I can suggest several options. The most expensive is to journal all of your files and write pgms to dump SQL transactions to a report or outfile for review.
The cheapest would be to make everyone using interactive SQL go through a command line that forces all commands to write a journal entry. Just turning on user auditing *CMD will get your the strsql command, but not the rest of the sql statements. I’ve seen these command processing programs but couldn’t find an example with a quick search, but i’m sure they’re out there.
If you do not have SQL developer tool kit on the system, and the sql statement can’t be prompted, just auditing the user will make a journal entry for the statements.
The best is NetIQ’s Secure SQL that forces audit entries for all SQL statements while still giving you helps and prompts to develop an SQL statement.
Here is a recent discussion of this issue
Some have had very good success auditing interactive SQL access using a combination of the Open Database File Exit documented here and the Retrieve Job Information API which returns SQL statement information with format JOBI0900.
I hope this helps,