Back to: Home arrow Review of Operations arrow Review of SAP's Group Operations arrow Risk Factors and Risk Management
Print

Other Operational Risks

  • We use many different measures to protect our intellectual property. For example, we apply for patents, we register trade, service, and other marks, we register copyright, and we implement procedures and processes to protect our trade secrets. We are also willing to enforce our intellectual property rights against third parties who we believe infringe our intellectual property rights. We impose appropriate provisions in our license and nondisclosure agreements. However, it cannot be ruled out that all measures to protect our innovations will be sufficient to prevent a third party from infringing SAP’s intellectual property rights. We could suffer damage caused by an infringement of our intellectual property rights that cannot be pursued effectively in the courts. For example, in some countries in which we market our software products the local laws and courts do not offer effective means to enforce our intellectual property rights.
  • Software in general includes many components or modules that provide different features and perform different functions. Some of these features or functions may have valid intellectual property rights attached to them. SAP respects the valid intellectual property rights of third parties. We have been issued patents under our patent program and have a number of patent applications pending for our innovations. Nevertheless, there can be no assurance that, in the future, patents of third parties will not preclude us from utilizing certain technologies in our products, or require us to enter into royalty and licensing arrangements on terms that are not favorable to SAP. Third parties have claimed, and may claim in the future, that we have infringed their intellectual property rights.
  • In 2007, a number of lawsuits were filed against SAP for alleged patent infringement. For more information about actions before the Court and claims brought against us, see     Note 24 in the Notes to the Consolidated Financial Statements section. We do not believe they will have any material adverse effect on our business, finances, income, or cash flow. However, any trial involves risk and potentially substantial legal costs. It is therefore impossible to exclude for certain the possibility that these cases could have a material adverse effect on our business, finances, income, or cash flow. The outcome of these actions currently before the courts cannot be predicted to any degree of certainty. We think it likely that SAP will increasingly be subject to such claims. The legal wrangling involved with a claim, with or without merit, can be time-consuming and often results in costly litigation. Moreover, such actions could result in product shipment delays, injunctions against the sale of our products or services, necessitate a complete or partial redesign of important products, and/or require us to enter into royalty or licensing agreements, which would significantly impair our results. Royalty or licensing agreements, if required, may not be available on terms acceptable to us.
  • As a software company, we attach great importance to protecting confidential information and intellectual property. There is a danger that someone might gain unauthorized access to our facilities and to sensitive material, and might use such material to SAP’s detriment. We have several physical and organizational barriers to such unauthorized access, such as multilevel access control, video surveillance at all key locations, and security personnel contractors. In our assessment, the risk of material impact on our business performance from compromised confidentiality arising out of unauthorized access is therefore low.
  • Our core processes (for example, application development, sales, customer support, and financial operations) are highly dependent on IT infrastructure (like networks and operating systems) and applications (such as SAP ERP or SAP Customer Relationship Management). Therefore, a secure and reliable IT operation is important for SAP’s business success. Outage of critical infrastructure can be triggered by problems like malware or virus attacks, sabotage by hackers, failures during change management (for example, operating system or application upgrade), serious natural disasters, or failure of underlying technology (such as the Internet). This could disrupt our systems/network or make it inaccessible to customers or suppliers. These incidents could lead to a substantial denial of service (unavailability), change (breach of integrity), or disclosure (breach of confidentiality) of SAP’s, our customers’, or our partners’ services or data, causing production downtime, recovery costs, and customer claims. Such incidents would significantly harm our business. However, a variety of defense mechanisms is in place that safeguard our IT infrastructure. Examples are state-of-the-art firewalls, anti-virus software, intrusion detection technology, and high availability landscapes – including the development and quality infrastructures. The IT processes are audited and successfully certified according to ISO 9001 (Quality System) and ISO 27001 (Information Security Management System). As a result, our main IT system enjoyed an average availability of 99.83% in 2007.
  • In the past, we have acquired companies, products, and technologies to expand our business. Such acquisitions are also planned for the future. In particular, our strategy for growth includes acquiring enterprises to specifically expand our product portfolio, such as the acquisition of OutlookSoft and Business Objects. In addition to risks in the categories already discussed, the risks commonly encountered in such transactions include the inability to successfully integrate the acquired business and the acquired technologies or products with our current products and technologies; a potential disruption of our ongoing business; the inability to retain key technical and managerial personnel; the assumption of material unknown liabilities of the acquired companies; the incurrence of debt or significant cash expenditure; a potential adverse impact on our relationships with partner companies, third-party providers of technology or products, or customers; and regulatory constraints. They could adversely affect our revenue and income. We counter these acquisition-related risks by means of many different methodological and organizational measures. These range from thorough technical, operational, financial, and legal due diligence checks on the company or assets to be acquired and a holistic evaluation of material transaction and integration risks before conclusion of any transaction to detailed, standardized integration planning and its execution by a dedicated integration team.
  • As a venture capital investor, in the past we acquired and expect in the future to continue to acquire equity interests in technology-related companies. Many of these enterprises currently generate net losses and require additional capital outlay from their investors. Changes to planned business operations may possibly affect the performance of companies in which SAP holds investments, and that could negatively affect the value of our investments. Moreover, under German tax law, capital losses and impairments of equity securities are not tax-deductible, which may negatively affect our effective tax rate. However, this risk is restricted due to the limited scope of our venture-capital activities, making a significant effect on planned results unlikely. This risk is mitigated through diversification of our portfolio and through active management of our investments.
Want to learn more?
Contact the SAP sales office nearest you.