite phase of the audit will vary depending on a number of factors
such as facility type, population size, physical plant layout and size, facility organization, and
preparedness level. Thus, the PREA Management Office does not prescribe a minimum amount
of time auditors must spend during the onsite portion of the audit. Rather, the duration of the
onsite audit must provide adequate time for the auditor to thoroughly evaluate compliance
with the PREA Standards in practice and assess the facility’s commitment to sexual safety and
zero tolerance for sexual abuse and sexual harassment.
Auditors must use information obtained about the facility, coupled with the methodological
requirements articulated in this Handbook, to determine the appropriate number of days for
the onsite portion of the audit. To assist auditors with estimating the duration of the onsite
audit based on the parameters above, Table 6 provides a breakdown of the estimated time to
complete the required number of inmate and staff interviews based on facility type and
population size.
TABLE 6: ESTIMATED TIME TO COMPLETE INMATE AND STAFF INTERVIEWS

Inmate Population Size*
0–50
51–100
101–250
251–500
501–1,000 1,001–2,500
2,501+
2.0 days
2.2 days
2.4 days
2.6 days
2.7 days
3.0 days
3.4 days
Prisons and Jails
(20.3 hours) (22.3 hours) (23.7 hours) (25.7 hours) (27.0 hours) (30.3 hours) (33.7 hours)
0–50
51–100
101–250
251–500
501+
1.7 days
1.9 days
2.0 days
2.2 days
2.4 days
Lockups
(16.8 hours) (18.8 hours) (20.2 hours) (22.2 hours) (23.5 hours)
Community Confinement 1.7 days
1.9 days
2.1 days
2.3 days
2.4 days
Facilities
(17.3 hours) (19.3 hours) (20.7 hours) (22.7 hours) (24.0 hours)
Juvenile Facilities
1.9 days
2.1 days
2.3 days
2.5 days
2.6 days
(19.3 hours) (21.3 hours) (22.7 hours) (24.7 hours) (26.0 hours)
Note: These estimates are based on a 10-hour work day, the assumption that there is only one auditor working onsite
with no support staff, and the assumption that there is no waiting time between interviews or breaks. The actual time to
complete inmate and staff interviews may vary considerably depending on deviations from these assumptions.
*Inmate population size is based on the actual population on the first day of the onsite portion of the audit.
Facility Type

In addition to the estimated time to complete interviews with inmates and staff, auditors must also
account for a thorough site review, extensive documentation review, and in-briefs and out-briefs
with facility/agency staff. A thorough site review may range from 2 to 3 hours for smaller facilities to
6 or more hours for larger facilities. The time necessary for documentation review while onsite will
vary considerably based on facility size and operations, availability of relevant documentation, the
61

extent of record-keeping, and the record-keeping format (i.e., electronic or paper records).
Depending on the above factors, auditors should plan to spend between 3 and 6 hours, minimum, on
documentation review. These estimates are intended to serve as a helpful reference point for
auditors during contract negotiations with agencies and while planning the onsite portion of the
audit. They do not include an auditor’s daily review of his or her work, transcribing and compiling
interview notes, further evidence review, triangulation, and corrective action planning that the
auditor may engage in while onsite.
Review of Auditor Tools for Phase Two of the PREA Audit
•
•
•
•

Auditor Compliance Tool
Site Review Instructions
Interview Protocols
Checklist of Documentation

Phase Three: Evidence Review and Interim Report
After the last day of the onsite portion of the audit, the auditor has 45 days 19 to review all the
evidence collected, write an interim report—or final report if there is no corrective action—and
submit the report to the audited facility. At this stage, auditors still have a significant amount of
work ahead of them and should never provide facilities with compliance findings at the
conclusion of the onsite portion of the audit. Once an auditor has concluded the onsite visit to
the facility, this initiates the evidence review phase of the PREA audit in which the auditor must
review all of the evidence collected—including policies and procedures, the auditor’s
observations of routine practices in the facility, what the auditor learned in the course of
interviewing staff and inmates, and information contained in the documentation (e.g.,
medical/mental health files, investigation files, training logs)—in order to make a compliance
determination for each Standard. The 45-day window required by DOJ to submit the audit
report to the facility is reflective of the significant time and effort needed to carefully review
the evidence collected for each provision of every Standard and write a professional and
thorough audit report.
Systematic Review of the Evidence
Once auditors have completed the onsite phase of the audit, the Auditor Compliance Tool is a
critical tool that must be used by auditors to review all the evidence collected and make a
compliance determination for each provision of every Standard. The Auditor Compliance Tool, a
required part of the Audit Instrument, is a centralized place to take detailed notes, and track
and organize information collected during all phases of the audit. The Auditor Compliance Tool
also guides the auditor on what evidence to consider for each Standard. While auditors may
make provisional judgments about compliance during earlier phases of the audit by noting
comments in the Auditor Compliance Tool, the auditor’s actual compliance findings that are

19

See the full FAQ here: www.prearesourcecenter.org/node/3226.

62

captured in the interim (or final) report to the facility should be based on a systematic review of
the evidence after the onsite portion of the audit.
Auditors should also be aware that communication with the facility does not end once they
conclude the onsite portion of the audit. In the evidence review phase of the audit, it is
expected that an auditor will be in frequent communication with the facility to obtain
additional documentation and information, and when necessary, coordinate interviews with
staff that could not be completed onsite. Auditors are strongly encouraged to set a deadline for
the facility to provide additionally requested documentation or information during this phase to
ensure that the auditor can comply with the timeline for report submission.
When considering whether or not a facility is in compliance with a particular Standard, auditors
must consider all related evidence, including the auditor’s observations of routine practices in
the facility, what the auditor learned in the course of interviewing staff and inmates, and
information contained in documentation that the auditor
IMPORTANT
reviewed. As previously stated, the process of weighing
multiple forms of evidence to assess compliance is called
If a facility is out of compliance
“triangulation.” The triangulation process will be difficult at
with any provision of a Standard,
times. Some information the auditor might ideally want to
the facility is out of compliance
with the entire Standard.
consider will be missing, or the body of evidence related to
a particular Standard may be unclear or contradictory. In
these circumstances, it is up to the auditor to apply his or her discretion and professional
judgment to reach a reasoned decision about compliance. Pursuant to an FAQ issued by the
DOJ PREA Working Group, auditors also need to see that compliance with a particular Standard
has become “institutionalized” at the facility. 20
Careful decision making is essential to the PREA audit in general, but it is especially important
when making determinations about compliance with the Standards. Auditors are called upon to
evaluate the evidence in light of their experience, specialized training, and ongoing education
to reach a decision about compliance for each provision of every Standard and be able to
clearly explain and justify the reasoning underlying each finding. Auditors must be able to
defend their findings in their written reports and in any other communications with
facility/agency leadership and DOJ. In addition, while identifying any deficiencies in policy,
procedure, and practice is essential, auditors should be careful not to overlook aspects of the
facility that contribute to building and sustaining a zero tolerance/reporting culture (e.g.,
identified staff who are PREA champions within the institution, strong commitment to and
investment in PREA among facility/agency leadership). These assets are important to consider
as they will serve as the foundation for improvements during the corrective action phase that
may bring the facility into full compliance with the Standards.

20

See the full FAQ here: www.prearesourcecenter.org/node/3217.

63

Interim Report
There are four provisions under Standard 115.403 that address auditor requirements for audit
report content and findings. These include the following:
•

115.403(a) – “Each audit shall include a certification by the auditor that no conflict of
interest exists with respect to his or her ability to conduct an audit of the agency under
review.”

•

115.403(b) – “Audit reports shall state whether agency-wide policies and procedures
comply with relevant PREA standards.”

•

115.403(c) – “For each PREA standard, the auditor shall determine whether the audited
facility reaches one of the following findings: Exceeds Standard (substantially exceeds
requirement of standard); Meets Standard (substantial compliance; complies in all
material ways with the standard for the relevant review period); Does Not Meet
Standard (requires corrective action). The audit summary shall indicate, among other
things, the number of provisions the facility has achieved at each grade level.”

•

115.403(d) – “Audit reports shall describe the methodology, sampling sizes, and basis
for the auditor’s conclusions with regard to each standard provision for each audited
facility, and shall include recommendations for any required corrective action.”

•

115.403(e) – “Auditors shall redact any personally identifiable inmate or staff
information from their reports, but shall provide such information to the agency upon
request, and may provide such information to the Department of Justice.”

