A SQL Server Audit is a security object that collects and logs either actions or groups of actions. Which is another way of saying it is a hall monitor. It checks the halls and writes down what it sees, and pokes its head into the classroom windows (i.e., a database) as well, if you tell it to do so. SQL Server Audits are always in a disabled state when created, much like a hall monitor who needs to be told when to report for their first day of work.
You can create a SQL Server Audit with T-SQL or through SSMS, look for it under the Security folder and you will find a folder named ‘Audits’. It is worth noting that you create a server audit, not a database audit. This is because the audit object is associated with the entire instance. You will next specify what exactly you want to audit, which will be either an instance or database specification, or both if desired.
More at http://sqlbatman.com/2009/03/implementing-sql-2008-sql-server-audit/