I understand your point, but I would suggest that you could say the same about the data in the target audit tables. i.e. a privileged user would be able to delete / update data.

Whatever solution you use for auditing, you'll have to ensure that appropriate permissions are granted to make sure that the neither the auditing mechanism nor the audited data itself is tampered with.