The auditor’s initial report to the facility is known as the interim report. Unless the facility is
found to be in full compliance with all PREA Standards, this
IMPORTANT
report is the basis for collaboration between the auditor
and the facility to address specific deficiencies in policy and
On occasion, minor or technical
practice. As stated above, the interim report must be
violations with the Standards may
submitted to the facility not more than 45 days after the
be remedied prior to the 45-day
last day of the onsite portion of the audit. The one
deadline for the auditor to issue
the interim audit report when the
exception to this is for newly certified auditors on
Standard at issue does not
probationary certification status who have 60 days to
implicate other related Standards.
submit their reports to the PREA Resource Center and
incorporate any feedback prior to delivering the report to
the facility (see Chapter 10 for more detail on probationary certification status).
The Audit Instrument includes a report template that auditors are required to use to produce
reports. 21 The report template standardizes audit reports, addresses the reporting
requirements in the PREA Standards, and prompts auditors to address each of the PREA
Standards, including every provision and element in each Standard. For auditors using the
Online Audit System, the report template is integrated into the online audit platform and will
be auto-populated using the information entered by auditors throughout the audit process.
Auditors are required to use the most up-to-date version of the report template included in the Audit
Instrument.

21

64

In addition to conveying the auditor’s findings for each of the PREA Standards, the auditor’s
interim report must include the following elements:
•

Characteristics of the audited facility. In order to provide readers with a basic
understanding of the facility’s characteristics, operations, and some context for how the
auditor applied the prescribed audit methodology and arrived at his or her compliance
determinations for each Standard, the auditor must provide a brief narrative describing
the audited facility. This description should include information regarding the inmate
population size and makeup, staff size, number and types of housing units, security
levels, facility operations, and age of the facility, among other characteristics. This
narrative should be brief, and auditors should not go into extensive detail regarding
facility characteristics that are unrelated to the PREA audit (e.g., reentry programming).
Additionally, auditors should refrain from making generalized value statements about
the facility and staff; for example, “all staff were professional and accommodating,” or
“all staff were committed to PREA and inmate safety.” Because in the vast majority of
cases auditors will not have spoken with all staff or all inmates, such statements may be
interpreted as auditor bias. To make an objective assessment, it is critical that the
auditor state facts based on precise observations with evidence to support them. PREA
auditors must uphold a high standard of objectivity, and this should be reflected in the
audit report.

•

Overview of audit methodology. As required by Standard 115.403(d), the report must
contain a description of the audit methodology for each phase of the audit such as
sampling techniques used to select staff and inmates for interviews, the number and
types of interviews conducted (including the exact number of inmates formally
interviewed), sampling techniques used to select documents for review onsite, auditor
observations during the site review, and outreach to community-based victim service
providers. It is recommended that the auditor provide a brief summary of this
information in the narrative section of the audit report, followed by more detailed
information on the methodology and evidence collected in the Standard-by-Standard
review.

•

Barriers to completing the audit. The report should document any obstacles or
challenges the auditor encountered at the facility such as any unwarranted delays in
accessing areas of a facility, individuals, or facility records; any access that was
prohibited; and any pressure from the facility or parent agency to ignore or understate
policies or practices that fall short of the PREA Standards. This information is very
important, even if the auditor was able to complete the audit.

•

Summary of findings. Pursuant to Standard 115.403(c), each audit report must include a
summary of the auditor’s compliance determinations, including the total number of
findings of Exceeds Standard, Meets Standard, and Does Not Meet Standard. The audit
report template in the Audit Instrument includes a designated space to provide this
information.

65

•

Evidence that supports every finding. In order to justify and support each compliance
finding (compliance, noncompliance, and exceeds Standards), the auditor must provide
detailed information on all evidence gathered and considered (i.e., observations,
interviews, documentation). If there are contradictions in the evidence (i.e. one type of
evidence supports compliance while another does not), the auditor must describe how
he or she resolved those discrepancies to reach a finding.

•

Noncompliance and corrective action. The interim report must identify deficiencies and
recommended corrective action steps. Following issuance of the interim report, the
auditor will work collaboratively with the facility to develop a corrective action plan,
specific deliverables, timeframes, and steps the auditor will take to re-assess and verify
the facility’s compliance at various stages throughout the process.

•

Transparency regarding the auditor and his or her employer. The audit report must
identify the lead or responsible auditor, and if applicable, list the names of all other DOJcertified PREA auditors and non-certified support staff who assisted the lead auditor
during any phase of the audit, and provide a brief description of the role of other staff
during the audit. Auditors are also required to disclose the nature of any third party
entity’s involvement in the PREA audit. For example, an auditor who is hired by ABC
PREA Auditing, LLC, to conduct a PREA audit must disclose its role and the auditor’s
relationship with it.
Review of Auditor Tools for Phase Three of the PREA Audit
•
•

Auditor Compliance Tool
Audit Report Template

Phase Four: Corrective Action and Final Report
Noncompliance and corrective action are normal and expected parts of the PREA audit.
Recognizing there are several hundred specific requirements in the PREA Standards, it is
expected that very few confinement facilities will be in full compliance with all the PREA
Standards without undergoing some corrective action. For this reason, the auditor’s role goes
beyond identifying deficiencies in policy, procedure, and practice and includes recommending
corrective actions and serving as a guide to facilities and agencies as they make the changes
necessary to become fully PREA compliant.
Noncompliance and Corrective Action
Issuance of the interim report to the audited facility triggers a corrective action period, which
may last up to 180 days. Standard 115.404 details the auditor’s requirements during this stage
of the audit:
•

115.404(b) – “The auditor and the agency shall jointly develop a corrective action plan
to achieve compliance.”

66

•
•

115.404(c) – “The auditor shall take necessary and appropriate steps to verify
implementation of the corrective action plan, such as reviewing updated policies and
procedures or re-inspecting portions of a facility.”
115.404(d) – “After the 180-day corrective action period ends, the auditor shall issue a
final determination as to whether the facility has achieved compliance with those
standards requiring corrective action.”

Auditors should be sensitive to the current culture in the facility—its strengths and its
weaknesses as they relate to responding to sexual abuse and sexual harassment—and be
respectful in dealing with both line staff and administrators. At the same time, auditors must be
assertive and firm in identifying deficiencies and the actions needed to remedy those problems.
While it is the agency’s and the facility’s responsibilities to implement new policies and
practices, the auditor is a collaborator in that process by consulting with staff and
administrators, providing information and guidance, and directing administrators to seek
additional information and technical assistance available from the PREA Resource Center,
where necessary. In particular, the auditor should help the facility develop a corrective action
plan that includes:
•

All deficiencies and recommended corrective action steps identified in the auditor’s
interim report

•

A list of required deliverables and changes the auditor must verify to determine that
the facility is in compliance with all PREA Standards

•

A proposed methodology for how the auditor will verify compliance

•

An agreed upon timeline for implementing all the required actions

Facilities have up to 180 days to undertake the agreed upon corrective actions; provide the
evidence the auditor requires to verify that the facility has fully addressed all deficiencies
identified in the interim report; and is in compliance with all PREA Standards. Depending on the
nature and extent of the deficiencies, auditors may have to employ a range of strategies to
verify compliance. Remember that a change in policy often impacts the day-to-day practices
within a facility and may require curriculum development and training to fully implement; thus,
even seemingly minor changes to a policy may require more extensive verification methods.
At the conclusion of the corrective action period, the audited facility should have taken all the
steps agreed upon with the auditor, and the auditor should have conducted all the necessary
verification procedures.
Final Report
Following the conclusion of the corrective action period, the auditor has an additional 30 days
to complete and submit the final report. Where there is corrective action, the final report is an
updated version of the auditor’s interim report to the facility. If no corrective action is required,
the final report will be the only report issued to the facility. In either instance, the final report
must comply with all of the requirements for audit report content and findings under Standard
115.403, as well as the requirements detailed for the interim report in Chapter 17 of this
Handbook.
67

