Jeff Iannucci has a series on security in SQL Server:
The CONTROL SERVER permission has been around since SQL Server 2005, and is the most powerful permission granted as part of membership in the sysadmin role. What many folks don’t realize is that this permission can be granted to a login or group without including them in the sysadmin role. And that can become problematic if, as an administrator, you aren’t aware of logins or groups that don’t have this permission.
Jeff points out how CONTROL SERVER
isn’t quite the same as sysadmin, but why you should still treat it that way.