Workflow doesn't currently do any explicit audit logging. Managed objects still do their own logging, but they might be missing metadata about who actually triggered a CREATE for example.
- audit who approved/rejected things (see "decideApprovalTask" in contractorOnboarding.bpmn20.xml sample). We might just need to audit whenever a userTask is processed and who did it.
- David Lee: "The main reports/use I see is the final status of the request workflow (approved (all persons involved) denied (who approved/denied) each time stamped) . the certification all items certified/revoked/remediated/exception at each "stage" along with final outcome."
Might be out of scope, but could investigate what the event logging SDK gives us so that we can decide if it is useful.