[redshirtrob]

This. Even if you work in a small shop, SOC 2 Type II Security is starting to become table stakes for any kind of formal business arrangement. This means you have a formal Change Management process which includes peer review and peer testing.

If you push your code and ask forgiveness in this environment you're risking your company's SOC2 compliance. The auditors are not going to care about the business impact. Their priority is to make sure you're following the process you wrote.

At best you'll get an exception for that control. At worst you'll get a Qualified Opinion. I would not want to be the developer who violated controls and caused the auditors to render a Qualified Opinion. In that case the management response will likely indicate you've been sacked.

Peer review is a good thing. Mature organizations have been doing it forever. It was already endemic at my first real job in '98. We're finally seeing that discipline forced on the industry from the outside. By and large we haven't done a good enough job ourselves so now the AICPA is involved. Get used to it.