Most security against crime comes from audit. Of course we use locks and alarms,but we don't wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that's audit.Wouldn't it be nice if the police got an email alert every time a gun was fired with the name of the person shooting, where it happened, time & date, what they hit, what type of gun, etc.? Schneir was obviously using an analogy to talk about information technology.
And in IT, these types of alerts are actually possible!
Also, earlier in the article, Schneir concisely sums up a related point:
Audit helps ensure that people don't abuse positions of trust.So, yes – Audit to catch and deter evil doers (to use the term one last time) AND to ensure that system administrators' power is kept in check. And go for the fancy email alerts too.