hello there - yes i absolutely agree.
if you look the way reviews are handled on policies, we changed the approach there alredy. when you review a policy, the next date, version and content of the policy can only be updated from the review (they are greyed out on the policy itself).
the same needs to be migrated to assets, risks and probably will be included in exceptions too. we are stuck with release 24 (workflows) so we cant put more into that release, but will come for sure on the first quarter.
we cant use the same logic we have on controls (audits) for "historical" decisions on the architecture of the app, this sounds vague i know, but is my way of saying: insanely complicated and dangerous to update it.