Is it possible? Sure.

Based on similar products (AIDE, Integrit), there is some configurability regarding just what gets checked. (I have used those products, which have described their configuration file as being similar to Tripwire, so likely they operate similarly). If dates are not being checked, and changes that do get checked are reverted, then the count could drop.

For example, if permissions are checked, and one day a file is flipped to "read-only", that might be flagged as a change. If this caused a problem for an end user, who complained, then the change may have been reverted. The next report will not notice a change in the permissions.

I wouldn't expect this to happen much. If it happened at all, it would probably be a minority of updates. You are, in fact, reporting only 7 changes out of 90. That seems to be within the realm of being commonly believable.

Now, regarding whether this actually is exactly what happened in your case, we may be unable to answer that without more details (like just what your configuration is, and what violations are being reported). Sharing such details might, or might not, involve sharing information that should not be shared. Some of this may depend on just how sensitive the information is. However, if you want more precise details, that may be needed.