Group CFO – Netsurit
Having earned the designation of one of the most elite managed service providers on the planet, Netsurit specialises in optimising the cloud experience for their customers.
CIARAN RYAN: This is CFO Talks and I’m extremely happy today to be able to welcome Henry Swanepoel. He’s a Chartered Accountant with an MBA from the Gordon Institute of Business Science, and he has a Master of Taxation from North-West University. He’s now a group CFO at Netsurit, which is an IT managed services provider. Before joining Netsurit, Henry served as CFO for LAWtrust, which is Africa’s leading trusts centre.. Prior to that, he served as Financial Manager for Internet Solutions. Netsurit is involved in all things IT, with the overall aim of streamlining business operations, increasing productivity and boosting profitability. At a time when CFOs the world over are questioning return on IT spend, this is a message that carries considerable punch. First of all, welcome Henry, how are you this morning?
HENRY SWANEPOEL: Hi Ciaran, thanks for having me, I’m doing pretty well. It’s a little bit nippy here where I am, but otherwise it’s going great.
CIARAN RYAN: And where are you, in Johannesburg?
HENRY SWANEPOEL: In Johannesburg, yes.
CIARAN RYAN: Yes, it is a bit nippy today. Okay, kickoff and tell us a little bit about Netsurit and what it does and this whole subject about IT spend, if we can get into that in a moment and the return on investment aspect, which I’m sure is something that is coming up on your radar quite a bit.
HENRY SWANEPOEL: Thanks Ciaran, so yes, a little bit about Netsurit, so it started in 1998 with three founders, who literally had a dream of supporting the dreams of the doers. Up until today that is the cause that Netsurit as a family is living, and the whole idea or the shared purpose was to actually assist and create partnerships with clients as well as our employees, and delivering IT without a fuss. So IT without a fuss, what that means basically to our customers is that the clients can trust that their IT is running well, and focus on their true purpose, which is to improve business results and provide IT leadership within their own roles, and also going after whatever makes them happy. At Netsurit we’ve got a very strong culture of supporting the dreams of the doers and what that means for our employees is that we assist them in being well rounded individuals, not only a good productive worker, but a good family person and an overall human being, basically. So within the ICT and managed services we believe that our culture, the agility and our IT supportability options are our greatest points of competitive advantage. Our overall focus is on supporting partnerships and, like I mentioned, the dreams of the employees and the clients. Netsurit over the years has made really big strides in terms of the IT support side of it. Most recently, for the past 11 years running, Netsurit has been ranked in the MSP 501, which is basically consisting of a community of innovative, ambitious, strategic and nimble MSPs. So we’ve actually earned from the MSP 501 the designation of one of the most elite managed service providers on the planet and that, because we’ve been ranking for so many years consecutively.
‘One of our primary focuses is the United States of America’
CIARAN RYAN: Oh, that’s interesting, just tell us a little bit about that ranking, are you global facing or are you South African facing, tell us about your markets and where they are.
HENRY SWANEPOEL: Currently we are global facing and when I say global facing, we’ve got, our office in the US and that is one of our primary focuses is the United States of America, and then, of course, in South Africa. Up until recently we also had offices in Vietnam. Here in South Africa we’ve got offices in Johannesburg, based in Marlboro, and then as well as in Cape Town. So in the US our primary home is in New York, so currently there’s quite a bit of – how can I say – drama with the current pandemic there, New York, is basically at a standstill. So everybody is working from home but we’re making it work there. So we’re global facing and what the MSP 501 is it’s basically a survey that takes place every single year with numerous criteria and you’ve got MSPs all over the world clamouring for the top ten spots, if you can call it that. So basically year on year they rank you in terms of your revenue, your cybersecurity capabilities, your profit per person, your advertising spend, it’s quite an extensive list of criteria that you have to fulfil to actually be ranked on the MSP 501.
CIARAN RYAN: Did Netsurit grow out of South Africa into the international market, explain that background a bit.
HENRY SWANEPOEL: Netsurit was started by three individuals, Brian Cooper, Orrin Klopper and Rian van der Walt. Brian and Orrin are still currently with Netsurit, straight out of varsity they started their little IT business and it’s grown from strength to strength. So that was in 1998 and basically today this is where we are.
CIARAN RYAN: Just explain the MSP 501
HENRY SWANEPOEL: Yes, MSP, managed service providers.
