IAM is the Identity and Access Management system in Google Cloud that grants permissions for identities (users, groups, service accounts) to do work.  In your post I heard you say a user was deleted.  You can neither create nor delete a user through IAM.  Instead, you manage users through Cloud Identity and then, once a user is known, you can associate permissions with that user through IAM.   With that in mind, you will want to investigate the logs of Cloud Identity to determine what happened to the user.  Be aware that Cloud Identity has many options based on how you configured it.  For example, if it is configured to be used with an external directory service such as Active Directory, then the user deletion could have occurred far away from Google and the synchronization between Cloud Identity and Active Directory would not show how the user was deleted.

Have a look at the following articles (here) for details on how to investigate Cloud Identity audit logging.