Hi Shashank
My specialty in SAP is Security and GRC so happy to chime in here with some advise....
How important is Audit in SAP Security Training ?
I would consider auditing to be complementary to security training. If you happen to have a bit of an audit background it will help you appreciate security. To cover some of the items you have mentioned:
- Reading the Audit Log - yes it's useful and recommended that clients configure it for some minimum scenarios. It is not difficult to use or interpret. If you are interested, this is quite a good blog written by a top SAP security employee - Recommended Settings for the Security Audit Log (SM19 / SM20)
- AIS - I must admit I've never configured AIS before. Again, there's not harm in learning it and it'll really depend on being on a client site that uses it.
So that covers off on your topics... in relation to actual security activites. These are the following you would need to learn as you move into the area:
- User Administration - SU01/SU10 - Creating, Maintaining, Administering users
- Security Role Build - PFCG/SU24/SUPC - maintaining security roles (composite, single, imparting and derived)
- System Security - start branching out into the technical security (SSO, system parameters, etc)
You would slowly build on the items (starting with password issues or account setup through to authorisations errors and role build).
Do I need to get trained in Auditing part orelse Regular R/3 security and
As mentioned, this would really depend on whether you want to go down an auditing path. It is valuable understanding what auditors look for so you can pre-empt them in your system. I'm not the only one who finds "audit season" a challenge. Each year they will search your system to find at least one risk, etc.
GRC training is sufficient for career in SAP Security ?
GRC Component for Access Controls is a hybrid of both security and internal controls functions. Within GRC, knowing security first is useful as the Access Controls contain Business Role Management, Access Request Management and Password Self Service - these items all impact SU01 and PFCG
Access Controls also contains Access Risk Analysis and Emergency Access Management (Firefighter). These two assist with improving internal controls in the system.
Finally, GRC also includes Risk Management and Process Controls which are less about traditional security and more towards the internal controls.
The auditors then sit further back and audit the system to ensure your Security and Internal controls are compliant with your processes, company policy and other compliance requirements (e.g. contracts, legal and regulatory compliance).
Others areas of security that you can then branch out to also include the SAP Identity Management, Single-Sign-On and then there's also the security of each module or system (each component has a slightly different take). It is a massive area and as we move to the cloud is only going to get bigger (hope that translates to management buy in and appropriate funding for it)
For me, I have recently joined ISACA and am starting to branch out and study for my CISA. I feel that to develop my security further obtaining some of the non-vendor auditing or security concepts and goals would be of benefit. Just need to find the time as all I've achieved thus far is purchasing the books and paying membership.
Good luck in choosing your career. If it's security, welcome to the every changing environment! If it's audit, please be kind on us security people 
Regards
Colleen