I've spent the past few weeks refreshing myself on the latest and greatest in
the AWS IAM space and applying what I can to my own personal AWS account that I
use for tinkering.
A recommendation is to have one master organisation (org) and then create a
separate org to hold all the audit and log data (some guidance I came across
also says to have one org for audit and another for logs) and then create other
orgs for your production, testing, etc environments. The setup for such was
going to take