Have you activated the audit settings on your site collection?
If there is a leak of critical company information resulting in losing a merger deal, and the Chairman of the Board wants to know who read or downloaded the strategic document from SharePoint; what are you going to say? Sorry, we didn’t activate the audit settings because it makes too many log files and we don’t have the space to store them? What do you think the Chairman will say to that?
Don’t wait until there is a major incident before catering for this. Audit settings must be manually activated on a site collection level to track activity in that site collection.
IT usually discourages the activation of these settings due to the large log files it can result in. However, this should have been part of the SharePoint server architecture planning in the first place. It is a valid business requirement to be able to track activity of company content and users.
Be selective on what you activate on which site collection. You don’t need the settings on at all if it’s just a playpen / sandbox type collection; but on executive level site collections, it may be critical. Add rules around the use of the audit settings to your end user governance plan.
You need to be a Site Collection Administrator to see these settings.