(a) Within three years of February 22, 2016, each care provider facility that houses UCs will be audited at least once; and during each three-year period thereafter.

(b) ORR may expedite an audit if it believes that a particular care provider facility may be experiencing problems related to sexual abuse or sexual harassment.

(c) ORR must develop and issue an instrument that is coordinated with the HHS Office of the Inspector General that will provide guidance on the conduct and contents of the audit.

(d) The auditor must review all relevant ORR-wide policies, procedures, reports, internal and external audits, and licensing requirements for each care provider facility type.

(e) The audits must review, at a minimum, a sampling of relevant documents and other records and other information for the most recent one-year period.

(f) The auditor must have access to, and must observe, all areas of the audited care provider facilities.

(g) ORR and the care provider facility must provide the auditor with the relevant documentation to complete a thorough audit of the care provider facility.

(h) The auditor must retain and preserve all documentation (including, e.g., videotapes and interview notes) relied upon in making audit determinations. Such documentation must be provided to ORR upon request.

(i) The auditor must interview a representative sample of UCs and staff, and the care provider facility must make space available suitable for such interviews.

(j) The auditor must review a sampling of any available video footage and other electronically available data that may be relevant to the provisions being audited.

(k) The auditor must be permitted to conduct private interviews with UCs.

(l) UCs must be permitted to send confidential information or correspondence to the auditor.

(m) Auditors must attempt to solicit input from community-based or victim advocates who may have insight into relevant conditions in the care provider facility.

(n) All sensitive and confidential information provided to auditors will include appropriate designations and limitations on further dissemination. Auditors must follow appropriate procedures for handling and safeguarding such information.

(o) Care provider facilities bear the affirmative burden on demonstrating compliance with the standards to the auditor.

(a) An audit must be conducted by an entity or individual with relevant auditing or evaluation experience and is external to ORR.

(b) All auditors must be certified by ORR, and ORR must develop and issue procedures regarding the certification process within six months of December 24, 2014, which must include training requirements.

(c) No audit may be conducted by an auditor who received financial compensation from the care provider, the care provider's agency, or ORR (except for compensation received for conducting other audits) within the three years prior to ORR's retention of the auditor.

(d) ORR, the care provider, or the care provider's agency must not employ, contract with, or otherwise financially compensate the auditor for three years subsequent to ORR's retention of the auditor, with the exception of contracting for subsequent audits.

(a) Each audit must include a certification by the auditor that no conflict of interest exists with respect to his or her ability to conduct an audit of the care provider facility under review.

(b) Audit reports must state whether care provider facility policies and procedures comply with all standards.

(c) For each of these standards, the auditor must determine whether the audited care provider facility reaches one of the following findings: Exceeds Standard (substantially exceeds requirement of standard); Meets Standard (substantial compliance; complies in all material ways with the standard for the relevant review period); Does Not Meet Standard (requires corrective action). The audit summary must indicate, among other things, the number of provisions the care provider facility achieved at each grade level.

(d) Audit reports must describe the methodology, sampling sizes, and basis for the auditor's conclusions with regard to each standard provision for each audited care provider facility and must include recommendations for any required correction action.

(e) Auditors must redact any personally identifiable information of UCs or staff information from their reports but must provide such information to ORR upon request.

(f) ORR must ensure that aggregated data on final audit reports is published on ORR's Web site, or is otherwise made readily available to the public. ORR must redact any sensitive or confidential information prior to providing such reports publicly.

(a) A finding of “Does Not Meet Standard” with one or more standards must trigger a 90-day corrective action period.

(b) The auditor and ORR must jointly develop a corrective action plan to achieve compliance.

(c) The auditor must take necessary and appropriate steps to verify implementation of the corrective action plan, such as reviewing updated policies and procedures or re-inspecting portions of a care provider facility.

(d) After the 180-day corrective action period ends, the auditor must issue a final determination as to whether the care provider facility achieved compliance with those standards requiring corrective action.

(e) If the care provider facility does not achieve compliance with each standard, it may (at its discretion and cost) request a subsequent audit once it believes that it achieved compliance.

(a) A care provider facility may file an appeal with ORR regarding any specific audit finding that it believes to be incorrect. Such appeal must be filed within 90 days of the auditor's final determination.

(b) If ORR determines that the care provider facility stated good cause for re-evaluation, the care provider facility may commission a re-audit by an auditor mutually agreed upon by ORR and the care provider facility. The care provider facility must bear the costs of the re-audit.

(c) The findings of the re-audit are considered final.