How can a Debian process change the mod date of a file and not have it show up in the auditd log?

How can a Debian process change the mod date of a file and not have it
show up in the auditd log?

The other day I set up a little shell script on a Debian server to send me
an email when files change; it looks like this:
#!/bin/sh
items=`find /var/www/vhosts -regex ".*/httpdocs/.*" -newer files_start -ls`
if [ ! -z "$items" ]
then
touch files_start
echo "$items" | mail -s "new file(s)" "security@example.com"
fi
I kept getting notified of one mysterious 0-length text file
(web-accessible, writable by PHP and the vhost user, but not Apache)
getting modified 2-3 times a day, so I set up auditd with the following
rule.
auditctl -l
LIST_RULES: exit,always watch=/var/www/vhosts/path/to/file.txt perm=rwa
key=wh1
I tested it with ausearch and got, as expected:
...comm="touch" exe="/bin/touch"
I waited for the next email with the new mod date and ran ausearch: no new
matches!
How can this happen?