PREA Standard 115.403(d) requires each audit report (interim and final) to describe the
auditor’s methodology, sampling sizes, and basis for the auditor’s conclusions with regard to
each provision of every Standard, and include recommendations for any required corrective
action. The final report must also describe the auditor’s method of assessing whether or not the
facility was able to remedy each of the deficiencies and the
IMPORTANT
outcome of this verification process. The auditor’s final
report updates the interim report by documenting all
The final report must detail all
corrective action and how the auditor determined whether
corrective actions and the
methods used by the auditor to
or not those actions are sufficient to bring the facility into
verify implementation of the
full compliance with the Standards. If there are any
corrective actions, regardless of
corrective actions recommended by the auditor in the
when a corrective action occurred
interim report that the facility did not implement, the
in the audit process.
auditor must also identify these in the final report and,
when possible, explain why they were not implemented.
Importantly, all audits present unique issues, challenges, and strengths; thus, audit reports
should reflect these important differences. Although it is permissible for auditors to use some
template language to organize and structure the audit report, the auditor’s discussion of the
facility characteristics, audit methodology, barriers to completing the audit, evidence relied
upon, analysis process, and compliance determinations must be specific to the audited facility.
As stated above, for each PREA Standard, auditors must determine whether the facility Exceeds
Standard, Meets Standard, or Does Not Meet Standard, bearing in mind that if a facility is out of
compliance with any provision of a Standard, the facility is out of compliance with the entire
Standard. Drawing on all of this information, the final report provides the auditor’s
determination of whether or not the facility is in full compliance with all of the PREA Standards.
Auditors must submit their final report to the facility not more than 30 days following the final
day of the corrective action period. However, if all corrective action is addressed before the
interim report would be due to the facility, or no corrective action is required, the auditor has
45 days following the onsite visit to the facility to submit the final report to the audited facility.
The final audit report is the official, public record of the auditor’s findings. Auditors are not to
create other documentation of their audit findings (e.g., certificate of compliance). Such
documentation is not considered valid.
Final Report Formatting
Prior to submitting their final report to the audited facility/agency and to the PREA Resource
Center pursuant to the auditor reporting requirements in Chapter 11, auditors must ensure that
the final report is in a searchable PDF format. This means that the text in the PDF can be
searched using the Adobe Reader “search” functionality, 22 selected, and copied. By contrast,
scanned PDFs are those that are created by scanning hard copy documents to a PDF or other

22

See additional instructions here: helpx.adobe.com/acrobat/using/searching-pdfs.html.

68

file format that create a static image of the text that cannot be searched, selected, or copied.
Auditors are not permitted to submit audit reports that have been scanned.
Searchable PDFs are typically created using software such as Microsoft Word or Excel by saving
or printing the file as a PDF. 23 To accomplish this, auditors must use an electronic signature to
ensure that the entire final report, including the signature page, is delivered to the audited
facility/agency as a searchable PDF. 24
These formatting requirements are necessary to ensure that final audit reports posted to
agency websites pursuant to Standard 115.403(f) and submitted to DOJ as part of the annual
governor’s certification and assurance process are accessible to people with disabilities.
Note that audit reports generated in the Online Audit System meet the above formatting
requirements and do not require any additional actions by auditors prior to submitting the final
report to the audited facility/agency.
Why Objective, Thorough, High Quality Audit Reports Are Important
An auditor’s report constitutes the official record of the audit and its findings—and in the case
of the auditor’s final report, the official public record. While the confinement agency is the
auditor’s client, a PREA audit is intended to inform a wide array of stakeholders, including
inmates and their families; organizations that advocate on behalf of inmates; people employed
in confinement facilities, their families, and the unions that represent them; elected officials in
the jurisdiction where the facility is located; the general public; and DOJ. Through the audit
report, a PREA auditor is speaking to all of these audiences.
To be understandable and valuable, an auditor’s report must describe the facility and audit
process, findings about compliance with the PREA Standards, and the evidence upon which
each finding is based. It is important that the audit report clearly and thoroughly describes the
evidence relied upon to make all compliance determinations, such that a third party reading it
will understand how the auditor came to each conclusion. Auditors should also explain certain
frequently used terminology that may be unfamiliar to some readers (e.g., describe the
differences between “disciplinary segregation,” “administrative segregation,” and “protective
custody”).
The audit report is also the primary source of information for understanding and resolving any
issues or concerns that arise regarding the findings of a PREA audit. Therefore, auditors should
take care to ensure the audit findings are clearly and adequately supported and described in
the audit report.
Finally, it is in an auditor’s own best interests to produce strong audit reports. These documents
will become public and are a reflection of the auditor’s professional standards, skill, and
expertise, and impact the reputation of the auditor.

See additional instructions here: support.office.com/en-us/article/Save-or-convert-to-PDF-d85416c5-7d77-4fd6a216-6f4bf7c7c110.
24
See additional instructions here: helpx.adobe.com/acrobat/how-to/fill-and-sign-formsanywhere.html?set=acrobat--fundamentals--pdf-forms.
23

69

Review of Auditor Tools for Phase Four of the PREA Audit
•

Audit Report Template

Post-Audit
Even after issuance of an auditor’s final report, there are several PREA Standards that apply in
the post-audit stage. This chapter will primarily discuss auditors’ obligations for document
preservation and retention, followed by a brief discussion of the audit appeal process.
Documentation Retention
The PREA Standards require not only that documentation be reviewed and used to make
compliance determinations, but they require auditors to retain and preserve all audit
documentation and information relied upon to make the compliance determinations. Standard
115.401(j) states, “The auditor shall retain and preserve all documentation (including, e.g.,
video tapes and interview notes) relied upon in making audit determinations. Such
documentation shall be provided to the Department of Justice upon request.” An FAQ issued by
the DOJ PREA Working Group on March 24, 2014 states that all documentation must be
retained by the auditor for 15 months following the issuance of the final report. 25
The DOJ PREA Working Group released additional guidance on March 18, 2015, which provides
extensive detail on the scope of an auditor’s requirements under Standard 115.401(j). 26
Auditors are required to follow this official guidance in order to meet their obligations under
the Standard. Importantly, the guidance states that auditors are required to preserve and retain
“. . . both documentation relied upon in finding that a facility does not comply with a Standard,
as well as documentation relied upon in finding that a facility does meet or exceed a Standard.”
Thus, regardless of an auditor’s audit findings, he or she must be prepared to provide to DOJ,
upon request, all of the evidence relied upon to make the compliance determinations for up to
15 months following the issuance of the final report.
This requirement includes all audit documentation, whether stored in hardcopy, electronic, or
digital formats (e.g., video footage of the facility). Auditors must take notes to document the
audit process—including notes for all interviews, site review observations, and documentation
review—and auditor notes must be preserved and retained pursuant to the official DOJ
guidance referenced above. An auditor’s notes are critical for documenting the audit process
and the evidence relied upon to make compliance determinations; thus, an auditor’s notes
should be comprehensive, organized, and adequately convey the important points or key
takeaways from the interviews, observations of practice, or review of documentation. Auditors
are strongly encouraged to develop a good note-taking system and to maintain that system for
every audit. If, upon request by DOJ, auditors are unable to provide their notes for any
component of the audit (i.e., interviews, observations, documentation review), they run the risk

25
26

See the full FAQ here: www.prearesourcecenter.org/node/3220.
See the full FAQ here: www.prearesourcecenter.org/node/3221.

70

of being out of compliance with their obligations under Standard 115.401(j) and may be subject
to disciplinary action by the PREA Management Office that impacts their DOJ certification.
It is important to note that some types of documentation should be retained in their entirety,
namely logs or lists (e.g., logs of unannounced rounds, lists of all sexual abuse or sexual
harassment allegations), whereas for other forms of documentation, like inmate records or
personnel files, auditors need only preserve and retain the applicable documents in the file. For
example, medical and mental health files, investigative records, or personnel files may have
more information than is necessary to support a compliance finding, and auditors must only
retain those pages that contain information relevant to the requirements of the Standard(s) to
which the documents apply. For policy and procedures documents, auditors may preserve and
retain excerpts that are relevant to the Standard(s) they address.
Standard 115.401(j) also gives DOJ the authority to request audit documentation from auditors,
stating, “Such documentation shall be provided to the Department of Justice upon request.” If
requested by DOJ, an auditor’s documentation should be organized and complete so as to
provide a roadmap for DOJ to reconstruct an auditor’s compliance determinations for each
provision of every Standard. As previously described, this documentation must include all the
evidence relied upon to make a compliance determination, which includes an auditor’s notes.
Consistent with the guidance issued by the DOJ PREA Working Group, auditors who do not
comply with Standard 115.401(j) may be subject to disciplinary action by DOJ.
The Agency’s Right to Appeal
Standard 115.405 provides agencies with the option to appeal any findings of an audit that they
believe are incorrect. 27 The auditor who issued the findings under appeal has no role in the
appeal process other than to provide documentation of his or her work or answer questions
upon request by DOJ.

