I also have to address some SOX issues. I plan to look into the Idera "SQL Compliance Manager" software. I haven't evaluated it yet, so really can't offer any opinion.
http://www.idera.com/Products/SQLcm/
There is also an excellent post in this thread by Junk Mail Victim:
http://www.sqlservercentral.com/forums/shwmessage.aspx?forumid=161&messageid=212223