CIARAN RYAN: Managed service providers, okay, and that’s a ranking that’s done annually, which I’m sure is quite useful for clients, that you are being measured and evaluated by your peers. I guess it’s not easy to get, into the top ranks, is it?
HENRY SWANEPOEL: Yes, like I said, there’s numerous criteria that you have to fulfil, and they literally measure you against other managed service providers.
CIARAN RYAN: That’s quite an achievement and this is a global ranking?
HENRY SWANEPOEL: It’s a global ranking.
CIARAN RYAN: Amazing and every year you’re getting onto that list, obviously there’s something there, there’s some alchemy, some magic that you are able to cultivate there in the company that makes that happen.
HENRY SWANEPOEL: Yes, and I think it’s to do with our agility and our innovative nature. For instance, just some of the background there is this year the MSP 501 totally revamped how they look at the MSPs, with cybersecurity playing a much bigger role than in previous years. So this list is constantly evolving as we move on, as new topics become relevant and basically mapping out the future of MSPs, then they adapt that criteria to keep that list relevant.
Increase in cyber attacks during the pandemic
CIARAN RYAN: Cyber security is not something I have paid much attention to, but recently there’ve been some rather alarming events. The one was the security breach of Experian, which is the credit bureau where I think 24 million data fields were hacked. Then there’s another company called Mirror Trading where somebody got in there, I don’t even think it was hacked, they just kind of walked in and they grabbed the entire database of the company. This is surely something quite alarming for a lot of your clients, maybe not for your clients but I would think for companies in general, would you agree with that?
HENRY SWANEPOEL: Yes, definitely it’s a very alarming trend and I think the whole pandemic has advanced cyber security, as well as the cyber attackers. So with the pandemic, everybody moving from an office based location where your IT security is already set up, to a home environment where now all of a sudden you have to have access to your virtual private network, which is a VPN, and a lot of people not having those firewalls at home, and the social engineering that takes place, the level to which the cyber attackers have reached and gotten to over this period of time with the social engineering. Experian was basically a social engineering attack, where the attackers gave themselves to be one of Experian’s clients, and in that way, they gained access to all their data. It’s significant how quickly they have adapted to all this and clients are feeling the brunt of it. On a day-to-day basis people are getting emails from fictitious accounts, fictitious SARS accounts, fictitious bank accounts just asking them to complete information that they then use to social engineer. One of the most recent social engineering attempts that I saw, two of them actually, was me getting an email from the CEO sitting in New York, asking me to quickly make a payment because he’s in a rush. Luckily, we’ve got the policies and procedures in place and the IT rules in place to flag it, and it actually came from a fictitious account that was created.
CIARAN RYAN: Goodness gracious and it looked like it was your colleague in New York, it looked genuine?
HENRY SWANEPOEL: Yes, it said from Orrin, the email wasn’t in Orrin’s normal style of writing and email, so that already raised a flag. Then the second one was actually getting the dreaded email from an attorney saying that SARS has handed you over, you better do something now, and they actually included a little PDF there for you, but as you open it it’s almost pixelated, so it looks like it’s a bad copy. Then you click on the link and all of a sudden it asks you for your Microsoft Office credentials. People working from home who have not been sensitised to this, who have not gone through the training or received the training that they should have, would have probably entered their Microsoft credentials. So there’s no reason for the lawyers to ask you for your Microsoft credentials. So now you have literally given them the key.
CIARAN RYAN: If you did enter your Microsoft credentials, would they then have complete access to the company, the company’s database?
HENRY SWANEPOEL: It depends, so for instance, to give an example, we work off our active directory, so basically my Microsoft username and password allows me access to everything. We’ve got third party authentication, it’s multi-factor authentication, where authentication gets sent to your primary device or a secondary device where you have to approve your login. But if we did not have multi-factor authentication and I put my credentials in there, they literally have access to everything in the company.
CIARAN RYAN: This is quite a frightening development and I see what you’re saying, during this time of people working at home there’s just more opportunity for these lapses in security to happen, right?
HENRY SWANEPOEL: Correct, it’s basically the company’s responsibility to give the people the training that they need to make them more security aware. So talk to them about social engineering, give them the training, there are fantastic tools out there to make people aware of what to do, what not to do. A simple example is you pick up a USB drive, what do you do with it, so you throw it away, you don’t even bring it near your machine.
