As the administrator has the ability to do fairly dire things like reset the accounting user's passwords there are really no circumstances in which you could be sure the administrators don't have access to accounting data.
Even if you could completely restrict access, what would the accounting people do about technical support etc? There would be a business disaster the first time someone forgot their password!
One solution is to lock down the administrator account and have the password kept by, say, the Personnel director. Many routine administrative tasks can be handled by less privileged accounts or by special accounts set up for the purpose. Should the main administrator account be the only one that can perform a certain task, the password holder could supervise the IT guy while the task is performed and change the password afterwards.
This is all pretty complicated and no substitute for having a trustworthy person in charge of IT.
What do accounts have to hide? Most accounting applications are separately password protected and the ability to copy or hex dump the raw data files is not a lot of use without the application password.
