How to handle “Unauthorized Changes” in ITIL

I’m just curious as to how other organizations handle “unauthorized changes” in their IT environment. In my work environment, when we detect an “unauthorized change”, we just inform the employee that it was unauthorized and we ask for an explanation as to why he implemented the change without following standard ITIL procedures. We don’t have any penalties for committing unauthorized changes. In rare cases, we ask the employee to reverse the change that he made.

How does your organization deal with “unauthorized changes”?