Zepth Vector · Procurement

Vendor Management

Prequalification is a snapshot. Vendor risk is a movie.

Last updated

Zepth Vector module

Vendor Management

AI agent built into the module
One vendor masterExpiry-tracked compliancePerformance from live recordsEnforced status at shortlisting

70%

of general contractors report rising subcontractor distress — with roughly half suffering project disruption from a default

AGC / FMI Surety Bonding & Risk Management survey

17–18%

of all UK company insolvencies are construction — persistently the highest-insolvency sector

UK Insolvency Service statistics

Specialist trade subcontractors are worst hit. US business-survival data tells the same story from a different angle.

~50%

of construction fraud cases involve corruption — kickbacks, bribes, related-party dealing

ACFE, Report to the Nations

Which is why a vendor master needs ownership declarations and cross-checks, not just a trade licence on file.

~30%

of duplicate payments trace back to duplicate vendor records

Recovery-audit industry data

Industry data from recovery auditors rather than neutral research, and attributed as such. Master-data hygiene is risk management wearing an admin costume.

Overview

Vendor management is the lifecycle discipline behind every award: registering, prequalifying, scoring and monitoring the suppliers and subcontractors a contractor depends on.

Its central problem is time. Prequalification is a snapshot — but vendor risk is a movie, and the subcontractor who passed every check fourteen months ago can be insolvent today.

Why vendor management is critical

The downside is priced, and it is not small. Surety industry data puts the cost of a subcontractor default at 1.5 to 3 times the original subcontract value, once completion costs, delay and re-procurement have all landed. In a recent AGC/FMI survey, 70% of general contractors reported rising subcontractor distress, with roughly half suffering project disruption from an actual default.

The macro picture explains why. Construction is persistently the highest-insolvency sector in every economy that publishes the data — in the UK, around 17–18% of all company insolvencies, with specialist trade subcontractors worst hit. This is not a bad year. It is the shape of the industry.

And the cascade risk is the lesson of the last decade’s collapses. When a major contractor fails — Carillion, ISG — owing very large sums to its supply chain, the secondary insolvencies ripple outward through everybody’s approved vendor list at once. Capacity vanishes at exactly the moment re-tendering demands it, and the firms you would have turned to are the firms that were owed the money.

The fraud angle is quietly procurement-shaped too. Corruption — kickbacks, bribes, related-party dealing — features in roughly half of construction fraud cases. Which is why a vendor master needs ownership declarations and cross-checks against your own employee records, and not merely a trade licence scanned into a folder.

The role of vendor management in performance

  • Prequalification checks capacity, not just paperwork. Financials, licences, HSE history, current workload, bonding capacity — the questions that actually predict whether the work gets delivered. In the Gulf, add the regulatory layer: a valid trade licence with the correct activity codes, municipal classification grades, and ICV certificates, which carry a 14-month validity tied to audited financials. Track those expiries exactly as you track insurance, because working with a lapsed licence can invalidate the contract you are relying on.

  • The loop that is almost always broken: scores feeding awards. Most contractors score vendors at closeout, if at all, file the score, and then the next tender committee never sees it. The performance system only works if the enquiry workflow surfaces prior scores and active suspensions at the moment of shortlisting — in the screen, in front of the people deciding. A rating nobody consults at award time is not a control. It is a diary.

  • Distress monitoring beats annual refresh. The prequalified-then-collapsed pattern is well documented: major failures have passed framework checks weeks before their insolvency. An annual refresh cannot catch that, because the information it needs did not exist a year ago. Continuous triggers can: payment-application slowdowns, labour thinning on site, sub-tier suppliers calling you about unpaid bills, insurances lapsing, a bank declining to renew a bond. Every one of those signals already exists somewhere in your project data. The trick is having systems connected enough to read them together.

  • Duplicate vendor records mask risk. “ABC Electromechanical LLC” and “ABC Electro Mech” are the same company and two records. Between them they split the performance history, dodge the suspension, understate your concentration exposure — and drive duplicate payments: recovery-audit data traces roughly 30% of duplicates to duplicate vendor records. Sometimes the second registration is innocent. Sometimes it is not. Either way, master-data hygiene is risk management wearing an admin costume.

