SAP Launches Governance, Risk and Compliance Management Business Unit to Lead New, Emerging Market

ORLANDO, Fla., May 17 /PRNewswire-FirstCall/ -- SAP AG (NYSE: SAP) today announced the creation of a new business unit to empower customers with end-to-end solutions for governance, risk management and compliance (GRC), offering a holistic alternative to the fragmented GRC point solutions available in the market. With the aim of helping companies make GRC an integral part of their business and IT strategies, the dedicated unit leverages SAP's deep expertise and existing software for wide-reaching compliance requirements such as the Sarbanes-Oxley Act (SOX) in the United States; applications such as SAP(R) Global Trade Services to help companies across diverse industries manage international trade compliance challenges; and solutions for distinct industry demands including emissions standards in chemicals and utilities sectors, FDA requirements for pharmaceutical companies and Basel II for the banking sector.

Building on this rich portfolio of horizontal and industry-specific compliance software, the now completed acquisition of Virsa Systems, Inc. boosts SAP's leading position in the rapidly emerging GRC market. After nine months of planning its go-to-market strategy and product road map for a comprehensive GRC portfolio, SAP unveiled the Governance, Risk and Compliance Management business unit at SAPPHIRE(R) '06, SAP's international customer conference, being held in Orlando, Florida, May 16-18.

SAP has long recognized the growing role of enterprise systems in assisting companies to meet the increasing challenges of corporate compliance and risk management. Customers are looking for powerful compliance solutions that work across heterogeneous IT environments to reduce risk and cost as well as provide improved business control. By embedding compliance into business processes, SAP is making compliance repeatable, sustainable and less costly for companies of all sizes in all industry segments.

"As spending accelerates in specific functional areas that are of critical interest to SAP's customers and prospects, the company will most likely fold in partner products to provide a broader application footprint," said John Hagerty, vice president and research fellow, AMR Research. "The Virsa acquisition enriches SAP's GRC position, but it is not the answer to all compliance concerns. It is, however, a solid foundation for future growth."(1)

Emerging as a Leader in GRC

In today's highly regulated environment, companies are increasingly pressured by governance, risk and compliance concerns while at the same time needing to drive business performance, predictability and stakeholder confidence. The current approach to managing GRC is marked by two sets of problems: highly fragmented business processes and systems that compound the cost of managing risk and compliance; and little or no investment in identifying and mapping out a phased approach to comprehensive GRC management. Underlying these issues is the inherent risk in strategically coordinating and managing a wide range of IT infrastructure that directly supports the processes and systems in the GRC business environment. Organizations are deprived of a powerful tool for controlling and addressing risk effectively, while at the same time they are shifting investments and resources to non-revenue generating activities.

"Enterprise risk management, beyond Sarbanes-Oxley, is being addressed at CA with the implementation of solutions from SAP, Virsa and CA," said Kevin Kern, chief information officer at CA. "We see clear business value in an enterprise-wide interlock between core business processes and managing GRC. Building confidence with the investment community and stakeholders is correlated to leveraging not only a detective but also a preventative control framework that increases predictability and visibility to our business. We applaud SAP in taking on this new challenge and we look forward to collaborating in this initiative."

For additional companies commenting on today's announcement, see the related addendum quote sheet, available at http://www.sap.com/press.

The Benefits of a Holistic GRC Framework

Each organization must chart its own course to embrace a GRC framework, weighing critical business requirements with organizational GRC maturity and top-level commitment. Companies may choose to start by identifying one or two high-priority risk areas and initiate a business-specific or initiative-driven deployment of GRC applications. These early successes will help drive the value of a comprehensive GRC strategy and will provide a reusable and sustainable model for controlling and addressing future governance, risk and compliance areas.

"Companies will spend at least 27 billion dollars on addressing tactical compliance issues in 2006 alone, yet even with this investment they will remain vulnerable to risks and burdened with high costs," said Henning Kagermann, CEO of SAP AG. "SAP and its partners are stepping up to the challenge by helping companies take control of governance, risk and compliance issues and ultimately leveraging this capability as a competitive advantage. We will achieve this vision by delivering an integrated and heterogeneous GRC foundation for customers to adopt in a pragmatic approach, leveraging existing IT investments in SAP software and other technologies. We are energized by this opportunity and excited to make such a significant impact."

  Specific benefits from a comprehensive GRC approach include:

  -- Increased shareholder value:  Good governance -- reflected in many
     intangibles, including brand, culture and reputation -- can have
     favorable impact on share price premiums
  -- Optimized risk/return portfolios:  Achieved with transparency and
     insight for selecting (and rejecting) projects based on risk impact and
     probability relative to potential return
  -- Reduced GRC costs:  Significantly cuts down the resources required to
     control and address risk, ensure compliance and maintain effective
     governance
  -- Improved business performance and predictability:  Delivers
     comprehensive visibility, a systematic process for anticipating and
     controlling risks and the tools to proactively determine proper actions
     and critical tasks
  -- Business sustainability:  Delivered through software automation,
     analytics and alerts,  visibility to risk interdependencies for
     improved control and repeatable, cost-effective GRC solutions
  -- Business agility:  By empowering decision-makers to identify and assess
     alternative what-if and future scenarios, GRC leads to greater business
     agility and competitiveness
  -- Intelligent IT risk management:  Delivered through an intelligent
     network infrastructure that can provide IT risk management information
     and controls at high speeds throughout the enterprise

"General Mills uses SAP as the global platform for integrated transaction processing and segregation of duties in ensuring SOX compliance in the area of information systems," said Michael Carr, director of Information Systems for General Mills. "Software and business processes that streamline and advance a company's risk management and compliance capabilities are critical aspects of corporate governance. SAP tools that deliver an integrated solution across the enterprise are an important and welcome new advance in this important area."

