- (a) Within three years of February 22, 2016, each care provider facility that houses UCs will be audited at least once; and during each three-year period thereafter.
- (b) ORR may expedite an audit if it believes that a particular care provider facility may be experiencing problems related to sexual abuse or sexual harassment.
- (c) ORR must develop and issue an instrument that is coordinated with the HHS Office of the Inspector General that will provide guidance on the conduct and contents of the audit.
- (d) The auditor must review all relevant ORR-wide policies, procedures, reports, internal and external audits, and licensing requirements for each care provider facility type.
- (e) The audits must review, at a minimum, a sampling of relevant documents and other records and other information for the most recent one-year period.
- (f) The auditor must have access to, and must observe, all areas of the audited care provider facilities.
- (g) ORR and the care provider facility must provide the auditor with the relevant documentation to complete a thorough audit of the care provider facility.
- (h) The auditor must retain and preserve all documentation (including, e.g., videotapes and interview notes) relied upon in making audit determinations. Such documentation must be provided to ORR upon request.
- (i) The auditor must interview a representative sample of UCs and staff, and the care provider facility must make space available suitable for such interviews.
- (j) The auditor must review a sampling of any available video footage and other electronically available data that may be relevant to the provisions being audited.
- (k) The auditor must be permitted to conduct private interviews with UCs.
- (l) UCs must be permitted to send confidential information or correspondence to the auditor.
- (m) Auditors must attempt to solicit input from community-based or victim advocates who may have insight into relevant conditions in the care provider facility.
- (n) All sensitive and confidential information provided to auditors will include appropriate designations and limitations on further dissemination. Auditors must follow appropriate procedures for handling and safeguarding such information.
- (o) Care provider facilities bear the affirmative burden on demonstrating compliance with the standards to the auditor.