Section VI. Audit Oversight
The value and effectiveness of any PREA audit largely depends on the auditor’s skills and
thoroughness. This includes an auditor’s understanding of the Standards, mastery of the audit
methodology, and the ability to help agencies and facilities to change in ways that lead to
successful implementation of the PREA Standards. As the primary means by which a facility’s
compliance with the Standards is assessed by an objective third party, the PREA audit
represents an important catalyst for meaningful PREA Standards implementation and adoption
of zero tolerance cultures for sexual abuse and sexual harassment in confinement. In order to
accomplish these goals and uphold the integrity of the PREA audit process, the PREA
Management Office has instituted the PREA Audit Oversight function. The purpose of Audit
Oversight is to promote high quality, reliable, objective, and comprehensive audits that hold
agencies and facilities accountable for keeping individuals in their custody and care safe from
sexual abuse and sexual harassment.

27

See 28 C.F.R. § 115.405(a).

71

Audit Oversight begins with an assessment of auditors’ performance and conduct that guides
many of the interventions employed under the oversight umbrella. The audit assessment serves
as a diagnostic tool to tailor interventions and sanctions to the individual needs of and the
challenges identified with auditors’ work. The assessment is also informed by auditors’
performance in these interventions to form a continuous feedback loop of information that
allows the PREA Management Office to proactively provide support to auditors, and respond
with appropriate sanctions when necessary.
Based on the results of the audit assessment, there are four interventions that may be used by
the PREA Management Office to support auditors and critically review their work, including the
Quality Improvement Program managed by the PREA Resource Center, an auditor peer review
program, a disciplinary review of auditors who fail to meet the requirements of their auditor
certifications, and remediation. These interventions may impact an auditor’s DOJ certification.
A full description of these interventions and the audit assessment phase can be found in
Chapters 20–24 below.

Audit Assessment
Auditors are expected to comply with the PREA Standards that govern auditor conduct, as well
as the auditor requirements articulated in the PREA Auditor Candidate Training, this Handbook,
required auditor continuing education, and FAQs issued by the DOJ PREA Working Group. On a
regular basis, the PREA Management Office uses information collected from auditors through
audit reporting forms, audit reports, complaints submitted by third party sources, their
performance and engagement during oversight interventions (e.g., Quality Improvement
Program), and the requested audit documentation to evaluate an auditor’s performance and
identify targeted interventions and/or sanctions that are responsive to the needs of and/or
deficiencies identified with the auditor’s work. These interventions and sanctions may directly
impact an auditor’s DOJ certification.
The audit assessment phase of the audit oversight process is the starting point for all
interventions under the oversight umbrella and consists of a systematic, objective, and datadriven process for holding all auditors accountable for high standards of audit quality.
The chapters below provide additional information on how the audit assessment phase
connects with each intervention, the nature of these interventions, and their potential
outcomes.

Quality Improvement Program
The Quality Improvement Program is managed by the PREA Resource Center and is designed to
serve as a proactive support mechanism for auditors. The core objectives of the Quality
Improvement Program are to enhance auditors’ technical skills and knowledge of the Standards
through individualized technical assistance and guidance; develop targeted auditor training and
continuing education resources that are responsive to common challenges identified through
assistance to auditors; and identify and promote auditing best practices and lessons learned,
which the PREA Resource Center regularly shares on the Auditor Portal.

72

Quality Improvement Process
Because the goal of the Quality Improvement Program is to conduct proactive issue spotting
and outreach to auditors, auditors may be identified for assistance in one of two ways:
1) Auditors may be referred to the Quality Improvement Program by the PREA
Management Office in cases where the audit assessment process (see Chapter 20)
reveals minor deficiencies related to auditor conduct and/or practices.
2) During its standard review of Pre- and Post-Audit Reporting Forms and audit reports
submitted by auditors, the PREA Resource Center identifies issues such as minor errors
in reporting (e.g., inconsistencies in objective or factual data in an audit report),
inadequate information provided in audit reports (e.g., incomplete descriptions of the
evidence relied upon to make compliance determinations), or an improper audit
methodology that may be improved through outreach to the auditor.
Once an auditor is identified for participation in the Quality Improvement Program, the PREA
Resource Center develops a tailored strategy to address any identified issues. The PREA
Resource Center will then provide the auditor with a description of the Quality Improvement
Program, information regarding any issues or concerns identified with the auditor’s conduct
and/or auditing practices, and recommendations for improvement. The level and type of
assistance provided are determined on a case-by-case basis and are tailored to the needs of
each auditor receiving assistance, which may include one or more of the following:
•

One-on-one assistance (via telephone, video conference, or email) with PREA Resource
Center staff regarding particular issues or concerns

•

Submission of the auditor’s next audit report to the PREA Resource Center for review
and feedback prior to the submission of the report to the audited facility

•

Additional education or training requirements

•

Testing to confirm knowledge, understanding, or skills

Quality Improvement Program Outcomes
Resolution occurs when the auditor completes the action steps required by the PREA Resource
Center. The PREA Management Office may subsequently spot check the auditor’s future audit
reports and reporting form data in order to assess his or her level of improvement and
adherence to guidance provided during the Quality Improvement Program.
In cases where guidance is not being consistently integrated by an auditor, an auditor fails to
complete the requirements provided by the PREA Resource Center, and/or an auditor
demonstrates persistent or recurring problems, these issues will be factored into the PREA
Management Office’s audit assessment (see Chapter 20), and when taken together with other
identified issues with an auditor’s body of work, may lead to disciplinary review by the PREA
Management Office (see Chapter 23).

73

Peer Review
In peer review, an auditor’s professional peers evaluate the extent to which the auditor
complies with the requirements in the Standards and properly conforms to the principles and
methods of the PREA audit described in this Handbook. A team of two peer reviewers is
charged with conducting a rigorous examination of all the evidence and documentation relied
upon by an auditor to determine the extent to which he or she has made accurate compliance
findings. The primary goal of peer review is to enhance the reliability and integrity of PREA
audits, encourage high standards for audit quality, and promote accountability within the PREA
auditor community.
If the peer review findings indicate that an auditor’s compliance determinations, application of
the Standards, corrective action requirements, or other elements are significantly deficient,
peer review may lead to disciplinary review by the PREA Management Office. Disciplinary
review may also be a consequence for auditors who fail to comply with all of the peer review
requirements. The disciplinary review process may impact an auditor’s DOJ certification. If,
however, the peer review findings reveal limited deficiencies, the PREA Management Office
may require the auditor to complete certain remediation steps to address the identified
deficiencies. Additional information regarding peer review outcomes is detailed later in this
chapter.
Peer Review Process
The PREA Management Office oversees peer review and is responsible for making all final
decisions regarding the selection of both auditors for peer review and auditors to serve on peer
review teams, as well as the disposition of auditors following the completion of peer review.
The PREA Resource Center is responsible for managing and coordinating the peer review
process, with oversight by the PREA Management Office.
An auditor will be selected to undergo a peer review based on the result of the PREA
Management Office’s standardized audit assessment process (see Chapter 20). Once selected,
peer reviewers are asked to assess an audit to determine whether:
1. The auditor collected and retained sufficient documentation.
2. The audit documentation and other relevant evidence support the auditor’s compliance
findings.
3. The audit report conforms to the requirements articulated in the PREA Auditor
Candidate Training, this Handbook, required auditor continuing education, and FAQs
issued by the DOJ PREA Working Group.
4. The audit report complies with the PREA Standards that govern auditors, including:
a. “Each audit shall include a certification by the auditor that no conflict of interest
exists with respect to his or her ability to conduct an audit of the agency under
review.” (28 C.F.R. § 115.403(a))
b. “Audit reports shall state whether agency-wide policies and procedures comply
with relevant PREA standards.” (28 C.F.R. § 115.403(b))
74

