Dionisio,
In my experience with Sarbanes-Oxley controls, the principle of one user ID per person per application is pretty common and often documented in the organization's IT security policies. One variation on that is that they might have one naming convention for external users and a different one for employees, so an individual might have had more than one ID during their history at the organization, but only one at a time. The scenario that you describe would be better using a solution such as GRC Emergency Access Management. If you presented that option to your internal auditors/ internal controls team, I think they would choose it.
Regards,
Gretchen