If the accounting server is added to an existing domain, then domain administrators and other privileged accounts will have access to the server. The use of ACLs to control access to data will not prevent them from accessing the data simply by giving access to themselves and others. This does not mean that accounting or any other form of sensitive information cannot be added to a domain; it does imply, however, that administrators should be trustworthy and if they are not, then perhaps the real question is whether they should be working for the company to begin with.
You can also request that the server be added into a new domain within the existing forest/tree and use IPSec filtering to restrict the computers that can communicate with the server and any required encryption.
In either case, delegation of control can be granted to members of the accounting group and I would also highly recommend enabling auditing and alerting on the resources contained on the server.