c. “For each PREA standard, the auditor shall determine whether the audited
facility reaches one of the following findings: Exceeds Standard (substantially
exceeds requirements of standard); Meets Standard (substantial compliance;
complies in all material ways with the standard for the relevant review period);
Does Not Meet Standard (requires corrective action). The audit summary shall
indicate, among other things, the number of provisions the facility has achieved
at each grade level.” (28 C.F.R. § 115.403(c))
d. “Audit reports shall describe the methodology, sampling sizes, and basis for the
auditor’s conclusions with regard to each standard provision for each audited
facility, and shall include recommendations for any required corrective action.”
(28 C.F.R. § 115.403(d))
5. The audit report exhibits excellent performance or auditing best practices.
At the conclusion of the peer review assessment, peer reviewers are asked to provide the PREA
Management Office with a summary report of their findings, including information on the
criteria used to evaluate the auditor’s compliance determinations and a description of any
significant variation between peer reviewers’ scores. A copy of the summary peer review report
will also be made available to the reviewed auditor.
Peer Review Outcomes
Determining outcomes and next steps for auditors who undergo a peer review is the sole
responsibility of the PREA Management Office. Peer reviewers have no role in recommending
next steps for auditors who undergo peer review.
As stated above, if the peer review findings indicate that an auditor’s compliance
determinations, application of the Standards, corrective action requirements, or other
elements are significantly deficient, peer review may lead to a disciplinary review by the PREA
Management Office. Disciplinary review may also be a consequence for auditors who fail to
comply with all of the peer review requirements (refer to Chapter 23) and may impact an
auditor’s DOJ certification. If, however, the peer review findings reveal only limited deficiencies,
the PREA Management Office may require the auditor to complete certain remediation steps to
address the identified deficiencies (refer to Chapter 24).

Disciplinary Review
The PREA Management Office places auditors under disciplinary review when there are
significant or pervasive concerns regarding an auditor’s compliance with the following:
•
•
•
•
•
•
•
•

The PREA Auditor Code of Conduct
The PREA Auditor Certification Agreement
PREA Standards governing auditor conduct
FAQs issued by the DOJ PREA Working Group
The PREA Auditor Handbook
PREA auditor requirements articulated in the PREA Auditor Candidate Training
Required PREA auditor continuing education
PREA auditor reporting requirements
75

•
•

Peer review requirements
Remediation steps required by the PREA Management Office

Disciplinary review is also used in cases where the PREA Management Office has obtained
information regarding auditor misconduct or an auditor has demonstrated serious
misapplication or misinterpretation of one or more PREA Standards.
In some cases, the PREA Management Office may determine that remediation steps are more
appropriate than requiring the auditor to proceed through the full disciplinary review process,
and there are actions that the auditor can take to successfully address the concerns and issues
that were identified in the PREA Management Office’s audit assessment (see Chapter 20). In
other cases, the PREA Management Office may determine that a disciplinary review is
warranted without engaging in remediation steps. The disciplinary review process may impact
an auditor’s DOJ certification.
Disciplinary Review Process
Auditors placed on disciplinary review by the PREA Management Office will receive written
notice from the PREA Management Office that includes a description of the identified concerns
and issues related to the auditor’s work, any allegations of auditor misconduct, and detailed
instructions for proceeding through the disciplinary review process.
Auditors under disciplinary review will generally be instructed to:
•
•
•

Provide a written response to the issues and concerns detailed in the Notice of
Disciplinary Review issued by the PREA Management Office (including all relevant
supporting documentation)
Submit the underlying audit documentation for one or more audits conducted by the
auditor
Provide a list of all upcoming audits

Depending on the nature of the deficiencies identified with an auditor’s practices and/or
conduct, the PREA Management Office may also recommend that an auditor under disciplinary
review voluntarily suspend his or her auditing activity for the duration of the disciplinary review
period.
If the PREA Management Office receives information indicating that an auditor has engaged in
criminal conduct, malfeasance, gross negligence, fraud, conflict of interest, or other unlawful
behavior that bears on an auditor’s credibility or integrity, the PREA Management Office will
determine next steps on a case-by-case basis, depending on the circumstances and the nature
of the allegation. Where warranted, the PREA Management Office will refer the case to the
appropriate local, state, or federal agency for investigation and disposition. Depending on the
severity of the allegation, the PREA Management Office may require the auditor to suspend all
auditing activity pending the outcome of the investigation. Certain confirmed cases of serious
auditor misconduct may result in immediate decertification. Refer to Chapter 28 for more
information on disciplinary action by the PREA Management Office.

76

Disciplinary Review Outcomes
The outcome of the disciplinary review process will vary depending on the nature and scope of
the issues identified.
•

Case Resolution. In cases where an auditor complies with all the requirements imposed
by the PREA Management Office and is able to adequately address and remedy all the
identified issues, his or her case will be considered resolved. However, the PREA
Management Office may require additional remediation steps and/or continue to
monitor the auditor’s work to ensure that he or she continues to meet the auditor
obligations outlined in the PREA Standards and the Auditor Handbook. Refer to Chapter
24 for more information on remediation.

•

Disciplinary Action. Where auditors fail to adequately address the issues raised by the
PREA Management Office or where there is sufficient evidence of serious auditor
misconduct or failure to meet auditor certification requirements, the PREA
Management Office may impose disciplinary action, up to and including suspension or
decertification. Additional information regarding decertification and suspension can be
found in Chapter 28.

Remediation
The objective of remediation is to provide an alternative to disciplinary review and/or
disciplinary action (i.e., suspension, decertification) in cases where auditors may have
demonstrated some deficiencies in their audit conduct and/or performance but do not meet
the threshold for disciplinary action. Depending on the nature and scope of the identified
deficiencies, the PREA Management Office may impose one or more conditions on an auditor,
including, but not limited to, requiring the auditor to:
•

Provide an up-to-date and comprehensive list of all ongoing and scheduled audits

•

Participate in continuing education courses, practical skill-building exercises or training
opportunities, and/or other means of improving technical competence, skills, and
knowledge as directed by the PREA Management Office

•

Complete testing to confirm knowledge, understanding, or skills

•

Engage with the PREA Resource Center in ongoing support and technical assistance

•

Provide all the audit documentation used to make the compliance determinations for an
audit to the PREA Management Office

•

Submit a draft audit report for a forthcoming audit to the PREA Management Office
prior to submitting it to the audited facility

•

Undergo continued monitoring by the PREA Management Office to assess compliance
with the auditor obligations outlined in the PREA Standards and the Auditor Handbook

The auditor may be required to notify agencies and facilities he or she audited of the
remediation steps imposed by the PREA Management Office. The PREA Management Office, at
its discretion, may also communicate with the audited agency’s or facility’s leadership to ensure
77

that the required steps have been taken by the auditor so that they are fully aware of any
implications the remediation steps may have on the audit (e.g., extended time necessary to
receive an audit report).
The PREA Management Office will closely monitor auditors to verify compliance with the
requirements imposed under remediation. Auditors who fail to comply with the remediation
steps may be subject to disciplinary action by the PREA Management Office.

Impact of Audit Oversight
The Audit Oversight interventions employed by the PREA Management Office and the PREA
Resource Center (refer to Chapters 20–24) are not designed to challenge or overturn the
findings of auditors. Rather, the purpose of Audit Oversight is to evaluate auditor performance,
provide meaningful support and technical assistance to auditors to improve their auditing
practices, and, where necessary, impose disciplinary action on auditors who fail to fulfill the
requirements of their PREA auditor certifications granted by DOJ. In such instances, Audit
Oversight may impact an auditor’s DOJ certification.
By nature of the Audit Oversight process, however, the PREA Management Office may identify
auditing deficiencies such as serious misapplication or misinterpretation of one or more
Standards, auditor misconduct, conflicts of interest, infidelity to the PREA audit methodology,
and failure to meet the obligations for auditor conduct in the PREA Standards, among others,
that cast significant doubt on the accuracy of an auditor’s findings. Thus, while an auditor’s
compliance findings are considered final and will not be impacted as a result of the PREA
Management Office’s Audit Oversight, there are other potential implications that should be
considered by auditors. These considerations are detailed below.
Impact on the Governors’ Annual Certification Determination
DOJ reviews all certifications of full compliance submitted by states, territories, and the District
of Columbia, and seriously considers any issues related to auditor conduct and their
implications on the veracity of an auditor’s compliance findings. If DOJ identifies information as
part of this review that raises questions about or contradicts a governor’s certification
submission, DOJ will be in contact with that state or territory for additional information. By way
of example, if an agency has received findings of full compliance for all of its facilities but DOJ is
aware of an agency-wide policy that is out of compliance with the PREA Standards, this
incongruity will be brought to the governor’s attention and should be considered when
determining whether to submit a certification or assurance to DOJ.
The DOJ PREA Working Group issued formal guidance in February 2013 28 indicating that audits
represent just one piece of information a governor can use to determine compliance with the
Standards. Neither the PREA statute nor the Standards restrict the sources of information that
governors may use in deciding whether to certify full compliance with the Standards. Thus, if a
state has passing PREA audits but the governor is in possession of information that contradicts

28

See the full FAQ here: www.prearesourcecenter.org/node/3277.

