- What are the general steps for an audit?
- Are all church entities audited according to the same standard?
- What is the difference bewteen an internal and external audit?
- How is an internal audit conducted?
- How is an external audit conducted?
- How may compliance data be collected?
- How is non-compliance monitored?
- What is an example of non-compliance and its remedies?
What are the general steps for an audit? #
“What Can You Expect From An Audit” — ACSL
“The audit approach will be tailored for organisations depending on the nature of activities and the depth, breadth, complexity and geographic spread of their ministries.”
A general outline of steps may include:
“Standard 8: Quality Assurance in Safeguarding” — BCOS
1. Parishes regularly monitor and review their Safeguarding arrangements.
2. Parishes self-evaluate their Safeguarding practice by completing an annual Audit and devising a Safeguarding action plan.
3. Dioceses regularly monitor and review their Safeguarding arrangements.
4. Dioceses self-evaluate their Safeguarding practice by completing an annual Audit and devising a Safeguarding action plan.
5. Religious Institutes regularly monitor and review their Safeguarding arrangements.
6. Religious Institutes self-evaluate their Safeguarding practice by completing an annual Audit and devising a Safeguarding action plan.
7. The Bishop’s Conference regularly monitors and reviews its own activities.
8. The Bishop’s Conference self-evaluates its work and completes a 3-year strategic plan.
8. The Independent Review Group samples completed audits, identifies issues which require to be addressed and publishes an annual report.”
In God’s Image, Bishop’s Conference of Scotland, stan. 8 (2018)
Are all church entities audited according to the same standard? #
“Categorisation For Entitites” — ACSL
“Catholic entities vary, not only in terms of their structures and governance, but also regarding their level of engagement with children. In recognition of this variance across entities, CPSL has developed a three-tiered categorisation approach to the application of the NCSS. For the purposes of a CPSL audit, the categorisation applies at the Church Authority level, not an individual ministry or activity level.”
What is the difference bewteen an internal and external audit? #
“NCSS Standard 10 – Policies and Procedures Support Child Safety — ACSL
“The Archdiocese currently monitors compliance through an external audit program (conducted by a third party) as well as internal “health checks” (conducted by the archdiocesan Office of Safeguarding Service) which assess parish compliance with the archdiocesan Safeguarding Policy.”
How is an internal audit conducted? #
“Process of Review” — NBSCCCI
“The Review of Child Safeguarding will be a two stage process:
Stage 1 – the Pre-Review process, based on robust and detailed questionnaires which will give
the overview or map of ministry with children activities in the relevant Church body. This stage will
constitute a form of Self-audit. The Church authority and other key child safeguarding post
holders will be requested to provide a range of information, to include issues such as recruitment
of staff and volunteers, training, codes of conduct for staff and young people and all of the other
essentials of good child safeguarding practice. With this information the Church authority and the National Board will agree the particular focus of the child safeguarding Review to be conducted…”
Stage 2 – Review at the level of practice– ‘on the ground’. This will involve observing ministry with children in operation, and will require reviewers to undertake site visits, such as visiting a pastoral centre to sit in on youth faith group, or talking to members of a children’s choir. It will also involve conducting interviews with representative participants; as well as examining records of activities, specific policies, completed forms etc.
“Standard 8: Quality Assurance in Safeguarding” — BCOS
“Each year, every parish and Diocesan organisation working with vulnerable groups is required to
complete a Safeguarding Audit which details the number of allegations received, the numbers
participating in training etc., forwarding it to the Diocese for collation into one report for the whole
Diocese. The Diocese must forward the statistical section of the Audit to the Scottish Catholic
Safeguarding Service for scrutiny by the Independent Review Group. Having undertaken their own analysis of the Diocesan data emerging from the Audit, the Diocesan Safeguarding Advisory Group must prepare a Safeguarding Action Plan to address any areas of improvement required within the Diocese”
How is an external audit conducted? #
“Quality Assurance in Safeguarding”–BCOS
“The function of the Independent Review Group is to provide an independent and objective evaluation
of how the Church is implementing its own Safeguarding policies and procedures. Each year it
samples the data contained in annual Audits and reviews action plans that have been designed to
address specific areas for improvement. The IRG comments on these plans and, where necessary,
identifies gaps and recommends additional steps to be taken. In this way, it provides an external
evaluation of the self-evaluation and planning of Dioceses, Religious Institutes and SCSS.”
“2019 Audit Report”–StoneBridge Business Partners
“StoneBridge Business Partners is a specialty consulting firm headquartered in Rochester, New York,
which provides forensic, internal, and compliance auditing services to leading organizations nationwide. The substantive auditing processes utilized by StoneBridge are tailored to the specific objectives of each engagement. For the USCCB, StoneBridge worked with the Secretariat of Child and Youth Protection (SCYP) to develop a comprehensive audit instrument, revise the charts used to collect data, and train StoneBridge staff and diocesan/eparchial personnel on the content, expectations and requirements of the Charter audits. During 2019, StoneBridge visited 64 dioceses and eparchies (“on-site audits”) and collected data (“data collection audits”) from 130 others.”
How may compliance data be collected? #
Compliance with reporting abuse during an audit period may be measured by aggregating:
“Audit Process” — USCCB
“The number of allegations, the date the alleged abuse was reported, the approximate dates
the alleged abuse occurred, the nature of the allegations including whether the victim is a current minor,
the outcome of any investigations, if the allegation was reported to the diocesan review board and the status of the accused cleric as of the end of the audit period…reports [of] the number of abuse survivors and/or family members served by outreach during the audit period.”
Compliance with Safeguarding programs and further measures may be measured by assessing:
“Audit Process” — USCCB
• total children enrolled in Catholic schools and parish religious education programs
• total priests, deacons, candidates for ordination, employees, and volunteers ministering in the diocese or eparchy
• total number of individuals in each category that have received safe environment training and background evaluations
• programs used for training each category
• agencies used for background evaluations
• frequency of training and background evaluations
• method used for collecting the data from parishes and schools”
How is non-compliance monitored? #
“To Ensure the Accountability of Our Procedures” — USCCB
The audit “is to include the names of those dioceses/eparchies which the audit shows are not in compliance with the provisions and expectations of the Charter.”
What is an example of non-compliance and its remedies? #
“Stonebridge Business Partners 2019 Audit Report” — USCCB
“For the 2019 audit period, there were three findings of Non-Compliance. The Diocese of (xxx) was found non-compliant with Article 13 for a failure to evaluate the background of a visiting priest. Upon discovery of the failure to follow Diocesan policy an investigation was launched by the Diocese (xxx) and actions were taken to remediate the failure. The (xxx) was found non-compliant with Article 2 due to a non-functioning Review Board during the audit period. Subsequent to the audit period, additional members were named to the Review Board and a meeting was held to remediate the instance of non-compliance. (xxx) Diocese was found non-compliant with Article 2 due to a non-functioning Review Board during the audit period.”