Re: .. all the access they ask for ..
Ah yes - the standard/template changes. No peer review was needed for those until recently.
One of them accidentally ended up in our review queue recently and we started scrutinizing it before we realized we weren't supposed to.
Turned out the change itself far exceeded the scope the template was approved for, was missing required supporting documentation, and so forth.
The engineer was hopping mad (still is) when we hit the "reject" button on it. She still doesn't realize that we could have reported her for falsification of record, I think.
We did bring it up with the coordinator, who promptly put the kibosh on all standard/template changes until proper controls can be implemented (i.e. peer review).
Now the engineer is even more mad at us... Of course, it doesn't seem to dawn on her that she brought this on herself.
As for non SMEs reviewing changes, that's often a real problem. In a previous job our changes had to be approved by close to 40 (!) people - about 50% of the entire IT-staff.
Just to prove the point I once wrote a change in such technical jargon that I was certain that I was the only one who could understand what I was even going to do.
Only one reviewer objected and demanded clarification.
Not long after that I wrote another change and deliberately added some PROD network devices in it that were managed by another team and that I was not allowed to touch.
As I expected, it sailed right through the CAB. Even the owners of those devices signed off. There was one reviewer who objected and refused to approve it: the same guy who had asked questions about my earlier change.
To this day I often sneak what I call a "control bug" into work that has to be peer-reviewed. Serious enough to cause harm, obvious enough that it is spotted easily, but obscure enough that anyone who rubber-stamps it will miss it.