78

full compliance in those facilities, that information may impact the governor’s ability to certify
full compliance with the PREA Standards.
Additionally, where there is a PREA audit finding that is incongruent with an agency’s or
facility’s compliance, either in policy or practice, the auditor should be prepared to answer
questions from the audited agencies and facilities regarding his or her evaluation of compliance
for the Standard(s) in question.
Impact on the Safety and Wellbeing of Inmates
Beyond the ramifications that incongruent audit findings can have on a governor’s certification
determination, auditors’ compliance determinations have real implications for the safety and
wellbeing of inmates who are most vulnerable to sexual abuse and sexual harassment. It is
DOJ’s expectation and an auditor’s responsibility to rigorously evaluate a facility’s or agency’s
compliance with each provision of every Standard. And where areas of noncompliance are
identified, it is the auditor’s responsibility to work collaboratively with the facility on a
corrective plan that will put the facility on a path toward full compliance.

Section VII.

Maintaining, Losing, or Giving up Certification

Voluntary Surrender of Certification
Auditors may voluntarily surrender their certifications. To do so, auditors should notify the
PREA Management Office via email at PREACompliance@usdoj.gov. This notification should
include the auditor’s name and contact information, including a current email address.
An auditor’s voluntary surrender of his or her certification will take effect on the date the
notification is received by the PREA Management Office from the auditor. The auditor’s name
will then be removed from the list of certified auditors on the PREA Resource Center website.
Auditors are not permitted to voluntarily surrender their certifications if they are currently
under contract to conduct one or more PREA audits. In limited circumstances, however, the
PREA Management Office may allow an auditor to voluntarily surrender his or her certification
while under contract for a PREA audit. In such cases, the auditor must adhere to the following
guidelines for audit contracts following voluntary surrender of certification.
•

If an auditor has any contractual obligations to conduct audits for which the onsite
portion is scheduled on or after the effective date of voluntary surrender of
certification, the auditor must immediately notify the appropriate officials in the facility
or agency of his or her voluntary surrender of certification to discuss the contract’s
termination, as appropriate.

•

If an auditor has any in-progress audits for which he or she has completed the onsite
portion, the auditor must immediately notify the appropriate officials in the facility or
agency of his or her voluntary surrender of certification and ask those officials for
instruction regarding completion of the contracted tasks.

•

If the officials from the agency or facility expect the auditor to complete the post-onsite
audit work, the auditor will be temporarily authorized to complete the audit through
79

the final report. In such instances, auditors must report all in-progress audits to the
PREA Management Office at PREACompliance@usdoj.gov and provide the date when
those audits are expected to conclude (i.e., the final report has been submitted to the
audited facility).
Unless otherwise specified by the PREA Management Office, auditors who voluntarily surrender
their certifications are permitted to apply again to become certified as PREA auditors, but they
must go through the regular application and training process. During the application review
process, an individual’s past auditing performance and conduct will be considered in evaluating
his or her suitability to become certified and to conduct PREA audits.

Auditor Recertification
To become recertified as a PREA auditor, all PREA auditors must successfully complete all the
recertification requirements (described below) prior to the expiration of their current 3-year
certification.
The six recertification requirements are:
1. Submission of a complete recertification application
2. Fulfillment of all audit reporting requirements
3. Fulfillment of all auditor continuing education requirements
4. Achieving a passing score on the online recertification exam
5. Signing and submitting the Auditor Certification Agreement
6. Completion of a criminal records background check
If recertified, auditor certification will be valid for 3 years following the auditor’s recertification
date.
Recertification Requirements
Information regarding each of the six recertification requirements appears below.
Recertification Application
Auditors must submit a complete application for recertification by the specified deadline. The
application is available as an online form located on the Auditor Portal.
Auditor Reporting Requirements
Auditors must fulfill the following reporting requirements:
•

Complete and submit all applicable Annual Audit Reporting Forms.

•

Complete and submit Pre-Audit Reporting Forms for all audits (including completed
audits, audits in progress, and scheduled audits) for which an auditor served or will
serve as lead auditor.

•

Complete and submit Post-Audit Reporting Forms for all audits for which an auditor
served as lead auditor. Auditors are only required to submit Post-Audit Reporting Forms
for audits that were completed at least 6 months prior to their recertification
80

application deadline. For example, an auditor whose certification was set to expire in
December 2016, who applied for recertification by the October 3, 2016 deadline, must
have submitted the Post-Audit Reporting Form for all audits he or she completed as lead
auditor on or before March 31, 2016. This cutoff date will be made clear for each
auditor recertification cohort.
•

For auditors who were certified before September 2014 only, they must complete and
submit the Cumulative Audit Reporting Form. This form captures all audit activity as the
lead or responsible auditor that occurred between August 20, 2013 and September 30,
2014. If an auditor did not conduct any audits during this time, or if he or she only
participated in an audit in a role other than as the lead auditor, the auditor must
indicate this by typing a “0” in the appropriate space on the form.

Auditors who have kept up to date with their reporting requirements do not need to submit
duplicate forms. Questions regarding the status of their reporting requirements may be sent to
the PREA Resource Center by submitting an Auditor Helpdesk Form available on the Auditor
Portal.
Continuing Education Requirements
Auditors must complete all mandatory webinars and coursework assigned by the PREA
Resource Center. Auditors with questions about their continuing education requirements
should refer to their Auditor Welcome Packets or contact the PREA Resource Center by
submitting an Auditor Helpdesk Form available on the Auditor Portal.
All archived webinars and coursework are available on the Auditor Portal. Auditors who want to
see if they have completed all the mandatory courses should log into the Auditor Portal and
navigate to their learner transcripts. Any incomplete webinars and coursework will be included
in the course list in “My Courses” or can be found in the “Catalog.”
It is important to note that the continuing education requirements may vary slightly for each
auditor recertification cohort. Auditors will be made aware of all required coursework in
advance of their recertification application deadlines.
Recertification Exam
Auditors must complete the auditor recertification exam with a score of 85 percent or higher.
The topics covered on the exam include the following:
•

The PREA Standards

•

Mandatory auditor continuing education webinars and coursework

•

Requirements announced via auditor newsletters (e.g., auditor continuing education
requirements, clarification regarding audit documentation and retention), which are
archived on the Auditor Portal

•

FAQs issued by the DOJ PREA Working Group

Auditor Certification Agreement
Auditors must read, sign (or resign), and submit the Auditor Certification Agreement.
81

Criminal Background Check
Auditors are required to pass a criminal background records check. Specific details on how to
begin this process will be included in the recertification application instructions.
Failure to Meet Recertification Requirements
Failure to complete all the recertification requirements by the specified deadline will result in
denial of auditor recertification. Once the expiration of an auditor’s certification takes effect,
the auditor will no longer be authorized to conduct PREA audits, and the auditor’s name will be
removed from the list of certified PREA auditors on the PREA Resource Center website.
Within 30 days of the date of Notice of Denial of Recertification from the PREA Management
Office (unless the PREA Management Office specifies a different due date), auditors have the
option to appeal the PREA Management Office’s determination. Written appeal must be made
to the PREA Management Office by email at PREACompliance@usdoj.gov and must:
•
•

Consist entirely of directly relevant written materials
Include all necessary explanations, information, or other materials in response to the
allegations described in the Notice of Denial of Recertification

Any false statements made in support of an appeal may be subject to criminal prosecution,
including under 18 U.S.C. § 1001, and are subject to review by the Office of Justice Programs
Office of the General Counsel and the DOJ Office of the Inspector General.
The PREA Management Office may amend the Notice of Denial of Recertification at any time
prior to its final disposition. If such amendment includes any new material allegations of fact,
the auditor will have the opportunity to appeal the new allegations in the amended Notice of
Denial of Recertification. An auditor’s appeal of the new allegations in the amended Notice of
Denial of Recertification must be written and provided to the PREA Management Office in
accordance with the procedures outlined above no later than 30 days after the PREA
Management Office provides the PREA auditor with the amended Notice, unless the PREA
Management Office establishes a different due date.
If no appeal is received by the PREA Management Office within 30 days after the date of the
Notice of Denial of Recertification (without reasonable justification or excuse) such:
1. Constitutes a waiver of the right to contest the allegations in the Notice of Denial of
Recertification, and
2. Will result in the denial of recertification of the PREA auditor without further notice to
the PREA auditor, and
3. The denial of recertification will be considered to be final as of the date indicated in the
Notice of Denial of Recertification.

