One thing that just came to mind - if your file audit alerts are the subtypes (FileWrite, FileRead, FileAuditFailure, etc) and not just the parent FileAudit event itself, you'll want to use the "File Audit Events" event group instead of using the specific File Audit event itself. That way all of the subtypes are also included.
File Audit Events.InsertionIP = system1
AND
File Audit Events.SourceAccount != account1
AND
File Audit Events.SourceAccount != account2
etc
NOTE: I just did this myself and it seems to be the not equals that is causing some difficulty. It DOES work in filters and DOES work in rules, but is not working in nDepth searches. Still doing some digging as to what's happening.