Assuming you've already got AD object auditing turned on, the following XML XPath filter can filter the Security log of a DC to only return the events related to AD GPO changes
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
*[
System[(EventID=5130 or EventID=5136 or EventID=5137 or EventID=5138 or EventID=4662)]
and
(
EventData[Data[@Name='ObjectClass'] and (Data="groupPolicyContainer")]
or
EventData[Data[@Name='ObjectType'] and (Data="%{f30e3bc2-9ff0-11d1-b603-0000f80367c1}")]
)
]
</Select>
</Query>
</QueryList>
You I use this in Event Viewer on a custom view to quickly identify when and who made GPO changes
I made a custom view file for you download and import into Windows Event Viewer