Yes, but the level of detail requested for the audit would be dictated by Super Micro. For example, if the request was to audit boards against the design specs, the audit would never catch something inserted during the design phase. Nor would it catch malicious functionality inserted as part of a legitimate chip. It seems like the potential number of attack vectors is extremely high if the design &/or manufacture process has been subverted.
Alternatively, if there was no attack, it becomes exceedingly difficult to prove the negative. But that also leaves us with the perplexing situation of multiple sources-- 17 from different companies and NSA-- deceiving Bloomberg reporters. Or Bloomberg reporters themselves deceiving everyone. In the later case the motives are clear. It's a career-making story that can't easily be disproved. In the former case the motives are less clear: a desire to smear Super Micro? Who benefits? A desire to stoke anti-China fear? It's all very strange.
