I am a few years removed from this but I recall working at a firm where we were preparing to pass an IT audit so we decided to use the SQL audit feature to log every DML and DDL change made except those made by regular end-users who could only access the data through our application.
I recall that one of the challenges coming out of this was the tedious process of periodically reviewing the logged changes. We did this once a month and it wasn't too bad. However, I could see it becoming impractical if the nature of the environment is that there are many of these changes (I'm thinking that should not be the case though).
The other challenge was to ignore system-generated changes (our database was part of transactional replication).