"SQL Server sys. admin. account "sa" is required to run some functions and replacing this with a named admin account which should have the same access rights as "sa" just does not work sometimes, etc."

Auditors, let alone SOX auditors, will not be happy that a non-auditable superuser account is in use at all.

Someone should probably mention this to the "Great Plains" developers then!?