Return on investment on IT spend
CIARAN RYAN: The next question I wanted to go into with you is just addressing CFOs and their concerns at the moment. There is an ongoing debate, it really has been going on for decades, has it not, about the return on investment on IT spend. I think a lot of companies find it a grudge spend because technology’s advancing, Moore’s Law kicks in and the demand for bigger, better machinery and software is never ending. I think sometime ago there was a perception that you bought a machine and it was good for five years. I don’t know if that’s still the case. Maybe just talk about that because this is something that we’re hearing from CFOs, that they’re having to have this argy-bargy with their IT departments year after year, why do we need to spend all this money. So can you just talk about that for a minute
HENRY SWANEPOEL: Ciaran, I think it’s basically twofold here. First of all, I think, some of this lies with the actual CIOs, who are the Chief Information Officers, and part of it lies with the CFOs. Most CFOs currently still see IT as a black box and they have limited visibility into what value that IT actually creates for the business. It comes down to basically knowing the needs of your business with regards to IT, and the CIO is instrumental in assisting the CFO in knowing what that value is. So IT is basically an enabler for productivity, for your strategy going forward. If we just think of the advancement rate of technology currently, leaps and bounds are made every three months. So where the idea always was big capital outlay, and that’s it for five years, it still holds true because that piece of equipment can still last you for five years, and if the support and maintenance contracts cover it, another three years, if you really sweat that asset. Where the problem comes in with technology is that failures can happen at any time, then you literally sitting, if you have no redundancy, no business continuity planning, you’re literally sitting with a big problem, especially in these uncertain times that we have. If the CFO wants to find out how valuable IT is, let something break down and then you can see what the value of that piece of equipment is and how everybody clambers to get that resolved. I think from a CIO’s perspective they’ve basically got to get their house in order. There are a few things that a CIO can do to actually assist the CFO in terms of the planning. What value that IT brings to the CFO and to the business. So a few things, for instance, is find out what the business objective is of the stakeholders, like are we going for full-blown technologically advanced here, are we going to digitally transform the business or is it business as usual and we’re taking our own pace with the technology roadmap and moving forward. So then basically allocate all IT costs to set off services that the business wants, and then they’ve got to hold their IT service managers accountable for controlling the costs of the services that they provide. Another thing is CIO’s need to define units of service in terms that the business can understand it. Sometimes I know that with older generation CFOs they’re not really versed in technology and still very focused on the traditional sense of what a CFO does. So sometimes it’s very difficult for the CFO’s to get to full terms of what the IT brings to the business. In today’s times, especially with large capital outlays, it becomes very difficult in these uncertain times, you want to hold onto that cash as long as possible. One of the technological advancements that I think will sort out quite a lot of these issues that CFOs have with regard to IT has come in the form of cloud. So I love the pay-as-you-go-economics of cloud computing…
CIARAN RYAN: You mean the SARS model, the software service type approach?
HENRY SWANEPOEL: Basically, what I’m talking about is the pay-as-you-go model that cloud gives you. So basically, your IT capacity can be purchased from a cloud service provider and that’s an operating expense, and this can be basically scaled up or down as your business needs it. For instance, you buy cloud computing, so basically a server in the cloud, which sits somewhere in a service provider’s data centre, and you can literally buy your computing power. So if you need more processing power or larger backup storage or anything like that, you can literally scale that up and down as the business requires it.
CIARAN RYAN: From an accounting point of view, how do you treat that? I haven’t really given that much thought, are you now capitalising those expenses and writing them off over five years, how does that work?
HENRY SWANEPOEL: Cloud computing is an overhead, it’s an operational expense on a month-to-month basis, so it makes the whole accounting treatment a little bit better or a little bit easier for that matter. There are no large capital outlays, you’ve got greater financial visibility on it, there’s a healthier return on your assets and you’re ultimately not responsible for that asset. That asset is somebody else’s problem, you’ve got full redundancy, you’ve got a full backup of that. So basically, you don’t have one server on your premises, it’s somewhere in the cloud, basically in that data centre and it’s not something that can break and now you have to purchase a new one. You’ve got that available all the time. If the service provider, if something happens to that server, they literally just switch you over and you can increase the power of that server to whatever you need. If I can just quickly give you an example with that, our professional services team set myself up on a virtual desktop in the cloud and what that does is it gives me far more computing power than what I have on my laptop. So working with big data and large data sets affects my computer. So if I want to sort something, if I just want to do a pivot table it takes my computer about five minutes just to sort it. With the virtual desktop set up in the cloud, it literally does that in a few seconds what my machine can’t do anymore.
