If you’re the CFO of a large company that’s looking at an ERP buy or to upgrade your SAP system, don’t be surprised to find Arlen Shenkman, finance chief of SAP North America, sitting in your office.

Arlen Shenkman

Shenkman, who took on the role of running finance for the global technology company’s biggest operating country last June, has met with many finance chiefs of clients, and potential ones, over the past half year. “It’s been a pretty regular thing,” he says.

He certainly knows how to do deals. Before getting promoted, he spent more than a decade in senior corporate development roles, building out an M&A function at Germany-based SAP, which previously hadn’t been in the acquisition market. He played a lead role in acquiring seven companies, including well-known names like Ariba, Concur, SuccessFactors, and Sybase.

Shenkman didn’t come to a high-ranking corporate finance role at an iconic global company through a traditional path. He earned a law degree from the University of Miami in 1995 and practiced corporate and securities law until 2004, when he joined SAP. A couple of years later, he spent a month at London Business School, an experience that led him to grow increasingly comfortable with financial modeling, discounted cash flow, and other valuation metrics.

He recently spoke with CFO about his career and role, views on the CFO post generally, and current issues relevant to it. An edited transcript of the discussion follows.

How and why did you switch from law to business?

I went to law school with a non-traditional perspective. I always wanted to be in business. My grandfather owned a manufacturing company with 700 or 800 employees, and he told me that he spent a lot more time with attorneys than he did with MBAs, so I’d be better off with a law degree.

As a corporate lawyer, both at law firms and in-house, I liked working on M&A and securities. But I didn’t want to practice law my entire life. I took the opportunity to transpose those experiences to a corporate development [role with SAP].

Does your legal training inform what you do as a CFO today?

A fair amount of what CFOs do, in particular regional ones, is ensure that we’re complying with laws and regulations, as well as our own policies and processes. Also, we assess risk and make risk decisions all the time. People I work with who are focused solely on numbers make decisions based on the numbers and not necessarily the overall impact to the business. I find that with a legal background combined with my broad business background, I can approach a problem in a more multifaceted way.

You’re a CFO at a company that sells important products to CFOs. Does having so much contact with them provide you with insights on how to be a better CFO yourself?

Having those relationships absolutely does. I’ve already met with some CFOs to talk about issues, bounce ideas off them. I felt the same way when I was an M&A professional and an attorney about having peer-to-peer relationships and being able to have a dialogue with people who face similar issues.

Similarly, does being a CFO and having a finance background help you in terms of understanding the mindset of your customers and how to sell to them?

I think I have a better understanding of what their problems are and what they’re trying to sold than perhaps someone who hasn’t sat in that chair.

Where do you think CFOs are generally on the curve of being able to leverage data in an actionable way?

I’ve found two main messages in the conversations I’ve had recently with CFOs. One is getting rid of the conversation about who has the right version of the truth. At our company, we’ve been able to do that by aggregating information and having a single source for our financials. It’s something I clearly hear CFOs struggling with: siloed data, not being able to access information, regions having data that they don’t have, waiting for batch processing, not having the insights they need.

I think it’s very hard to have a conversation about data actionability when you have to wait two days to get reports you asked for because the information isn’t in one place. I can tell you that having done this job for only six months, I can’t imagine not having one set of data. We have 11 market units in North America, and being able to look at our business holistically gives me great confidence in operating it.

The second message, and I probably [notice it] because of my M&A background, is about integrating businesses on a common technology platform. When I ran M&A I worked for our CEO. But when I focused on integration, I spoke almost exclusively with our CFO. Whether or not a CFO runs M&A or is involved with M&A, integration is almost always going to be at the top of their priority list.

Acquiring a business that you can’t effectively operate on Day 1, and not having a plan for how to integrate their technology, for getting their financial and accounting compliance processes and procedures into your system, is a very challenging place to be.

What’s been your reaction to the job? Has it been as you expected, or have there been surprises?

I’ve been pleasantly surprised that after having been in a global job where I had the opportunity to really understand the business holistically, I really enjoy the regional focus and being part of a team that’s running a business on a day-to-day basis. I’ve been able to transfer those skills to have more of a dialogue with customers and employees around where the company is headed than I would have otherwise [been able to].

Other than the boilerplate stuff that all CFOs have to attend to, what are you most focused on strategically?

[The big one is] the transformation of the business. We [put up] about $20 billion over the past five years to transform the business into a cloud company. In Ariba, SuccessFactors, and Concur, we bought three of the six or seven largest cloud companies. We told our investors in February 2015 that by 2018 our new software subscription revenues will surpass new software license revenues. We’re on a transformational journey but it will take two or three more years before we get there.

To what degree are you able to be independent in running the business, versus being very reliant on headquarters in Germany for guidance?

When I pick up the phone and call the CFO in Germany, I don’t think of it as having to call my boss. I think of it as making sure he’s up to speed on what we’re doing. It’s not asking for permission to do something, it’s having a dialogue.

Historically, if you go back to the time when I joined SAP, the regions would send a check home to corporate, and they’d say you either sent enough or you didn’t. Over the past five years we’ve been on a journey of technology integration, setting up shared services centers and centers of expertise around accounting and how we handle many internal processes. [The integration allows us to] share data, understand analytics, our pipeline, and our financial results, and know where we’re taking the business.

Being in the technology business, where there always seems to be a revolution going on, how can you ever be truly confident that your long-range plans are on target?

Well, we certainly have an economic plan. Look, I can’t comment on every piece of technology. But when you look across large companies that want flexibility in how they understand their business, in changing their business models, in having controls over their businesses in order to operate it in the most effective, profitable, and compliant way they can, I think those are common themes.

It doesn’t mean things won’t change around us. But I think we have a fair degree of confidence in understanding trends, which we pretty consistently communicate about to our customers, employees, and investor base.

Every boardroom in America is having a deep discussion about cyber-security. It’s starting to seem like there’s no way to keep the criminals out. As the CFO of a technology company, what are your views?

I think you have to approach cyber-security like you approach any risk in your business. It has to be more than just having a written plan. You need to test your systems, you need to be comfortable with your security providers, you need to have internal expertise.

And you need to get the conversation from the boardroom into the business. Yes, a lot of boards are talking about this and are concerned about it. But I’m not sure businesses are taking enough action to ensure that they take cyber risk as seriously as they take the risk of physical security, or the way they handle compliance or bribery, where they have refined plans and have dealt with it for years and it’s part of the fabric of the business.