82

If an appeal is received by the PREA Management Office within 30 days after the date of the
Notice of Denial of Recertification, it will be carefully considered by the PREA Management
Office. The PREA Management Office will make its determination and provide written notice of
its decision to:
•
•

Confirm the denial of recertification (including the reasons therefor), or
Rescind the denial of recertification, which may include mandatory remediation
steps or other requirements

Denial of recertification will remain in effect while the appeal is under consideration.
Auditors not Seeking Recertification
Auditors may elect not to seek recertification and voluntarily let their certifications expire.
There is an option to indicate this on the application form. When an auditor selects this option,
his or her voluntary surrender of certification will be effective on his or her certification
expiration date. Once the voluntary expiration of certification takes effect, an auditor’s name
will be removed from the list of certified PREA auditors on the PREA Resource Center website.
Auditor Guidance Following Expiration of Certification
If an auditor has any contractual obligations to conduct audits for which the onsite portion is
scheduled on or after his or her certification expiration date, the auditor must immediately
notify the appropriate officials in the facility or agency of the pending expiration of his or her
certification to discuss contract termination, as appropriate. If an auditor has any in-progress
audits for which he or she has completed the onsite portion, the auditor must immediately
notify the appropriate officials in the facility or agency of the pending expiration of his or her
certification and ask those officials for instruction regarding completion of the contracted tasks.
If the officials from the agency or facility expect the auditor to complete the post-onsite audit
work, the auditor will remain authorized through his or her certification expiration date to
complete the audit through the final report. If an auditor has an in-progress audit and believes
he or she will not be able to complete the final report by the auditor’s certification expiration
date, the auditor must contact the PREA Management Office at PREACompliance@usdoj.gov to
request authorization to conduct the post-onsite audit work beyond the certification expiration
date.
Unless otherwise specified by the PREA Management Office, auditors who elect not to seek
recertification and auditors who are denied recertification are permitted to apply again to
become certified as PREA auditors, but they must go through the regular application and
training process. During the application review process, the circumstances of an auditor’s denial
of recertification and his or her past auditing performance and conduct will be considered in
evaluating his or her suitability to become certified and to conduct PREA audits.
Questions about Recertification
For questions about auditor-specific recertification application requirements, auditors may
contact the PREA Resource Center before the application deadline. If given sufficient notice,
PREA Resource Center staff will assist auditors with identifying any missing requirements.

83

Auditor Suspension and Decertification
Decertification or suspension may be a consequence for an auditor if the PREA Management
Office determines through a preponderance of evidence that the auditor has demonstrated a
significant or consistent failure to comply with the following:
•
•
•
•
•
•
•
•
•
•

The PREA Auditor Code of Conduct
The PREA Auditor Certification Agreement
PREA Standards governing auditor conduct
FAQs issued by the DOJ PREA Working Group
The PREA Auditor Handbook
PREA auditor requirements articulated in the PREA Auditor Candidate Training
Required PREA auditor continuing education
PREA auditor reporting requirements
Peer review requirements
Remediation steps required by the PREA Management Office

Decertification or suspension may also be a consequence in cases where an auditor engages in
misconduct (including, but not limited to negligence, criminal conduct, malfeasance, gross
fraud, and conflict of interest) or demonstrates serious misapplication or misinterpretation of
one or more PREA Standards.
An auditor who is decertified or suspended will receive notice of the decision from the PREA
Management Office. This notice will contain important information regarding the grounds for
decertification or suspension, a description of the evidence upon which the allegations are
based, a description of the appeal process, and the effective date of the decertification or
suspension. The process for suspension and decertification is described below.
Process for Suspension of Certification
The duration of a suspension will be determined by the PREA Management Office and may be
extended for cause. During the period of suspension, auditors may not conduct any audits or
audit-related activity. Within 30 days of the date of Notice of Suspension (unless the PREA
Management Office specifies a different due date), auditors have the option to appeal the PREA
Management Office’s determination. A written appeal must be made to the PREA Management
Office by email at PREACompliance@usdoj.gov. An auditor’s appeal must:
•
•

Consist entirely of directly relevant written materials
Include all necessary explanations, information, or other materials in response to the
allegations described in the Notice of Suspension

Any false statements made in support of an appeal may be subject to criminal prosecution,
including under 18 U.S.C. § 1001, and are subject to review by the Office of Justice Programs
Office of the General Counsel and the DOJ Office of the Inspector General.
The PREA Management Office may amend the Notice of Suspension at any time prior to its final
disposition. If such an amendment includes any new material allegations of fact, the auditor will
have the opportunity to appeal the new allegations. An auditor’s appeal of the new allegations
in the amended Notice of Suspension must be written and provided to the PREA Management
84

Office in accordance with the procedures outlined above no later than 30 days after the PREA
Management Office provides the PREA auditor with the amended Notice, unless the PREA
Management Office establishes a different due date.
If no appeal is received by the PREA Management Office within 30 days after the date of the
Notice of Suspension (without reasonable justification or excuse) such:
1. Constitutes a waiver of the right to contest the allegations in the Notice of Suspension,
and
2. Will result in the decertification of the PREA auditor without further notice to the PREA
auditor, and
3. The decertification will be considered to be final as of the date indicated in the Notice of
Decertification.
If an appeal is received by the PREA Management Office within 30 days after the date of the
Notice of Suspension, it will be carefully considered by the PREA Management Office. The PREA
Management Office will make its determination and provide written notice of its decision to:
•
•
•

Convert the suspension to a decertification,
Rescind the suspension, or
Take other appropriate action such as remediation or maintaining the suspension

The suspension will remain in effect while the appeal is under consideration.
Process for Decertification
Within 30 days of the date of Notice of Decertification from the PREA Management Office
(unless the PREA Management Office specifies a different due date), auditors have the option
to appeal the PREA Management Office’s determination. Written appeal must be made to the
PREA Management Office by email at PREACompliance@usdoj.gov and must:
•
•

Consist entirely of directly relevant written materials
Include all necessary explanations, information, or other materials in response to the
allegations described in the Notice of Decertification

Any false statements made in support of an appeal may be subject to criminal prosecution,
including under 18 U.S.C. § 1001, and are subject to review by the Office of Justice Programs
Office of the General Counsel and the DOJ Office of the Inspector General.
The PREA Management Office may amend the Notice of Decertification at any time prior to its
final disposition. If such an amendment includes any new material allegations of fact, the
auditor will have the opportunity to appeal the new allegations. An auditor’s appeal of the new
allegations in the amended Notice of Decertification must be written and provided to the PREA
Management Office in accordance with the procedures outlined above no later than 30 days
after the PREA Management Office provides the PREA auditor with the amended Notice, unless
the PREA Management Office establishes a different due date.

85

If no appeal is received by the PREA Management Office within 30 days after the date of the
Notice of Decertification (without reasonable justification or excuse) such:
1. Constitutes a waiver of the right to contest the allegations in the Notice of
Decertification, and
2. Will result in the decertification of the PREA auditor without further notice to the PREA
auditor, and
3. The decertification will be considered to be final as of the date indicated in the Notice of
Decertification.
If an appeal is received by the PREA Management Office within 30 days after the date of the
Notice of Decertification, it will be carefully considered by the PREA Management Office. The
PREA Management Office will make its determination and provide written notice of its decision
to:
•
•

Confirm the decertification (including the reasons therefor), or
Rescind the decertification, which may include mandatory remediation steps or other
requirements

The decertification will remain in effect while the appeal is under consideration.
If decertified, the auditor will no longer be authorized to conduct PREA audits, and the auditor’s
name will be removed from the list of certified PREA auditors on the PREA Resource Center
website. Unless otherwise specified by the PREA Management Office, auditors who are
decertified are permitted to apply again to become certified as PREA auditors, but they must go
through the regular application and training process. During the application review process, the
circumstances of decertification and the auditor’s past auditing performance and conduct will
be considered in evaluating his or her suitability to become certified and to conduct PREA
audits.
Audit Contract Guidance Following Decertification
If an auditor has any contractual obligations to conduct audits for which the onsite portion is
scheduled on or after the effective date of decertification, the auditor must immediately notify
the appropriate officials in the facility or agency of his or her decertification to discuss the
contract’s termination, as appropriate. If an auditor has any in-progress audits for which he or
she has completed the onsite portion, the auditor must immediately notify the appropriate
officials in the facility or agency of his or her decertification and ask those officials for
instruction regarding completion of the contracted tasks. Auditors must report all in-progress
audits to the PREA Management Office at PREACompliance@usdoj.gov and provide the date
when those audits are expected to conclude (i.e., the final report has been submitted to the
audited facility). If the officials from the agency or facility expect the auditor to complete postonsite audit work, the auditor must request authorization from the PREA Management Office
to complete the audit through the final report.

