In full disclosure: I work for an iSeries security vendor. We have a white paper on our website that does an excellent job of explaining the basics of iSeries auditing. Go to the following link: http://tinyurl.com/rsr95
The answer is “Yes, journaling is appropriate.”
The full answer includes audit journaling. Program calls and object changes are tracked with user and object auditing.
Don’t hesitate to post questions about either area.