We conduct our annual SOX audit. We are a small company and our servers are hosted in our data center of our parent companies. Our parent company is public and since Sox must be a complaint, we're there too. Because we are in different countries (or whatever the reason may be), two different examiners perform our exams.
Since our entire infrastructure is hosted by our parent company, their Windows administrators and DB administrators are system administrators for our server. This is something we know and they are doing administrative and maintenance of our infrastructure, and we know that it is adequate access.
However, our SOX auditors believe that parent company administrators should not have sysadmin access. We feel that this is anything but ridiculous. What should be done?