  • Blacklisting needs due process. Distinguish a time-boxed, cause-coded suspension with a review date from permanent removal. Document the cause. Ad-hoc blacklisting creates legal exposure, and it quietly shrinks the bidder pool that your pricing depends on — which means the punishment lands partly on you, some months later, in a tender you did not connect to the decision.

  • Concentration is a project-level number. One MEP subcontractor carrying 40% of a project’s subcontract value — or holding five live packages across your portfolio — is an exposure that no company-level score will ever reveal. A vendor can be excellent and still be too much of your risk. Measure concentration where it actually bites: per project, and across the portfolio.

What happens without vendor discipline

Weak prequalification, so a distressed subcontractor wins on lowest price — and the price was low precisely because they were distressed. They default mid-structure. The replacement costs up to triple the money, plus months of delay, plus your own liquidated-damages exposure upstream.

Fragmented records, so a suspended vendor is re-awarded under its second spelling, by people who genuinely did not know.

No expiry tracking, so a subcontractor is on site with lapsed insurance on the day of the incident — and the uninsured claim lands on the main contractor, which is to say on you.

And scores never consulted, so the same underperformer wins again. Not because anybody defended them. Because price was the only data on the table.

How Zepth runs vendor management

One vendor master across every project: registration, prequalification documents with expiry alerts, categories and ratings, and a performance history fed by live project records — purchase orders, deliveries, inspections, NCRs, payment behaviour — rather than by recollection at closeout.

Status controls that the tendering workflow actually enforces: active, suspended, blacklisted, with cause and review date. The suspension is not a note in a file; it is a gate at shortlisting.

And concentration and exposure visible per vendor across the portfolio — because the question that matters is rarely “is this vendor good?” It is “how much of us are they carrying?”

The value

Why it matters

The vendor score reaches the people making the award — which is the only moment it can change anything.

Distress surfaces sixty days early, while it is still a conversation rather than a claim.

Duplicate records are caught at registration, so a suspension cannot be dodged with a second spelling.

Concentration is visible per project and across the portfolio, so “excellent vendor” and “too much of our risk” stop being the same answer.

Capabilities

What you can do

01

One vendor master

Across every project, with fuzzy-matched duplicate detection at registration — names, licences, bank accounts, directors.

02

Expiry-tracked compliance

Trade licences and activity codes, classification grades, ICV certificates, insurance and bonding — alerted before they lapse, not after the incident.

03

Performance from live records

Quality, delivery, commercial and HSE dimensions fed by POs, deliveries, inspections, NCRs and payment behaviour — not by committee recollection.

04

Enforced status at shortlisting

Active, suspended, blacklisted — with cause and review date, enforced by the tendering workflow rather than remembered by a person.

05

Distress signals, correlated

Payment slowdowns, thinning labour, sub-tier supplier contact, lapsing insurance, refused bond renewals — read together, per subcontractor.

06

Concentration exposure

Per project and across the portfolio, because a vendor can be excellent and still be too much of your risk.

The workflow

How it actually runs

  1. 1

    Register under control

    Documents, ownership declarations and bank details verified at onboarding — with the ownership declaration cross-checked against your own employee records, because related-party dealing is half the fraud picture.

  2. 2

    Prequalify on capacity

    Financials, licences and classification grades, insurance and bonding, HSE history, current workload. Graded, categorised, and expiry-dated — ICV certificates included.

  3. 3

    Score during delivery, not at closeout

    Quality, delivery, commercial behaviour and HSE — captured from live project records as the work happens. A score reconstructed at closeout is a memory, and memories are kind to people who were pleasant.

  4. 4

    Monitor continuously

    Expiries, distress signals, concentration exposure — on triggers rather than anniversaries. The subcontractor who passed last year’s check is not the subject; the one who is failing this month is.

  5. 5

    Surface it at award

    Scores, active suspensions and current exposure in the shortlisting screen. This is the step that makes every other step worth doing.

  6. 6

    Curate the list

    Suspensions with cause and review date. An approved vendor list should be actively curated, not archaeologically accumulated.

AI that does the work

How AI changes Vendor Management management.

Distress radar.

Payment patterns, site records and compliance signals correlated per subcontractor — so the default pattern surfaces sixty days earlier, while intervention is still a conversation rather than a claim and a re-tender.

Duplicate detection.

