AbstractThis paper aims to propose a methodology for conducting third-party risk-based due diligence in an engineering and construction company. A case study presents the methodology for a multinational firm. Due diligence is necessary and often mandatory, depending on the client or project. It protects a company in case of an ill-intentioned third party conducting misconduct while under contract or relationship with the company, but has been overlooked in many industries, resulting in ethics- and compliance-related misconduct. This study reveals that risk-based due diligence methodology has been widely applied and discussed by brokers and accountants, but that no research has verified whether the methodology applies to the construction and engineering industry. The case study also highlights the importance of knowing and understanding the company’s business model, its appetite for risk, and its global interactions within its industry. The proposed methodology enables risk assessment and due diligence covering integrity-related risks among third parties. By adapting the model to their reality, construction and engineering companies manage third parties’ risks related to corruption and bribery, antitrust and competition, human rights, conflicts of interest, and compliance with regulations. The expected result of the methodology is a risk-tailored and resource-efficient process for conducting third-party due diligence in the construction and engineering industry.