The Defense Contract Audit Agency (DCAA) is the lead Government Agency in testing contractor compliance with TINA (Truth in Negotiations Act). But they are not the only Agency performing such reviews. The Comptroller General (i.e. GAO) and the Inspector General (IG) organizations also have statutory rights. The GAO and the IG generally initiate their reviews in connection with other activities (such as a fraud referral) so most contractors will encounter only DCAA.
DCAA's selections are based on its Post Award Audit Selection System (PASS). The PASS is a risk assessment model that provides objective and verifiable risk determinations. It considers the adequacy of contractor estimating and accounting systems, historical rates of positive occurrences, and values of previous recommended price adjustments. Each of these four factors is assigned a weight between one and four with one being the lowest risk. If the result is under four, the contractor is determined to be low risk. If the result is over 12, the contractor is considered high risk. Other thresholds include medium low and medium high. The PASS rating determines how many defective pricing reviews DCAA will initiate. Obviously, the higher the risk, the more audits.
DCAA then takes the universe of contracts awarded, stratifies according to size and type (e.g. FFP, Incentive, CPFF) and selects from each strata, a number according to the PASS rating. For example, for FFP contracts between $25 and $100 million, a high risk contractor might have 100 percent reviewed while a low risk contractor might have one out of every four selected for audit. These strata and selection criteria change slightly from year to year so you should request your DCAA auditor to provide the PASS rating and the selection criteria.
Smaller contractors are automatically considered high risk so they do not have individual PASS ratings. Contracts awarded to smaller contractors are added to a pool and selection is made based on the high risk PASS rating. Because contracts are pooled and selections are somewhat random, many smaller contractors are rarely audited for compliance with TINA.