"Our mandate is to monitor the DBA's and other accounts with Admin and Owner rights and privleges."

There is no native way of doing this - by nature the sysadmins can do anything they want with SQL Server, so their is little or no point in using SQL Server to monitor them.

Indeed, any system for which I have full-control requires an external factor for logging and monitoring.

The only sure fire way to control, log and audit access is by abstracting DBA work through a third-party management tool; be this an enterprise manager replacement or a remote console with keystroke logging.

Again - how does this address SOX? SOX was created to prevent fraud. Is fraud going to be committed by a sysadmin editing an entry in field in a table, or is it going to be by accountants diverting funds into a variety of accounts?

Move upwards a level - what is the application you're looking at? What does it do? How is user access *within the application* granted, logged and monitored? If the users can freely change stuff in the application, what has database security got to do with it?