Thank you so much for posting here.
To protect files from being deleted, we could deny delete permission. For more detailed information, we could refer to the below link:
So sorry that I am not professional with IT audit. In order to audit the specific information on who deleted the files, we could enable on the folder the Delete action audit and enable audit object access at the Audit Policy. Then we could monitor the events recorded on the Event Viewer.
More detailed information, we could refer to the similar case and articles:
For any question, please feel free to contact us.
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.