Firstly, there are two types of audit trails: system and data related.
The system based audit trail relates to changes in directories and programming changes, the attempts to alter metadata (the data giving context and meaning to the actual data). Therefore, the system based audit trail needs regular review preferably by the IT department rather than by the user or superuser (the user might be QC analyst or production operator and super user – lab manager or production manager).
The second audit trail is the data specific trail relating to the particular HPLC run or batch production run. Depending on the data criticality, that data needs to be reviewed if considered critical, prior to or at the time of batch release to be sure that the batch data is reliable…AND (a big and), don’t forget audit trail review of ANY data which is going into a regulatory submission, stability data, toxicological data, QC data – because you really don’t want to find later on that data was deleted or altered or cherry-picked – i.e. deliberately left out from the regulatory submission. All of the above needs to be covered by SOPs and internal audits and oversight mechanisms.