To commit sophisticated fraud one needs to really understand how things really work, so learning about scams is the first line of defence against corporate fraud.
Auditors and short-sellers are incentivized to find fraud - albeit differently. But the stories in the financial statements and investor reports are telling and need to be analyzed.
The role of external audit is to ferret out fraudsters. Auditors don't really believe it's their job.
Auditors don't catch fraud because they're not truly independent.
However, finding fraud via auditing financial information is very hard. Financial statements are specifically cooked to provide the very right ratios to an observer.
How fraud comes to be
Something's off in the financial statements, and the firm has to: a) massage the numbers to look attractive to investors (takes smarts, of course), and b) create a compelling story why the numbers look good.
Auditors may not have good understanding of the client's business to the extend of not reading the MD&A (Management Discussion and Analysis).
Short sellers look at relationships, customers, suppliers and operations. Auditors don't audit operational metrics.
Financial information coupled with operating metrics tells a better story but by the time numbers stop making sense it's usually too late.
Asking auditors to do additional work invariably increases the bill (which is high already) and puts extra pressure on the management, making being public even less bearable for everyone involved. This also requires auditors to specialize in their customers' industries (i.e. less available resources, higher fees).
Short sellers are arguably the best party to catch fraud and compare the claimed operating metrics with observed customer behaviour, interviews, etc. But they're economically incentivized to do so (auditors are just paid for work hoping to renew the contract for the next year).
Auditors should be less tolerant of aggressive accounting (usually it's one step detached from fraudulent earnings manipulation). However, expecting them to proactively verify management representations may not be practical (say, checking the presence of product A in the quantity X is theoretically OK, but is it really product A? What if some of quantity X is borrowed?).