‘What a person did as a CFO ten years ago is not what the CFOs are doing currently today’
CIARAN RYAN: Can we talk about the role of the CFO, you’ve got an interesting background, having come from LAWtrust into the IT sector. We talk to a lot of CFOs all the time to try and get a sense of what is the role of the CFO, and it is so radically different to what it was even five years ago. My question to you is does the pathway, the academic pathway to being a CA, does it adequately prepare you for the role of CFO in your opinion?
HENRY SWANEPOEL: In my opinion, I think the academic pathway goes a long way in preparing accountants for their day-to-day tasks that they have to do. I think it falls short quite significantly in terms of the gap that exists from accountant to, let’s say, financial manager and from financial manager to CFO. Your CFO has a much larger understanding or much better understanding of actual business, customers, processes than what the accountant or typical financial manager. I’ve done quite a few network sessions with other CFOs and the biggest thing that’s currently coming up is everybody’s moving towards a designation called the CVO, which is a chief value officer. So if we just have a look at the traditional sense of what a CFO was, as a CFO was always tasked with safeguarding assets, cash flow management, understanding and managing risk, financial reporting and interpreting performance and general financial planning and analysis. Where we are at today, we have got so many more aspects or more factors to deal with. For instance, we’ve got technological advancement, we’ve got a multigenerational workforce to be able to integrate. So there’s been numerous developments, like I said, the technology and innovation has dramatically changed over the last decade. So what a person did as a CFO, let’s say ten years ago, is not what the CFOs are doing currently today. Scenario planning is at the forefront of your daily tasks. Strategy has become a significant role that the CFO has to play.
CIARAN RYAN: And people management as well, of course.
HENRY SWANEPOEL: And people management as well. The teams, not just the teams under you, I’ve seen, quite a large number of my colleagues, including myself, taking on multi-disciplinary roles. For instance, the HR role reports into them, the legal role reports into them from a governance perspective. Even from an internal IT perspective, CFOs are standing up and taking the lead in those firms.
CIARAN RYAN: There was a study that was done out of Queen’s University in Canada, which is quite interesting, it’s called from CA to CFO, and they identified more than 30 different competencies that the CFO, and you’ve touched on some of them there, and I’m not sure if you’re aware, it’s interesting that you mentioned the CVO, the chief value officer, that is a term that keeps on coming up more and more. The South African Institute of Business Accountants has got what they call the CFO designation, which is the Certified Financial Officer, which is basically recognising the CFO for these competencies that actually you don’t get in the academic world, you have to acquire that in other ways, you have to acquire that sometimes through experience and sometimes through additional learning. But there is a sort of a recognition, I think, amongst the CFO community that the current focus on accounting is just inadequate. It is completely inadequate for the kinds of challenges, and you’ve touched on some of these, the cybersecurity issue, the legal issues around that and around director’s liability and all that sort of thing at the moment. I’m sure that in your experience you’ve probably had to learn pretty fast and think, hang on, I’ve got some gaps in my knowledge here as a CFO and I better fill these. Is that a fair thing to say?
HENRY SWANEPOEL: That is very relevant and I’m going to use a silly example again, when I got to Financial Manager of Internet Solutions I thought, okay, I know Excel. It turned out I only knew 5% of what Excel is actually capable of and it literally blew my mind as I delved deeper into Excel. But myself and the company that I’m working for currently, Netsurit, we’ve got a culture of learning, so we have given every single employee a Udemy license, I don’t know if you are familiar with Udemy. It’s basically an online learning platform. We’ve given every single person a Udemy license and we’ve got a substantial audio book library, so literally we encourage our staff to actually go through that audio book library and read at least one audio book a month. Then basically we’ve got a short list for them and say, listen, if you want to do the bare minimum, these are the audio books that you have a listen to during this year. We encouraged them with our culture of learning to actually broaden themselves. For myself, I’ve always been in that frame of mind of wanting to improve myself, wanting to know more, wanting to see how I can stretch myself. The main reason for doing my, first of all, my Master’s in Taxation, and then feeling that I’m lacking something as a financial manager and then pushing myself to do my MBA. I think that’s gone a long way in just opening my eyes in terms of what is out there in the business and the different parts of business and how you interact with the rest of the business, as well as like the Fourth Industrial Revolution, the technological advancement, everything that comes at a very fast pace today. If you don’t keep yourself up to speed, you’re going to get left behind.
A passion for information technology
CIARAN RYAN: Just a couple of quick questions, we’re running out of time here. So if I could just ask you a few more, I want to find out a little bit about you, where did you grow up? Where did you go to school and what put you on this career path, if you can give me an answer to that one.
