SOX, etc. don't require that you can't have access they require that any changes made to the various systems are audited/documented/logged.

Look into products like SQL Sentry, etc. that track all activity against the database... best solution is to get an auditing solution in place, and then lock the DBA's out of the audit system. Document who has dbo access to your databases, make sure you're not sharing user Id's, etc. Then have the auditors run reports from the audit solution to their hearts content.

Most audit solutions, like SQL Sentry, etc. will show any change, update, delete, etc. to the database, including what was changed - generating reams and reams of paper along the way which will usually have the auditors purring like kittens.

Joe