Unable to fully audit polkit rules for compliance with corporate policies
While it is possible for an organization to nail down the policy files and delete all unknown files, this is usually seen as undesirable by end users and may break many (if not most) vendor supplied applications that use polkit.
Given that the policy rules are interpreted, what is the appropriate manner to determine that users/groups have not been given excessive privileges?