Often administrators need to find which assets were deleted and why, and for this purpose, searching audit.log should be the correct place.
However, when some administrator mistakenly changed a cleanup policy and when the next Cleanup service task deleted many assets, the administrator is not able to find any audit event for cleanup policy change.
Cleanup policy change should be audited as incorrect change can cause data loss.
NOTE: It is very important to take a holistic approach to the solution for this ticket
Creating a new policy and changing an existing policy are not logged in audit.log.