Since at least Oracle 8i, Oracle will automatically create a *.aud file in the default audit destination whether you have AUDIT_TRAIL=TRUE or not. Setting AUDIT_TRAIL=FALSE will not change this behavior.
Your SysAdmin has root access to the server. As such, you cannot stop them from making changes to the *.aud files. This is where you have to trust that SysAdmin will not abuse their root privileges. In the companies I have worked for, such abuse by anyone with root is grounds for dismissal. And I can think of many other ways the SysAdmin can hurt the database and the server that are worse than modifying the *.aud files.
This was first published in June 2006