I recently read a white paper put out by Sybase that tries to answer the age-old question (or at least help define the question) of how to ensure that the people you trust the most with your corporate data are NOT the ones who are ripping you off. The target audience is the commercial IT manager or CIO. The paper talks a lot about Sarbanes-Oxley, as you might imagine. The solution prescribed is the use of database auditing; every transaction that occurs in the database is logged in a separate database, and the DBA of the first database has no control over the logging database, and vice versa.

The problem with this approach and others like it is that it usually ties the hands of the people who really do need access (even the DBA) while instilling a false sense of security in upper management. In most cases, all it would take to break security is a collaboration between the two DBAs. Depending on the scenario, it may not even require that if the DBA can turn off triggers (the way the audit log would typically be triggered) without that act being logged.

The author goes on to describe the application(s) that can be developed to allow management to see the data in any number of ways, etc. Of course, writing that application will likely take as long as the application being logged!

Here's the link:
http://response.sybase.com/forms/NA_NAO_07_JAN_EMKTG_Lumigent?elq=recipientid&mc=txt