In fact, one friend of mine is a sysadmin in a finance company, and there are policies in place explicitly forbidding the use of CPAN modules.
We have a ban on modules we can't receive from Debian's package manager, so I take the CPAN module and drop it into my project. Now it's no longer a CPAN module :) I work on projects used internally, so the license is not an issue.
This way, we test against the same version of the module that ends up being used. It also gives us the ability to make and track changes to it, if need be.