HENRY SWANEPOEL: Basically, born and raised in Potchefstroom, a small university town in the North West. I went to primary school there, I went to secondary school there, I studied at the North-West University, where I obtained my degree…
CIARAN RYAN: Which is also in Potchefstroom, is it not, it’s the old Potch University.
HENRY SWANEPOEL: Yes, that’s correct. So from there on, unfortunately before I could complete my honours I was forced to find an article job already and try to complete my honours while doing my articles, so I decided to move to Johannesburg where at that point of time I thought that’s where the money is, let’s go there. Got my internship at Anderson Rochussen & Van Der Bijl Incorporated, a small auditing firm at that stage based in Rosebank. I did my articles there and under the guidance of really good audit managers that is where I cut my teeth in terms of compilation reports, in terms of auditing. Right from the start they threw us into the deep end by literally throwing a box at you for a closed corporation and said, go. You had no idea what to do but you managed to do it and get it done. After that I decided that it’s time to spread the wings a little bit more and I got a job at a company called Konecranes, which was a mining consulting house…
CIARAN RYAN: What’s the name of the company?
HENRY SWANEPOEL: Snowden Mining Consultants. After that then moving to Internet Solutions and I think that is where my passion for information technology started, really getting to grips with what are we actually talking about and just seeing the actual advancement of this age from when I was an article clerk up into Internet Solutions. Basically, there I started to get more familiar with social media platforms like LinkedIn, started following technology blogs and that’s where I came across LAWtrust and I saw that literally they had an opening, so I applied and was successful. Basically, what LAWtrust does is they’re a cyber security provider and at that stage they were quite familiar with or familiar for the current ID card offering. They did all the certificates that are basically embedded on your ID card. I was with the company for three years under the leadership of their CEO, Christi Maherry. They also played quite a role in my development and always pushing me to find out more and trying to learn more. From there I was headhunted by a lady called Khanyi from Netsurit, she saw my profile on LinkedIn and then basically said we’ve got an opportunity for you here at Netsurit. I wasn’t looking at that point in time, up until probably my second interview from our current CEO, Orrin Klopper, and he literally inspired me with what he was thinking and just the way of work of Netsurit and their dreams programme and everything that I wanted to be part of this, this family that I’m currently seeing myself in.
CIARAN RYAN: And the rest is history, as they say. Okay, just very, very quickly, you mentioned the shutdown in New York, and I wanted to return to that very quickly, how has the pandemic impacted your business?
HENRY SWANEPOEL: I would say being a managed IT services provider we were probably geared for work from home I would say about 85%. There was a little bit of a scramble when we had to literally shut down the offices to make sure that every single person does have internet connectivity, so we were pretty geared for it. But our clients were not that geared for a work from home environment and that has caused them to lose quite a lot of revenue, impacting our revenue as well as our bottom line because of that knock-on effect. But I think from that pandemic view, apart from client loss and revenue loss, we’ve kept our productivity very high.
CIARAN RYAN: Okay, final question, what books would you recommend? It doesn’t have to be a technical book, it doesn’t have to be accounting., it can be fun.
HENRY SWANEPOEL: So one book that definitely comes to mind is a book that I read about two years ago and it’s called Flash Foresight: How to See the Invisible and Do the Impossible: Seven Radical Principles that Will Transform Your Business by Daniel Burrus and John David Mann. So basically, what the book is about is it just offers a methodology for you to see new opportunities and developing trends. So instead of looking at a problem, you go in basically the opposite way of this problem. That has guided me in Netsurit to actually just identify opportunities and just look at everything happening around you with a different perspective. So it’s a little bit of I would say like almost how can I call it, not an IT book but like literally what developments are going on around you in your space and then identifying it for yourself by having a look at a number of triggers that are happening.
CIARAN RYAN: I will definitely look out for that one. Henry, we’re going to leave it there, thanks so much for coming on. What a great tour of the world in which you live in, and the IT space and cyber security, you brought up so many interesting things, the evolving role of the CFO. Thanks so much for sharing those insights, I really do appreciate that. Let’s stay in touch, I’d like to catch up with you in the future, hopefully when the pandemic is a little bit more historical than current, and see how things are going, if that’s okay with you?
HENRY SWANEPOEL: That’ll be fantastic. Thanks a lot for having me, Ciaran.
CIARAN RYAN: You are most welcome. Henry Swanepoel is the CFO for Netsurit.