Audit logs contain information about user access and activities, server or application activity, and other information about actions on the system. Automated reviews and alerting can detect a subset of events that have happened before, but is lacking in detection and understanding of new or different events and certain types of events or event sequences. Thus, the audit logs need to be reviewed.
Failure to review audit logs can allow events, that may be malicious, to go undetected. A combination of automated reviews, manual reviews, and the use of tools for manual reviews provides the most complete coverage of audit events. This combination allows for regular occurrences to be automatically detected and for a human to hunt for new threats or activity.
They expect your organization to have a defined program of audit review as part of the policies for your organization. The reviews need to be regularly scheduled and be done by a knowledgeable person, possibly with the help of automation and software tools. Software tools are used to remove the tedium from the process, but the human element is there to find things that the software has not been programmed for.