Thanks for helping me to understand.
I see now that if I give a user read only permission and they attempt to update a table, it will log a failure. This is very good.
The confusion was when I was expecting a user who runs a bad query such as a select of a table that does not exist that it would record that as well. But technicly as you say, it is a successful select but of non existant data. These type of things are not logged by SQL Server Audit but would help us to detect anyone who was fishing for data.