Control Tower Part after that:
- delete control tower cloud watch logs (important!)
- move the audit & security account to a new suspended OU, then delete the Security & Sandbox OU
- delete all controltower stacksets
- delete the kms key for control tower
- delete all IAM roles & policies for control tower
- deactivate the control tower principal
as you see its looots of work and i would highly recommend just using a new aws account 
If I would need again explain business why they need next account is much harder xD
alright then, i can send you a copy of the repo with the script for cleaning up everything automatically
might not be perfect but it will save you lots of time
I can have a look but I had right now on that root, workload with Route 53 to main domain of the system which I need to migrate here
and I think I would do that manually to just not kill that OU
