Without having audit enabled, I believe it wouldn't be possible to track those changes.
If no other changes been done on the SYSADMIN account since the password was changed, you can check FND_USER table -- http://etrm.oracle.com/pls/et1211d9/etrm_pnav.show_object?c_name=FND_USER&c_owner=APPLSYS&c_type=TABLE
For the apps user, the details are stored in DBA_USERS but there is no column that indicates when the password was changed -- http://etrm.oracle.com/pls/et1211d9/etrm_pnav.show_object?c_name=DBA_USERS&c_owner=SYS&c_type=VIEW
Yes it doesn't help much since you don't have audit enabled.
If you want to get more details about enabling audit, you can simply search previous discussions for Audit and AuditTrail and you should find the docs/links you need to refer to.
There should be no impact on the performance to track password changes. Apps passwords can't be changed on the fly and it requires additional steps (i.e. running AutoConfig and bouncing the services) which can't be done in your production instance many times a day.
I'm not sure why would you need to track password changes. Is this happening in your production instance?