First of all, thanks for your all your comments.
It is not really about whether trusting users or not, but the difficulty of defining proper permissions for all users.
The main issue in our system is the complexity... too many processes, badly documented, and many of them based on custom transactions.
We are trying to organize and simplify this landscape but it is like fixing up a running train... packed with users, by the way. Monitoring this mess, at this time, is a nightmare. We have the Security Audit Log running and besides some critical actions (like debugging), it is really hard, and time consuming, to track "bad" behaviours.
Actually, we have GRC licensed, and we are planning to use it once we have processes and step processes (permissions) identified, and everything better planned and documented. That is the expensive part.
Anyway, if we decide, for the sake of traceability, using two user IDs for employees with superuser permissions. What problem you think could arise?
Best regards
dionisio