Thanks Eric. In the four years the thread has been open that's probably the most effort anyone has put into the answer. It's not what I was really looking for, but at least you didn't descend into insulting the auditors. I think they largely do a responsible job under varying levels of cooperation.
My interest was in knowing whether people were experiencing something similar to what I experienced at the time. Auditors appeared to put greater emphasis on application security, configuration and change management than they did on the database environment. I'm also curious whether DBAs who understand the power of the environment they work in think that is appropriate.