Auditing security decisions include:
Classes of events to audit for success
Classes of events to audit for failure
Classes of events to audit for both
Users/roles with what additional auditing
Who has access to the audit administration server
Who has access to the audit servers
Who has the rights profile for audit file backup
Who has the rights profile for audit file review