86

Section VIII.

Auditor Resources

Training, Education, and Assistance for Auditors
Auditor Newsletter and E-Blasts
The PREA Resource Center publishes a periodic Auditor Newsletter that provides useful
information on auditing, new PREA developments, and related topics. The Auditor Newsletter is
sent to all auditors via email only and can be accessed at any time in the Resources section of
the Auditor Portal. The PREA Resource Center also issues occasional e-blasts to convey
important and often time-sensitive information to auditors. Auditors are responsible for
information conveyed in the Auditor Newsletter and e-blasts and should provide the PREA
Resource Center with their current email addresses to ensure that they are able to receive
these important communications.
Auditor Continuing Education and Resource Portal
The Auditor Continuing Education and Resource Portal (see training.prearesourcecenter.org) is
a one-stop shop for auditors to access important auditing resources and tools, read past
Auditor Newsletters and e-blasts issued by the PREA Resource Center, submit required auditor
reporting forms, and manage their continuing education courses.
The PREA Resource Center Website
The PREA Resource Center website (see
www.prearesourcecenter.org/www.prearesourcecenter.org/) is a central repository for all
things related to PREA and PREA audits. The site hosts training curricula and archived webinars;
a database of FAQs issued by the DOJ PREA Working Group; a virtual library, including legal
resources; PREA-related news and other timely information; a list of DOJ-certified PREA
auditors; information on the PREA audit process, auditor trainings, PREA implementation
trainings; an Auditor Feedback Form; and much more. The website also includes a Contact Us
page where auditors and others can submit inquiries about PREA, the audit process, training for
auditors, and any other issues of concern.
Helplines
For answers to non-urgent questions about PREA, the audit process, or related issues while
preparing for an upcoming audit or following the onsite portion of an audit, contact the NonUrgent Helpline by calling 800–279–7732 and press 1 when prompted, or submit an Auditor
Helpdesk Form available on the Auditor Portal. The PREA Resource Center typically responds
within 3 business days.
For answers to more urgent issues while working onsite at a facility, contact the Urgent
Helpline by calling 800–279 –7732 and press 2 when prompted, or submit an Auditor Helpdesk
Form available on the Auditor Portal. The PREA Resource Center makes every effort to respond
within 24 hours during the work week.
Contacting the PREA Management Office
Auditors may contact the PREA Management Office by email at PREACompliance@usdoj.gov.

87

Auditor Certification Agreement

In order to obtain (or maintain) your certification from the Department of Justice (DOJ) to
conduct PREA audits, you must read and sign this agreement by the specified deadline. These
conditions of your certification are designed to ensure that auditors conduct PREA audits
according to the requirements set forth by DOJ, and by signing this agreement, the signatory
acknowledges that failure to comply with any provisions in this agreement could lead to
disciplinary action by the PREA Management Office within DOJ’s Bureau of Justice Assistance,
up to and including suspension or decertification.
I.

General Responsibilities
a. I have read and understand the PREA Standards.
b. I have read, understand, and agree that I will conduct PREA audits in accordance
with those PREA Standards that apply to auditors, including, but not limited to, the
requirements stated in Standards 115.401-404.
c. I have read, understand, and agree that I will conduct PREA audits according to the
methodology provided in the PREA Auditor Handbook, the PREA Auditor Candidate
Training, FAQs issued by the DOJ PREA Working Group, and any other continuing
education and guidance provided by the PREA Management Office and the PREA
Resource Center in writing, in continuing auditor education, or through other
means.

II.

Contracting for a PREA Audit
a. I have read, understand, and agree to abide by the requirements in the PREA
Auditor Handbook regarding auditing arrangements.
b. I have read, understand, and agree to abide by the requirements in the PREA
Auditor Handbook regarding audit contracts and compensation.
c. I have read, understand, and agree to abide by all restrictions placed on my ability to
solicit or accept gifts as described in the PREA Auditor Handbook.

III.

Auditor Code of Conduct
a. I have read, understand, and agree to abide by the Auditor Code of Conduct
described in the PREA Auditor Handbook.

IV.

Conflicts of Interest
a. I have read, understand, and agree to abide by all restrictions placed on my ability to
conduct audits that raise a conflict of interest, or the appearance of a conflict of
interest, as described in the PREA Auditor Handbook and PREA Standard 115.402.

88

Auditor Certification Agreement
V.

Auditor Certification Requirements
a. I have read, understand, and agree to abide by all of the requirements in the PREA
Auditor Handbook regarding probationary certification status (effective beginning
with the March 2015 PREA Auditor Candidate Training).
b. I have read, understand, and agree to abide by all of the auditor reporting
requirements in the PREA Auditor Handbook.
c. I have read, understand, and agree to abide by all of the auditor continuing
education requirements in the PREA Auditor Handbook.
d. I have read, understand, and agree to abide by the requirements in the PREA
Auditor Handbook regarding voluntary surrender of my PREA auditor certification
from DOJ.
e. I have read, understand, and agree to abide by the requirements in the PREA
Auditor Handbook regarding auditor recertification should I choose to become
recertified as a PREA auditor.
f. I agree to inform the PREA Management Office immediately of any actions that
constitute grounds for disciplinary review or disciplinary action as described in the
PREA Auditor Handbook, including: if I am arrested or convicted on criminal charges;
found liable for fraud or other unlawful behavior that may bear on my honesty or
credibility; found culpable of, plead guilty to, or plead no contest to any misconduct,
sexual abuse, or sexual harassment, or related conduct through any criminal, civil, or
administrative investigation or legal proceeding; and/or if I am released from or
voluntarily leave employment or contract while under criminal, civil, or
administrative investigation for any misconduct, sexual abuse, sexual harassment, or
related conduct.
g. I agree to report any knowledge or information pertaining to possible auditor
misconduct (including, but not limited to negligence, criminal conduct, malfeasance,
gross fraud and conflict of interest), concerns regarding an auditor’s compliance
with DOJ’s certification requirements, or other actions that constitute grounds for
disciplinary review or disciplinary action as described in the PREA Auditor Handbook.
I understand that reports may be submitted via the Auditor Feedback Form on the
PREA Resource Center website.

VI.

PREA Audit Methodology
a. I have read, understand, and agree that I will conduct audits according to the PREA
Audit Methodology described in the PREA Auditor Handbook.

89

Auditor Certification Agreement
VII.

Audit Oversight
a. I have read, understand, and agree to abide by the requirements in the PREA
Auditor Handbook regarding the Quality Improvement program, if selected for
participation.
b. I have read, understand, and agree to abide by the requirements in the PREA
Auditor Handbook regarding Peer Review, if selected for participation.
c. I have read, understand, and agree, if directed by the PREA Management Office, to
abide by the requirements in the PREA Auditor Handbook regarding Disciplinary
Review.
d. I have read, understand, and agree, if directed by the PREA Management Office, to
abide by the requirements in the PREA Auditor Handbook regarding Remediation.
e. I have read and understand the auditor suspension and decertification processes
described in the PREA Auditor Handbook, and I understand that I may be subject to
disciplinary action by the PREA Management Office, up to and including
decertification.
f. In the event of my suspension or decertification, I agree to abide by all relevant
instructions from the PREA Management Office including, but not limited to,
cancellation of planned audit activity.

Print Name

Signature

Date

90

 

 

The Habeas Citebook: Prosecutorial Misconduct Side
Advertise Here 2nd Ad
Disciplinary Self-Help Litigation Manual Side