You don't know who you actually depend on.
Thinking formed in practice, published as part of the Bearing & Course Points of View library.
Manufacturing is one of the few environments where supply chain failure is immediately and undeniably visible. A software programme that drifts can be quietly managed for months. A production line that stops because a single component cannot be delivered stops in front of everyone: customers, investors, the market. The consequences are not deferred. They arrive on the factory floor, and they arrive fast.
That visibility makes manufacturing the most useful lens for a problem that exists across every sector but is most honestly confronted here. Most organisations do not know who they actually depend on. They know their tier one suppliers. They have contracts with them, performance frameworks, audit rights, relationship managers. What sits behind those suppliers, the tier two and tier three organisations whose output flows forward through the supply chain, is largely unknown. Not because organisations have chosen to ignore it, but because the question of what sits behind a trusted supplier has rarely been asked with any rigour.
The component that stops the line was not made by the supplier you have a relationship with.
The pattern I have encountered consistently, across organisations of considerable size and sophistication, is one of assumed trust compounding through layers. A manufacturer trusts its tier one supplier because it has audited them, visited their facilities and reviewed their quality systems. The tier one supplier trusts its own suppliers because it has its own processes for assessing them. And so on, down through layers that the original manufacturer has never seen, never assessed and often cannot name.
This became visible during the pandemic in ways that were genuinely surprising to many organisations that considered themselves well-prepared. Supply chains that appeared robust turned out to be dependent on single points of production several layers deep. Semiconductor shortages that shut down automotive production lines were not caused by the direct suppliers failing. They were caused by the suppliers of components that went into those semiconductors, made by organisations that most automotive manufacturers had never heard of, in geographies they had not considered in their risk assessments.
Most supply chain risk frameworks are designed to assess the supplier relationship, not the supply chain. They ask whether the organisation we are buying from is financially stable, operationally capable and contractually compliant. They do not systematically ask what that organisation depends on, whether those dependencies are single-sourced, and what happens to the product we receive if any of them fail.
Most continuity plans assume the tier one supplier holds. They do not model what happens when it does not.
A production manager whose line has stopped does not need a risk register that correctly identified the category of risk. They need an alternative source of the component, a clear understanding of lead times, and some confidence about when production can resume. Those answers require knowledge of the supply chain that most organisations have not built.
The investment required to close this gap is not as significant as the gap itself suggests. Mapping supply chains beyond tier one is not technically complex. It requires asking the right questions of existing suppliers, conducting structured assessments of what sits behind the direct relationship, and building the kind of picture that allows genuine risk decisions to be made.
What it requires above all is a decision that this knowledge matters. In most organisations, that decision has not been made. Supply chain trust has been treated as a property of the direct relationship rather than a characteristic of the whole system. That assumption has been shown repeatedly to be wrong, and the cost of discovering it tends to be borne at the worst possible moment.
Supply chain trust is not a property of the contract at the top. It is a property of the whole system. Most organisations have never looked at the whole system.