What are ways to do a proper audit?
You'll have to pay a developer with experience in solidity to go through your contract for bugs, etc.
Zeppelin is one of the many companies that audits smart contracts.
and does it always have to be on ropstan network?
Ropsten test net is one of the test nets for ethereum where you can test your smart contract to see if it does what you want it to do.
You don't have to use the ropsten testnet, there's another called Kovan, and you can also deploy your own ethereum block chain locally on your computer using geth.