Unfortunately this is a conversation few are going to be able to contribute to significantly. Here's what my suggestion would be:
Clarify what they mean when they say "alert". To Support, an Alert is an e-mail notification. If you need to get an e-mail or other active notification any time one of these file actions is taken you're going to be hard pressed to find a tool (or an exchange server) that will keep up with that volume.
However, if all they need is that an event is generated, logged, and monitored in some form then there's easier ways to accomplish this. Firstly, if you have FIM set up and you're watching that directory, you already have the generation and logging in hand. At that point you will likely want to demonstrate that your'e reporting on it or monitoring it in some fashion on an ongoing basis, but the auditor tends to have the final say on what they are looking for and what is good enough.
jrouviere is right, you have to pick apart what they want from you.
In some environments where I have worked with clients on LEM their auditors were looking for periodic reports highlighting anomalies, along with some kind of indication that these reports were being reviewed and investigated within a specified time frame.
One elegant method I came across for organizing the mess of reports that people can end up with was that for every line item they were addressing from their standards they would name the report to match it. So if the report was intended to satisfy the third requirement of their standard they were saving them to a file share and naming the folder Requirement 3, put all the relevant reports into that folder, established their policy regarding the reports and how they were to be investigated/acknowledged and included it as a document in the folder. That way when they sat down with the auditor it was extremely simple to roll through the list with them and have all the necessary information at hand.
What i usually do is create a group of false positives (which is updated constantly in order to decrease false positives in reporting and also provides evidence of review). In addition, schedule a daily search report which is emailed to have evidence of report received daily summary in the morning. Once the report is received, I look to see if there are any anomalies.
For live monitoring, i use a filter which has the same query as the scheduled reporting.
NOTE: the false positives usually occur on workstations. However servers should not have many false positivies if your FIM configuration is looking for the correct extensions (the exception being patching cycles).