Uh huh... who fixes the auditing system if it breaks or causes any performance problems? 😉 And who's going to do all the other checking you suggested when the DBA has been locked out of the database :hehe:
And, part of the reason to refuse developer access to production data is to make it simpler to enforce SOX. But, before you even go for SOX, try passing the simple PCI audit.
--Jeff Moden
Change is inevitable... Change for the better is not.