If the server is a cloud-based service that stores data "locally" yet local is in the cloud, the testing may not actually be feasible as accessing the audit trail as an unauthorized user is probably not something that can be done given it would require violating cloud security infrastructure controls. In the cloud scenario this probably needs to be based on the security controls related to processes and procedures around access to cloud data.
If the server is a cloud-based service that stores data "locally" yet local is in the cloud, the testing may not actually be feasible as accessing the audit trail as an unauthorized user is probably not something that can be done given it would require violating cloud security infrastructure controls. In the cloud scenario this probably needs to be based on the security controls related to processes and procedures around access to cloud data.