Which database table and field (records) to audit, provided you know the application database schema well enough.
The amount of audit information to record to satisfy auditor requirements.
The methods you want to use to manage the audit data's life cycle (onsite and offsite, online and offline).