Often the creation of an auth object and checking it in a program bypasses the security folks who maintain SU24 and roles.
So such an alert can be useful as a ping to ask what the object is for and which tcodes / roles it belongs to.
I use a slightly similar approach to alert about testing the QAS system.
If they transport the program without the object, then it cannot pass an auth test and alerts.
If they transport the object as well, then alerts if they test and the check fails.
If they transport to production in the wrong sequence or do not test, then it fails in production.
Probably another good check point earlier in the process would be the TMS BADI -> if an authorization object is in a transport being released, then send an alert mail from the DEV system is sent. You will get a few false-positives if whole packages are transported, but at least you will get to hear about it, and upgrades, etc.
Not a bad idea!
Cheers,
Julius