Sorry, I can't point you in the direction of any specific SOX documentation; the work I did was over 8 years ago at a different employer. We didn't go through the documentation ourselves, the company employed a large number of (expensive) consultants to come in and produce a set of procedures we would need to follow. As far as I'm aware, the legislation doesn't prescribe specific procedures - it just says you must have a record of who did what and under whose authority was it done? That's why I said in an earlier post that the nature of your processes will depend largely on who audits you for SOX compliance; you have to satisfy them that you are doing the job correctly.

On your point about dbo access, I would say that you will probably need to remove it. Your new process (once you get one) will almost certainly require that any change needing dbo access must be done under specific authority from one of a small number of signatories.

As others have pointed out, you need a lot of backing from your management and advice from the people in your company who should be 'expert' in this area.