This article and the subsequent one are very well done from a technical perspective. I think more emphasis needs to be added as to why auditing needs to be done. Many of the data problems we have are a result of internal people accessing or modifying data for their own benefit. I spent a good many years in the late '80s and early '90s as an internal auditor for Martin Marietta Astronautics Group. You would be amazed at how many people tried to modify database entries when it would affect their bonuses. In the middle 90's working as an internal employee for a consulting company we had a recruiter in one case and a sales rep in another attempt to export all the recruiting contacts and sales contacts. In the mid 2000's I worked as a application and database developer for a small international company. With about 36 people total in the company we had two who individuals who maliciously attempted to modify data. One of the two attempted to export all the company contacts for his own future benefit.
What is so amazing is that these kinds of issues are common across the scope of the business and government world. These actions provide me with a high level of distrust of individuals when it comes to protecting the data in the company I work for. The data in our databases is a vary valuable commodity for our organizations. We, in the IT end of the business, have a fiduciary responsibility to protect it from technical flaws and human flaws. Building in security, and auditing is a part of security, is paramount to our fulfilling our duty to our employers.