We recently had the requirement to audit some of our sensitive servers. I looked at SQL Server Audit and another draw back is that is only runs on Enterprise. And yes, it should definitely provide the ability to log to a database and not a file or windows log. This is probably why the tool goes un-noticed and un-used.

We eventually found a few third party tools and settled on Idera Compliance Manager. It runs a small trace and uses the trace API to filter and log data into a SQL repository. I believe future versions will be more extended events based. Since we are tracking DML, so far I have found it challenging trying to sift through the volume of data it logs to get a useful report. I don't see any real way to get a pass/fail or exceptions type of audit report. It seems to still require a someone analyzing all the data and making a determination if it is good or bad. You can setup Event filters to filter out data to that gets logged but that could mean you are potentially missing something you may need later and you can setup Alerts based on "suspicious" activities.

Needless to say there is a big learning curve and perhaps some new processes to develop.