Virsa Acquisition Demonstrates SAP Commitment to Compliance Market

Key to early success of the GRC business unit is SAP's continued momentum and investment in helping customers solve critical compliance pain points and the acquisition of SAP partner Virsa Systems (see April 3, 2006 press release titled, "SAP Strengthens Leadership in Compliance Solutions with Acquisition of Virsa"). The acquisition, which was officially completed on May 12, 2006, reflects SAP's commitment and investment in the GRC category. Virsa's nearly 250 employees are now part of the GRC business unit, providing talent, domain expertise, intellectual capital and experience to add immediate value for many SAP customers.

  (1)  John Hagerty, AMR Research, "SAP Snaps Up Virsa Systems To Enhance
       Compliance Story," April 3, 2006.

  About SAP

SAP is the world's leading provider of business software*. Today, more than 33,200 customers in more than 120 countries run SAP(R) applications-from distinct solutions addressing the needs of small and midsize enterprises to suite offerings for global organizations. Powered by the SAP NetWeaver(R) platform to drive innovation and enable business change, SAP software helps enterprises of all sizes around the world improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP solution portfolios support the unique business processes of more than 25 industries, including high tech, retail, financial services, healthcare and the public sector. With subsidiaries in more than 50 countries, the company is listed on several exchanges, including the Frankfurt stock exchange and NYSE under the symbol "SAP." (Additional information at http://www.sap.com/ )

(*) SAP defines business software as comprising enterprise resource planning and related applications such as supply chain management, customer relationship management, product life-cycle management and supplier relationship management.

Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. Words such as "anticipate," "believe," "estimate," "expect," "forecast," "intend," "may," "plan," "project," "predict," "should" and "will" and similar expressions as they relate to SAP are intended to identify such forward-looking statements. SAP undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations The factors that could affect SAP's future financial results are discussed more fully in SAP's filings with the U.S. Securities and Exchange Commission ("SEC"), including SAP's most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates.

NOTE: SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serve informational purposes only. National product specifications may vary.

  For customers interested in learning more about SAP products:
   Global Customer Center: +49 180 534-34-24
   United States Only: 1 (800) 872-1SAP (1-800-872-1727)

  For more information, press only:
   Debbie Walery, +1-650-461-1312, debbie.walery@sap.com, PDT
   SAP Press Office, +49 (6227) 7-46315, CET; +1 (610) 661-3200, EDT;
   press@sap.com
   Uwe Schaad, Burson-Marsteller, +49 69 238 09-31, uwe_schaad@de.bm.com,
    CET

During SAPPHIRE (from May 16 to 18), to speak with press contacts on site, please dial the SAP press room at +1-407-685-4329.

Quote Sheet / Addendum to SAP Announcement of Governance, Risk and Compliance

                         Management Business Unit

  ORLANDO, Fla., May 17, 2006

  Cisco

"Companies are looking for better ways to track risk management and compliance processes throughout their IT infrastructure," said Bill Ruh, vice president of technology architecture and Cisco Services. "Cisco intelligent Service Oriented Network Architecture (SONA) in combination with SAP's GRC solutions can help businesses comprehensively monitor risks and compliance across their network infrastructure at greater speeds. We will continue to work with SAP GRC business unit in advising customers on IT Infrastructure strategies, plans, investments and operations that drive greater control over risk management and compliance."

Deloitte Consulting LLP

"A key challenge for businesses today is integrating processes and metrics used to monitor adherence to regulatory requirements with those used to understand risks and manage enterprise performance," said Lee Dittmar, principal and national leader of Deloitte Consulting LLP's Enterprise Governance practice. "The goal should be to create a set of processes and information to help achieve the ongoing viability and performance of the enterprise, and to improve alignment between the board and the executive team. Governance, risk and compliance is a powerful concept. The fundamental idea is to view these three separate but related functions in a comprehensive, integrated manner. Companies can benefit by leveraging common processes and systems to address all three. SAP's GRC emphasis and approach is consistent with our view concerning the important role technology must play in making governance, risk management, and compliance more efficient and effective."

PricewaterhouseCoopers

"PricewaterhouseCoopers is excited to work with SAP on this evolution of technology and its impact on the business issues of governance, risk and compliance," said Jacqueline Olynyk, partner in the Advisory practice of PricewaterhouseCoopers. "Technology-enabled GRC improves decision-making by factoring risk information into strategic planning and capital allocation. The ability to leverage existing ERP technologies and an open platform allows an enterprise to select the most appropriate solution without having to compromise because of existing platforms. GRC becomes an integrated part of business decision-making rather than an afterthought. This is about meeting the demands of industry and making a difference in our clients' bottom lines."

Protiviti

"We recognize the benefits that accrue to those organizations who maximize their ERP's value through the implementation of detective and preventative controls," said David M. Johnson, managing director at Protiviti and head of the company's Application Controls Effectiveness (ACE) practice. "We are actively assisting our SAP clients improve their capability in this important area by effectively utilizing the full SAP suite of GRC solutions to enhance their risk mitigation and compliance efforts."

Symantec

"We share SAP's vision of providing a holistic GRC solution," said Jeremy Burton, senior vice president of enterprise security and data management, Symantec. "With the combination of the Symantec IT Compliance solutions for infrastructure compliance and SAP's solutions for GRC, customers will have an integrated, end-to-end framework."