Our auditing tends to be in two spheres -

1) Where there is interaction with the customer, so sales orders and product specifications are audited.

2) The finance system, we have very fine grained history of all our transactions.

This just takes the form of history tables plus user names & dates.

Of course it is external interactions which dictate what goes on internally, so I guess that is what is being audited, if something goes wrong internally (we make the wrong product or buy the wrong supplies) then we can find out what the catalyst was for that. I guess there's no point auditing internal procedures which are carried out as a result of making an invalid transaction with the outside world.

In terms of SQL, then, nothing, it's all application based, but then that's why we only allow indirect access to the DB. I could imagine in a larger site with lots of people with direct DB access you'd have to go to a whole different level, but I don't see a justification for it here.