In a number of previous lives, I've had to write and manage change control processes. The first thing I try to make the PHBs understand is that there really isn't a "one size fits all" option, you need different processes for "if this doesn't happen now, the live system is bust" to "we would quite like this expensive brand new functionality". Obviously in the first case you need to just have some form of sanity check then one responsible person sign it off, in the second case you need to go through full impact assessment (both positive & negative), costings, & consultation with various stakeholders.
At one organisation we ended up having 3 levels of change request process as we were working on a (broken) inherited system that needed immediate bug fixes to the live system, plus urgent functionality changes, and the replacement system being built from scratch.
I would tend to find the best cure for unnecessary scope creep would be the results of a proper impact assessment; "if you want this change it will cost you £mega, and put the whole thing back at least 6 months" can mean something that was absolutely critical suddenly becomes something they can easily do without.