Sorry if this seems like a dumb question, but what are you trying to audit exactly? And what do you mean ITIL documents? Maybe more detail would help us understand the question.
If you're wanting to audit user's actions on like CIFS or NFS shares, you can enable Fpolicy. Is that what you're looking for?