Comment by Guid_NewGuid

I see your point, I think this is the crux of the matter though:

> Sure, it isn't appropriate in many cases

I think where low-confidence management comes in is the application of the process without reference to whether the process is appropriate. It's easier to require all changes to be reviewed, every change to have a ticket and all post-approval changes to require re-approval even if the thing being edited is CSS for an internal tool than it is to build out process that accounts for the field and risk.

It feels like many places/management teams take an "off-the-shelf" compliance approach rather than constructing a process that works for the team.