Reviewing PRs and compiling lists of PRs during audits can take time. One particular scenario is where an administrator uses their privileges to merge across protected brances without peer approval. How do you find these? While the below approach isn't perfect, it can give you some ideas.
When an administrator uses their privileges to override a branch protection rule and merge a pull request, an entry is written to the audit log with the category set to protected_branch and the action set to policy_override. You can search your audit log entries for these types of events by constructing a search query:
action:protected_branch.policy_override which will show events like this:
[user icon] [username] – protected_branch.policy_override Refs/heads/[branchname] was updated despite unsatisfied required status checks because [username] is an admin on [owner]/[repository]