Back to: Home arrow Review of Operations arrow Review of SAP's Group Operations arrow Risk Factors and Risk Management
Print

Project Risks

  • Implementation of SAP software is a process that often involves a significant commitment from our customers in terms of resources and is subject to a number of significant risks over which we have little or no control. Additionally, some projects are managed by third parties and we may have limited insight into factors such as implementation schedules, costs, and project issues. We cannot provide absolute assurances that protracted installation times will not continue, that shortages of trained consultants will not occur, or that the costs of installation projects will not exceed the fixed fees we charge in some of our customer projects. Unsuccessful customer implementations projects could result in claims from customers, harm SAP’s image, and cause a loss of future revenues. However, for various reasons we have been trending positively in this risk category for several years. A tangible adverse impact on SAP’s expected business and earnings from customer project risks is unlikely. On the one hand, our customers now increasingly follow modular project approaches to optimize their IT environment. They embark on sequentially integrated individual projects with a comparatively low risk profile to realize specific potential improvement instead of pursuing highly complex resource-intensive projects to implement an all embracing IT landscape. On the other hand, our projects use a risk management system that is seamlessly integrated into SAP project management methods and safeguards successful implementation with coordinated risk and quality management programs. Risk control and minimization in customer projects have thus been optimally integrated into our overall risk management system. Escalation expenses remain very low, although in 2007 they increased slightly when measured in relation to the growth of our business. The number of actions filed against us arising out of our regular operations once again remained unchanged in comparison with the preceding year. In our opinion, the remaining individual risks are adequately considered in our financial planning. In addition, we have provided adequate insurance coverage against a broad range of typical liability scenarios established on the basis of known project risks. In those cases where risks result from partner implementation, we mitigate risks through the sale of safeguarding services, inclusion of subject matter experts on partner-led projects and close relations with the partners in our Global Alliance program.

Product Risks

  • To achieve full customer acceptance, new products and product enhancements can require long development and testing periods. Such efforts are subject to multiple risks, for example, scheduled market launches can be delayed, market needs and requirements may not be entirely met, or products may not completely satisfy our stringent quality standards. Furthermore, new products and product enhancements may still contain undetected errors when they are first released. Our product innovation life-cycle process, which provides strict quality controls at various defined points, was implemented several years ago to counteract such risks. In addition, we work in close cooperation with early-stage customers to correct such errors in the first year following the introduction of a new software release. There can be no assurance, however, that all such errors can be corrected to customers’ full satisfaction. As a result, it is feasible that certain customers may bring claims in certain cases for cash refunds, damages, replacement software, or other concessions. SAP software products are chiefly used by customers in business-critical applications and processes. This raises the defined risk in the event of actual or alleged failures of our software products and services. Our contractual agreements generally contain provisions designed to limit SAP’s exposure to warranty-related risks. However, these provisions may not cover every eventuality or be entirely effective under applicable law. Such claims could adversely affect our assets, finances, income, and reputation. Nevertheless, we counter these risks with thorough project management, project monitoring, rigid and regular quality assurance measures certified according to ISO 9001, and program risk assessments during product development. The generally high quality of our products is confirmed by our low customer escalation handling expenses (as described in the Project Risks section), the low rate of litigation arising against us out of our regular operations, and our constantly high customer satisfaction ratings as measured by regular customer surveys. Therefore, we believe it is unlikely that our planned results will be significantly impaired by product defect claims from SAP customers.
  • Our products include security features that are intended to protect the privacy and integrity of customer data. However, information systems and software applications are increasingly coming under attack for reasons ranging from criminal intent to personal financial gain. At the same time, an increasing number of applications are offered and supplied over the Internet to simplify cross company processes. Despite our security features, SAP products may be vulnerable to attacks and similar problems may be caused by attackers such as hackers bypassing the security precautions of our customers and misappropriating confidential information. Attacks by criminally motivated hackers or similar disruptions could jeopardize the security of information stored in and transmitted through the computer systems of our customers and lead to claims for damages against us from customers. We counter this risk with a multilevel approach. First, our development process includes measures for preventing security problems, which are subject to multiple control checks prior to product delivery. Secondly, all our applications are supplied with a security guideline intended to enable optimum integration into our customers’ existing security architecture utilizing the safety functions delivered by SAP with the product. We have a specifically dedicated product security team that is responsible for this. However, in the unlikely event that any security problems are identified in SAP software, customers are provided with help to rectify the situation as quickly as possible. Despite the fact that SAP performs extensive security tests and our products have not been significantly exposed to major security attacks so far, it cannot be ruled out that we are exposed to such attacks.
  • We have taken numerous third-party technologies under license and incorporated them into our portfolio of products. It cannot be ruled out that the licenses for certain third-party technologies will not be terminated against our interests or that we will not be able to favorably license third-party software for our products. This could lead to short-term replacement problems and to significantly higher development expenses. The risk increases if we acquire a company or a company’s intellectual property assets that have been subject to third-party technology licensing and product standards less rigorous than our own. Overall, in our assessment this risk is low. However, we cannot exclude the possibility that our business performance might be adversely affected specifically by a product from a business we acquire.
  • A key component of our strategy for a broad adoption of the SAP NetWeaver technology platform is offering it to certified independent software vendors (ISVs) to develop their own business applications. To the extent that SAP cannot attract a sufficient number of capable ISVs delivering high-quality solutions based on the platform, the desired market penetration of SAP NetWeaver may not be achieved. Any ISV-developed solutions displaying significant errors may reflect negatively on our reputation and thus indirectly impede our own business operations. In addition, as with any open platform design, the greater flexibility provided to customers to use data generated by non-SAP software might reduce customer demand to select and use certain SAP software products. To counter this risk, we have established a thorough certification process for all third-party vendors designed to ensure that they deliver consistently high quality. In our current assessment, which is based on our experience of having successfully certified more than 2,000 third-party solutions built on SAP NetWeaver, the risk of an adverse effect on our business is low.
Want to learn more?
Contact the SAP sales office nearest you.