Risk Management
In German stock-corporation and commercial law, there are special requirements for internal risk management that apply to SAP. Our global risk management system therefore supports risk planning, identification, analysis, hand - ling, and resolution. We also create standard documentation of all our internal control mechanisms and continually evaluate their effectiveness.
As an issuer on the NYSE, SAP is also required to adhere to requirements under the U.S. Sarbanes-Oxley Act. In 2006, we embarked for the first time on an assessment of our internal control structure for financial reporting in accordance with the complex requirements defined by the Sarbanes-Oxley Act, section 404, and we repeated the exercise in 2007.
The auditor for the SAP Group, KPMG Deutsche Treuhand-Gesellschaft Aktiengesellschaft Wirtschaftsprüfungsgesellschaft is auditing the Executive Board’s assessment of the effectiveness of the Company’s internal control over financial reporting as well as the effectiveness of that control on December 31, 2007. The audit hat not found any indication by March 19, 2008, that it was not effective on December 31, 2007.
The management of SAP’s subsidiaries uses our internal certification system to confirm, among other things, the accuracy of its financial reporting. In particular, it confirms that, in all key areas, the financial data appropriately reflects the assets, finances, income, and cash flows of the units in the reports. SAP must also confirm that the management of each unit has verified its own disclosure controls and procedures and found that they were working at the end of the reporting period in question. This confirmation – in addition to the confirmation of adequate procedures from Executive Board members and regional management – forms the basis for the certifications that, according to the Sarbanes-Oxley Act, the CEO and CFO must sign and submit to the U.S. Securities and Exchange Commission (SEC) along with the Form 20-F annual report. In the certifications, SAP’s CEO and CFO confirm that the details in Form 20-F are correct and that SAP’s financial statements appropriately reflect SAP’s assets, finances, and income in all key areas. They also confirm that the functioning of the disclosure controls and procedures was evaluated and that Form 20-F reports on the outcome of this evaluation and on any significant changes to it. These processes are supported by a software product that SAP developed for that purpose, the management of internal controls (MIC) tool. Another control mechanism deployed at SAP besides the processes described above is standardized reporting across the Group. The internal audit service, the Disclosure Committee, and the Supervisory Board are also closely involved in risk management.
The Disclosure Committee comprises the CEO, the CFO, and six more members. It met nine times in 2007. It has a duty to support the internal control procedures for financial reporting and in particular to deliberate on disclosure requirements and disclosures relating to the occurrence of material events of significance for the financial markets. In addition, the Disclosure Committee discusses the content and scope of the Company’s ad-hoc disclosures (current reports) required by law, press statements, and regular reports. These include the annual report, the annual report on Form 20-F, and the quarterly press statements and reports.
|
Want to learn more? Contact the SAP sales office nearest you. |
|