Auditors check that the company have security policies, that they have proper procedures and that these have been followed in the past. There is obviously no guarantee that the employees in the company will continue to follow the security procedures, just because they have done so in the past. Security breaches usually occur because someone failed to follow procedure.
Security standards and audits give the company assurance that they have reduced the chance of security breaches as much as possible. However , you can NEVER certify any system as "secure".
Audits usually control access and change procedures for systems and verify that there are controls and procedures that have been followed up to that point in time.
See http://en.wikipedia.org/wiki/IT_audit for more info.