A friend has had an article posted over on SQL Server Central that’s worth a read. Scott Abrants outlines the type of code that SCOM uses for SQL Server auditing and how you can leverage that outside of SCOM for other work you may be doing. As noted in the comments, it’s also worth taking a look at how Microsoft set up it’s rules and monitors as a method for setting up your own.