During the installation and configuration LAPS you define the group that is able to read the ms-Mcs-AdmPwd attribute which contains the local admin password as managed by LAPS. Only members of this group and users or groups that have full control of the computer objects are able to read the password.
A couple of things to check:
The AD auditing is set to record the read of the ms-Mcs-AdmPwd attribute
The users in question have rights to read the ms-Mcs-AdmPwd attribute
It's common for AD functions that read the attributes of an object, to ask for all the attributes of the object i.e. attribute=*, if the user has rights to read the ms-Mcs-AdmPwd attribute, then this request will trigger the AD audit read event. So if there is a background task running in the context of the user that reads the AD computer object it could trigger the audit event, i.e. GPO update.
Gary.