Meeting EPC requirements while reducing risk from third-party vendors

Risk management is a concern for every company. But for engineering, procurement and construction, or EPC, contractors, it's a part of life. Due to the nature of the work, EPC contractors often bear the brunt of any liability issues that may arise on a property or construction site.

However, risk isn't limited to the worksite. Much of the work EPC contractors do involves third-party technology vendors, so understanding vendor risk management is also critical. To mitigate that risk, it helps to create EPC requirements and guidelines to reduce potential issues.

If you're an EPC contractor, here are some areas you can look to reduce your vendor management risk from third-party technology providers.

EPC contracts and liability

An EPC contract is the most common type of agreement for these projects. It helps protect the EPC contractor from liability, but there are still risks.

As you start the negotiation process with your clients, you'll want to cover a handful of major components in your contract, such as:

• The agreed-upon project completion date
• The price for the contract or project
• The addition of any limitation of liability provisions
• Any caps on liability
• The point of contact and the preferred way of communication
• Any existing predetermined performance guarantees that are set along a specific timeline

Because these projects are typically more complex and involved than traditional construction projects, they come with a higher chance of both risk and liability issues.

As you're negotiating your contracts with clients, make sure you have provisions that clearly lay out the potential risks, who's responsible for potential liabilities and how mistakes will be remedied. In addition, make sure everyone is on the same page with communication.

Common risks to consider with third-party vendors

Technology has helped an increasing number of companies find better solutions for jobs and workflow. However, that also means there's the potential for third-party vendor risk. EPC contractors, who already deal with more risk on the job, must pay attention to the potential red flags and know what pitfalls to avoid.

Some of the main potential vendor risks EPC contractors should watch out for include:

• Compliance risk: This is when a vendor isn't complying with local, state or federal regulations that you must follow to conduct your business.
• Operational risk: In this case, your vendor could end up hindering or hurting your ability to deliver as promised, compromising your contract and potentially leaving you liable.
• Security risk: There's always the potential for data breaches when using third-party vendors. Sensitive information getting out could disrupt your project and hurt your business.
• Reputational risk: If a vendor's poor performance damages your reputation, your business could suffer.

How to reduce vendor risk

To help reduce some of these risks, consider creating a series of guidelines for EPC requirements for third-party vendors. Knowing your main risk points and having a series of questions to ask vendors can help you remove those that aren't up to your standards.

Here are a few questions you might want to consider as you start preparing your due diligence:

• Do you have cyber liability insurance?
• What security measures do you have in place for threats and vulnerabilities?
• How are any incidents reported to your clients?
• What other clients have you worked with in this industry?
• Can you meet specific regulatory requirements for this industry?
• Can we review a copy of your service level agreement, and can it be adjusted or modified for our projects?
• What is your process for terminating the relationship?

These aren't the only questions you can ask—you'll likely have some based on specific projects or industry knowledge. But these questions can help you get started before you get into negotiations or sign any contracts.

As an EPC contractor, risk is generally unavoidable. However, you don't have to be the one who has to bear the weight of all the risks associated with your projects. Knowing what to ask and what to look out for with your vendors and clients can help clarify your role, keep risk to a minimum and reduce potential issues down the road.