Exactly. But an administrator actually may have a use for doing a count statement.

So then an administrator wouldn't be surprised or concerned if an auditor asked them "Hey did you issue this query the other day?"

That part seems logical, but the query on its own shouldn’t be cause for concern.

Use the word "atypical" instead.

If your audit system knows that this application never runs such queries, and today it did, it knows something changed and flags it.

All properly configured applications should be running with least required db credentials, limiting what they can do. That Accenture was monitoring all administrative level queries against the db makes perfect sense in a locked down production environment.