CreateFile error 32 is something held a handle on the file and SQL couldn't delete it.
So something was reading/writing/touching the old audit file in some way.
Best thing you can do is get a copy of procmon and handle from the sysinternals tool, run this while a file rollover happens (your just going to have to keep it running and find the next occurrence of the error 32), then see what process is using the file preventing SQL from accessing it.
While your waiting for that ensure all the right exclusions have been put into your AntiVirus/Malware/Security Software, as these will be the general ones which will be preventing deletion.
Additionally look at the output of "fltmc" in a admin command prompt and tie the altitude numbers to this list
Anything that isn't a Microsoft filter driver see what it is and if it has exclusions available to it to stop it scanning drives/files etc