OPS Manager should call updateUser to change password to trace it in DB Audit.
If you enable auditing in database, you can't trace change password actions. The reason is OPS Manager updates system.user collection record directly. as a result, this action is not traceble in audit if parameter auditAuthorizationSuccess is not enabled.
But enabling this parameter cause performance degradation as all DML/DDL will be sent through audit layer.
Dropping user at the same time happening as expected and traceable in audit files.