If you enable auditing in database, you can't trace change password actions. The reason is OPS Manager updates system.user collection record directly. as a result, this action is not traceble in audit if parameter auditAuthorizationSuccess is not enabled.

But enabling this parameter cause performance degradation as all DML/DDL will be sent through audit layer.

Dropping user at the same time happening as expected and traceable in audit files.