Re: Good idea.
"Firstly, sudo logs all its invocations. Secondly, sudo can be configured to only allow a user to run a certain subset of commands."
Those, in my view are because sudo is a kludge to overcome:
"su is an all or nothing command."
Which it has become as a kudge because root is now used for a great many purposes which could and should have separate administrators: e.g lpadmin to manage printers, bin to install and upgrade S/W. But that was too inconvenient so root got handed all the powers.
"Finally, su requires the destination user's password (e.g. root) whereas sudo requires the current user's password (or not at all). "
You say that as if it's an advantage. If the user has adopted a weak password that's all that stands between anybody who cracks it and root permissions. Requiring a second password provides an extra layer of protection.
"One benefit of this, is that when an employee leaves, you don't have to change all the root passwords, you just delete their account."
Again, it's the convenience thing.
I harbour suspicions about that (convenient)option to enter further sudo commands within a given period. It opens the door to an exploit.