Fuzzy matching across names, licences, bank accounts and directors — catching the second spelling at registration. And related-party overlaps against your own employee records flagged for review, because corruption is half the construction fraud picture.

Score assembly.

Performance ratings drafted from what actually happened — first-time pass rates, delivery discrepancies, NCR counts, payment disputes — rather than from what the committee remembers about a subcontractor who was easy to deal with.

Award-time briefings.

“This bidder: score history, open NCRs, current exposure across three projects, licence expires in 40 days.” In the shortlisting screen, at the moment of the decision — not in a filing cabinet, after it.

The engineer’s judgment stays in charge; the AI removes the latency and the blind spots.

Best practices

  • Surface the score at shortlisting, not at closeout. A performance rating nobody consults when the award is being made is a diary, not a control — and the same underperformer will win again on price.
  • Monitor on triggers, not anniversaries. Firms have passed framework prequalification weeks before their insolvency; an annual refresh is structurally incapable of catching that.
  • Fuzzy-match your vendor master. “ABC Electromechanical LLC” and “ABC Electro Mech” split the history, dodge the suspension, hide the concentration, and pay the invoice twice.
  • Suspend with a cause and a review date. Ad-hoc blacklisting creates legal exposure and shrinks the bidder pool your own pricing depends on — you will pay for it later, in a tender nobody connects to the decision.

Dashboards & reporting

The vendor master with compliance expiries, performance scores by dimension, and status with cause and review date. Distress indicators trended per subcontractor. Concentration exposure per project and across the portfolio. And the award-time view — which is the only report on this page that changes an outcome, because it arrives before the decision instead of after it.

Live dashboards
Drill-down & filters
Export to Excel / PDF
FAQ

Common questions

What should vendor prequalification check?

Financial capacity, licences and registrations — in the Gulf, trade-licence activity codes, municipal classification grades and ICV certification — insurance and bonding, HSE history, current workload, and references. Graded and expiry-dated, then refreshed on triggers rather than only on anniversaries.

Read the full answer
How should subcontractor performance be scored?

Across quality, delivery, commercial behaviour and HSE — from live project records rather than closeout recollection. And, critically, surfaced at the next shortlisting. A score nobody sees at award time changes precisely nothing.

What is the difference between suspension and blacklisting?

Suspension is time-boxed and cause-coded, with a review date. Blacklisting is removal. Both need documented cause and due process — for fairness, for legal safety, and to protect the bidder pool that your own pricing quietly depends on.

How much does a subcontractor default cost?

Surety data puts it at 1.5 to 3 times the original subcontract value once completion, delay and re-procurement costs have landed — and that is before the liquidated-damages exposure you carry upstream.

Read the full answer
How do you spot a distressed subcontractor before they default?

Slowing payment applications. Thinning labour. Sub-tier suppliers contacting you about unpaid bills. Requests for advances. Lapsing insurance. A refused bond renewal. Every signal already lives in your project data — the trick is reading them together rather than one at a time, by four different people who never compare notes.

Read the full answer
How do duplicate vendor records happen, and why do they matter?

Re-registration under a name variant — sometimes innocent, sometimes deliberate. They fragment the performance history, evade suspensions, hide concentration exposure, and drive duplicate payments: recovery-audit data traces around 30% of duplicates back to them. Fuzzy-matched master data is the fix, and it is cheap.

Read the full answer

Sources

  • Surety & Fidelity Association / NASBP — subcontractor default cost multiples
  • AGC / FMI — Surety Bonding & Risk Management survey (rising subcontractor distress)
  • UK Insolvency Service — sector insolvency statistics (construction as the highest-insolvency sector)
  • ACFE — Report to the Nations (corruption as a share of construction fraud cases)
  • MOIAT — ICV certification rules (validity tied to audited financials)
  • Recovery-audit industry data on duplicate payments traced to duplicate vendor records. Industry data rather than neutral research, and attributed as such.
  • Carillion and ISG are referenced as factual events in support of the supply-chain cascade point.

Terms defined here

Zepth is the construction project delivery platform — it runs construction, procurement and asset management on one record, and does the work: reading the drawings, reviewing the submittals, matching the invoices and flagging the risks, with a human sign-off on anything consequential.

See it on your project.

A short, tailored walkthrough on your real workflow — no generic demo.