The Approval Chain With a Broken Link

The steel was on site. The crew was booked. The concrete pump had a delivery window that would not wait. And the only thing standing between a hospital wing and its next structural pour was a single signature — from the one person authorized to give it, who was somewhere over the Atlantic with three more days of leave ahead of them.
Every day that pour waited cost money nobody had planned for: idle crew, a rescheduled pump, a slipped inspection date that cascaded into the next trade. By the time the approval finally landed, the project had lost the better part of a week. Not because anyone made a bad decision — because the chain of decisions had exactly one link, and that link had gone quiet. Here is the uncomfortable part: your approval workflow almost certainly has the same broken link, and you will not find it until the wrong person is unreachable at the wrong moment.
One name is not a workflow
In healthcare construction the stakes are unusually high. A clinical stakeholder signs off on infection-control measures. A facilities lead approves shutdowns. A compliance officer clears anything that touches a regulated space. These are real approvals that should exist. The failure is not that the approval is required — it is that it routes to a single named human with no backup, no visible queue, and no clock. When that human is in surgery, on leave, or simply buried, the build stops, and nobody upstream can even see why.
The reason this hides so well is that it works, right up until it does not. Ninety-five days out of a hundred, the approver is at their desk and signs within the hour. The system feels fine. Then day ninety-six arrives, the approver is gone, and a forty-thousand-dollar-a-day site sits idle waiting on a decision that any of three qualified people could have made — if the workflow had let them.
The single approver. One name, no backup. The moment that person is unavailable, the work stops and there is no defined path around them.
The invisible queue. The request lands in an inbox, not a tracked queue. Nobody but the approver knows it is waiting, so nobody upstream can escalate it.
The silent clock. There is no expectation of how long an approval should take. One that should clear in a day and one that has been stuck for eleven look identical from the outside.
The undocumented delegation. Someone verbally covers for the approver and signs off in a hallway. The decision happens but never makes it into the record, so the approval can no longer be proven.
Notice that only the first of those is about the person being away. The other three are about visibility — and visibility is the part you actually control.
Build the chain to survive its weakest link
A resilient approval chain does not assume the approver is available; it assumes they are not, and still moves. That means three things. Every approval role has at least two authorized people, not one. Every pending request sits in a queue that everyone can see, with a timestamp and an owner. And every request carries an escalation rule that fires automatically when the clock runs out, so a stalled approval routes itself to the backup instead of waiting to be noticed. When the decision is finally made, it is captured against the request — who approved, when, on what basis — so the hallway sign-off becomes a record instead of a rumor.
This is exactly the chaos we built XNM-VISION to end: approvals that live in one visible queue, with delegation and an audit trail, instead of scattered across inboxes and memories. But even if you never touch our software, the rule stands on its own. If any approval in your project depends on exactly one reachable human, you do not have a workflow — you have a single point of failure wearing a lanyard.
The next time a build waits on a signature, ask two questions: how many people could have signed, and could anyone upstream even see it waiting? More field stories on approvals and workflow are published every week on the XNM blog.


