From an audit perspective, detecting when an admin has changed a record by impersonating someone is rather painful. The only way to do this is by manually looking at the sys log for impersonation events and then piecing together which records they may or may not have changed.
The attached update set contains a scheduled notification email that highlights who impersonated which user and captures any (audited) records changed during that time. It's imprecise in that the record could have been changed by either the impersonator or the user, but it gives security teams a starting point for any investigation.
* Don't forget to add the recipients/groups you want this email sent to
