You could lock some sysadmin functions by requiring a password split in half and known to two people so that both must be present to unlock it, each person entering half. But you'll run in to problems when one of them is out sick or otherwise unavailable. And a duplicitous person could potentially install a keylogger on their own computer to capture the other half of the password. Another possibility is one of those ever-changing number code cards, only it's kept locked up in another unit's office and must be signed out and returned promptly. You'd need for whoever manages the card to check the serial number of the card when returned to make sure the person who checked it out didn't return a different card.
In a similar vulnerability concept, large corporations have policies that don't allow multiple heads of departments or board members to travel on the same flight.
Trust is a big deal, and Microsoft is doing what they can to reduce it with database encryption so that even the DBAs don't have access to the data, with SS '16 capable of implementing full encryption: at rest and while moving between the server and the user/application. We'll see what kind of performance hit and other difficulties that that level of encryption results in.
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]