Before BYPLIST(AUDIT) feature, you couldnt tell who is accessing the resources on the bypass list. Not audit was being done because there was not security checking for those resource on the bypass list.
Now you can track who is accessing resources on the bypass list.
An AUDIT entry is cut whenever the resource on the bypass list is accessed.
AUDIT parm is only valid for the bypass list and not the protected list. Resources on the protect list are protected, therefore checking and auditing already occurs, so it doesnt make sense adding this feature to the protect list since its already there.