Security is one of the reasons why we don't let all managers do permissions. We also do checks (such as IP address checks etc) that the dept. managers wouldn't be able to do. All permissions that have been requested since the departure of the previous AGM (Staff) have all been done within 24 hours and most cases they are done on the same day.
We are also wanting to put changes into the Staff AGM role like it was back in the day so it isn't just a permissions editor role as well.