This year, the FCO continued to strengthen its corporate governance structures, in line with the Treasury’s Code of Good Practice for Corporate Governance in Central Government Departments. From April 2007 there were several changes to the membership of the FCO Board and these, combined with the experience of our non-executive directors, have increased its overall professional managerial expertise.

Throughout the year, Board members also continued to receive further training in skills development – for example on performance management, board effectiveness and disability and diversity awareness – in keeping with Professional Skills for Government. The FCO has appointed new Board-level champions on diversity, including gender, race, disability, sexual orientation and flexible working. The Board held two away days to continue developing their effectiveness as a team and to discuss the challenges ahead for the FCO, with FCO ministers attending one of these away days.

The FCO’s Permanent Under-Secretary, Peter Ricketts, has taken further steps to involve senior leaders across the network in corporate decision-making. For example, he has expanded the membership of the Senior Leadership Forum, which brings together the Board and the most senior heads of posts twice a year, to discuss key foreign policy and corporate issues. New members have joined the Forum from small and medium-sized posts to make it more representative of the network overseas.

The annual FCO Leadership Conference brings together in the UK all heads of overseas posts and senior management. The Conference aims to strengthen our corporate leadership and discuss key policy issues, and make sure the Government’s international agenda is delivered across the network. The theme of this year’s conference in March 2008 was ‘Delivering the Strategy’, and focused on the FCO’s new strategic framework. The Foreign Secretary, David Miliband, presented the first ‘Foreign Secretary’s Awards for Future Leaders’ at the 2008 conference. The new award scheme aims to recognise, celebrate, reward and encourage strong leadership in the FCO.

Risk framework

The FCO’s risk management framework allows us to identify, assess and manage risks at all levels of the organisation. It also takes account of information passed from posts overseas to the FCO Board, and is included in their quarterly reviews of the top risks register. These so-called ‘top risks’ are identified through the strategic and operational risk registers. These registers are supported by the Risk in the Network reporting structure and individual countries’ business plans, which help regular reviews from overseas posts on risk.

The changing nature of risk means that the FCO is continually making improvements to its risk management framework. During 2007/08 we concentrated on making the process clearer and more effective. We place particular emphasis on integrating risk management into our business planning process, and on delivering specific training on risk to staff, including heads of mission, management officers, and the staff involved in business planning. This has helped to create broader understanding of and responsibility for the risk process amongst staff. Positive feedback from staff and auditors shows that the FCO has made significant progress in these areas.

Business continuity

An independent report on the FCO’s business continuity arrangements, published in January 2008, found them to be in line with the British Standard on business continuity (BS25999, published in November 2007). All FCO directorates have individual business continuity plans, which have been revised to bring us closer to the Standard. Across the FCO, staff are well aware of how best to respond to a major emergency.

The FCO has been regularly practising its business continuity plans since early 2007 to make sure they remain up to date and relevant. Exercises are planned for 2008 to test staff relocation and our remote capability. Since June 2007 the FCO Board has also carried out two major exercises, which have helped to further develop a culture of crisis management at senior management level.

Freedom of Information Act

The FCO received 1,027 requests in 2007. We achieved a 98% success rate in responding to requests within permissible deadlines. Of the requests we received, 40% were disclosed in full or in part; 34% were refused, including requests likely to exceed the cost limit and vexatious and repeated requests; and we either held no information or sought clarification on the remaining 25%. The number of complaints to the Information Commissioner fell to 17, compared with 50 in 2006. The FCO has been involved in seven appeals to the Information Commissioner.

Data Protection Act

In November 2007, the Information Commissioner found that the FCO had breached the Data Protection Act (DPA) as a result of a security breach on the Visa Facilitation Services (VFS)  online visa application facility. The FCO was required to sign a formal undertaking to comply with the principles of the DPA and the VFS online application was replaced. UKvisas has since undertaken a strategic review of its data processing and implemented an audit of data security procedures.

The FCO wrote to the Information Commissioner on three occasions to inform him about potential personal data losses. The personal data which may have been lost was contained in five missing diplomatic airfreight packages containing among other material: 36 visa appeal documents; one missing diplomatic airfreight package containing 15 passport applications; and one missing laptop belonging to an honorary consul that contained personal details, mainly names and addresses, of 70 consular assistance cases. The companies concerned are still searching for these missing packages (a tiny fraction of the more than 100,000 airfreight packages the FCO sends and receives every year). The FCO wrote to the individuals concerned to inform them of the data losses. The FCO takes these incidents seriously and is taking measures to minimise the risk of similar incidents recurring.

The FCO will be taking forward the new processes and minimum standards on protecting data set out in the Government's review of data handling, which reported in April 2008.