The five minute CIO: Phil Codd

19 Jul 2013

Phil Codd, managing director of SQS Ireland

The managing director of software testing provider SQS Ireland Phil Codd oversees the IT function in a growing organisation. He talks about security, cloud, the importance of processes and the growth of open source.

Can you describe your own day-to-day role with SQS, and how much of that involves oversight of the IT function?

As the managing director of the company here, a lot of my time is spent with business development or operational issues, and if we go into operational issues, that’s where we find IT. I would probably spend 5pc or 10pc of my working month specifically on the IT function.

That’s unless I get involved in group projects – which will happen from time to time, then that level increases. Right now in terms of projects like ISO 9000, while it’s process-related and company-wide, IT is involved. So I get involved at a group level as and when required.

What are you seeing from the perspective of both management and IT – where are the big challenges?

There’s a greater pressure on the board of organisations now to make sure they’re optimising technology to get some sort of business benefit. Again, I come back to the new kids on the block who are coming into the workforce. They have a different way of working – the whole idea of social media and how they interact is coming into organisations. How an organisation interacts with them needs to have some sort of social media style.

From an IT perspective, there’s always been the desire to use the latest and greatest in terms of technology, and how you balance up what is legacy systems with what’s new and exciting coming down the line.

The speed and rate of change puts new pressures – and security is one of those – on an organisation. We’ve seen security breaches probably on a daily basis. These are the new things that people are having to worry about. And then you’ve got the hype of cloud and the question is asked, ‘what’s our cloud strategy, do we have one?’

What’s your own view on the cloud?

I’ve seen it delivering benefits through the delivery of application software – for example, we’re a user and obviously that’s a well-tried cloud model. For us to be able to deliver testing services to clients, and particularly from a service point of view around things like performance testing where a company may manage a public-facing website – we’re now able to use the cloud to simulate real-time visitors by injecting traffic.

We’ve seen real benefits both in the service we provide and in what we do in our internal infrastructure. When I look at IT over the last number of years and you look at where trends start and who invests in them, and when you see large organisations putting their weight behind them, you see a change in IT.

Cloud may have started out as hype a number of years ago, but now it’s very much a reality. Everybody is there. Our strategy is not to say, ‘we’re going to go cloud’, it’s ‘will the cloud help us in this instance?’

What are your thoughts on the ‘bring your own device’ trend?

‘Bring your own’ technology is on everybody’s agenda and we’ve had to embrace it. One of the features of our organisation is, we’ve got quite a young workforce so everybody’s conversant with the latest technology, and they want to bring that into the work environment.

The only caveat is, we have staff working with clients, we’ve got to make sure it fits in with the client’s need because they might have some specific security needs that we need to be conscious of and cognisant of. We have to ensure we don’t impinge on that.

What are the big issues facing SQS right now, and how is IT addressing those?

There are two sides to this: internally and externally how we use IT to service our clients’ needs. The second one first: making best use of IT to service clients’ needs is important. Clients often come to us in a distressed state because they’ve got a go-live date and they’re under pressure and something needs to be checked – either a security review or a quality review. And we’ve got to respond rapidly.

We do things like code quality audits and that’s where an organisation would upload their source code to us, to a secure place so that we can run the code, produce reports and give reviews. There’s more than just trust there. We may well be dealing with people’s intellectual capital. That ties in to security but also how we make use of infrastructure and secure networks.

Internally, as we grow – and as a group we’re going to be about 3,000 people or thereabouts by the end of this year – that brings a lot of challenges from an IT point of view. That’s not just infrastructure but from an enterprise applications portfolio. Our group CIO is looking at what will be the enterprise portfolio for the next couple of years. We’re not a manufacturing or financial services company, so like many IT services companies, it’s finding the right mix of things.

Cost is becoming more of an issue, so open source is starting to come on the agenda, as it is for our clients and for government … it’s quite exciting that we have a new Government CIO and I know that local government has moved towards open source. So if Government can do it – and we’ve seen pockets of it in the private sector – then it behoves us to look at it.

How would you describe your approach to IT: is it just a cost to be managed sensibly, or can it deliver real value and innovation to the business?

For us as a services company based around people and technology, yes, we’ve got to manage the cost because everybody has to do that. But it is about looking at how we can drive real benefit or value. And it can be really simple things, and it goes back perhaps to ‘bring your own’ technology: if your consultants have immediate access to a time-recording system and it means we can invoice quicker at the end of the month, we can collect cash and reduce our operating debt. Using simple technology that is already out there delivers real value.

What are the criteria that convince you to give any project the green light?

Ultimately, it’s got to give us a business benefit. Recently, we relaunched our website. That in its own right is a reasonably sized project, and when you look at it, you say: what is the benefit? Our previous website didn’t lend itself to search engine optimisation. That was a key driver. It will allow us to save money down the road. We can tick the boxes, but there has to be a real business benefit.

Do you have another example?

Certainly in terms of applications, our implementation of a few years ago where we moved from spreadsheets and people adding up, to having a better handle on our business and sales force, support and marketing embracing such tech, it was the first programme that went group-wide. It’s made our staff more efficient, it’s made our marketing a lot more well-oiled because we’ve got more data.

How much autonomy do you have in the Irish operation in the systems you can deploy?

In that particular instance, I was the executive sponsor for it across the group. We did it jointly across seven countries: Ireland, the UK, three Nordics, India and South Africa. In other areas, obviously infrastructure issues are left to the central IT team so we’re really a consumer of IT in that respect.

Five years ago, we had 30 people, we’re at about 200 now, and that puts an obvious need on infrastructure, and the mobile side in PCs, laptops or smartphone tech and the right set of applications available both internally and on the client side.

Given the line of work SQS is involved in, do you spend a lot of time putting in place repeatable processes and do you use a lot of frameworks like ITIL when running your IT?

We’ve got a pretty good process across the entire group and we benefit from that in Ireland. Because we’re hiring a lot of people and we’ve got to make sure that people are taking devices that are security-checked, that they’ve got the right build on them, and that has to be done through a process.

When hiring, you’ve got to make sure your HR process is tied to your IT process. And it’s ready to go on day one. Security is a critical thing and a lot of that is around process. We’re just in the throes of certifying around 27001 on security and we’re doing a group-wide ISO 9001 programme again. That will ensure we have documented and well-used processes across the organisation.

Why so much focus on security?

As an IT services company that’s very people based, we’ve got to make sure that people are adhering to policies and procedures that we put in place. We provide some services offshore and we’ve got to make sure that we’ve got secure environments, and the right levels of encryption – it’s that extension of the client’s security needs. And it involves us complying with standards around data privacy. Security is a growing percentage of our budget.

Gordon Smith was a contributor to Silicon Republic