The cognizant contract auditor (e.g. Defense Contract Audit Agency for DoD contracts) is responsible for conducting audits to ascertain whether a contractor's actual cost accounting practices comply with Cost Accounting Standards (CAS) and the Federal Acquisition Regulations (FAR) Part 31 Cost Principles.
In practice however, contract auditors do not typically initiate stand-alone audits to test contractors' compliance with FAR Part 31 and CAS. Rather, auditors are instructed to make compliance determinations an inherent part of ever audit performed, whether it is evaluating pricing proposals, examining incurred costs, or testing internal control systems. To do this effectively, auditors are expected to be knowledgeable of FAR Part 31 cost principles and CAS requirements.
Under this practice, it is not expected that the auditor will perform every step of a given CAS or FAR compliance audit, but rather, only those steps associated with costs that are material to the subject matter of the audit. The downside of this practice (or "upside", depending on your point of view), is that testing in this manner is almost haphazard and the potential for significant noncompliances slipping through the cracks is significantly increased.
The point of this post, and its a point we've made in the past, is that contractors should never assume that the contract auditor is narrowly focused on a single purpose. That auditor is observing, listening, probing, and developing audit leads for later. Although the auditor should communicate his/her purposes and objectives, such communication often doesn't take place. If not, contractors have the right to and should question the purpose of any audit procedures that appears beyond the stated scope of audit.