In October 2014, the American Society of Tropical Medicine and Hygiene (ASTMH) held its annual convention at the Sheraton New Orleans Hotel. One of the most pressing medical issues at the time was the Ebola pandemic. To minimise the risk of contamination the Louisiana Department of Health & Hospitals decided that anyone who had been in Sierra Leone, Liberia or Guinea, where the disease had been most prevalent during the preceding three weeks, should not travel to New Orleans to attend the conference. The ASTMH objected as the policy  would impede understanding of the epidemic. But risk management took precedence over uncertainty management.

This is not unusual. Research suggests that uncertainty is psychologically painful and most individuals and organisations simply refuse to deal with it. Measures put in place to manage risk, however, can often make uncertain situations worse.

To illustrate, the French army operates an armoured vehicle known as the VAB. Getting in and out of the VAB gets slippery in the rain and many soldiers sprained their ankles. Military personnel mitigated the risk by adding small wooden duckboards. This stopgap measure became a serious problem when the modified vehicles were deployed to Afghanistan. Improvised Explosive Devices (IEDs) transformed the duckboards into shrapnel and the peacetime safety measure became a wartime danger.

Many organisations have developed an apparatus to manage risk, as have the armed forces. However, what sets the armed forces aside from most organisations for the most part is their management of uncertainty. 

The importance of uncertainty in a military context is obvious, the attack on Pearl Harbour being a case in point. It is also highly relevant in the corporate environment (as the Fukushima catastrophe showed). The armed forces, however, not only acknowledges uncertainty, but embraces it.

Operating amid uncertainty

On July 9 1943, Allied forces were preparing to invade Sicily with a massive combined aero-amphibious force. When a storm blew up, the Axis forces took the opportunity for a much-needed rest, thinking it would put off any attack. But the Allied commanders decided to commence the invasion. Their paratroopers suffered high casualties as they landed too far behind enemy lines, but this created confusion among the defending army and made the amphibious assault easier than anticipated, leading to the overall success of the invasion. The uncertainty had created a strategic advantage for the Allied forces.

In times of peace, the military identifies known dangers relatively well.  For example, between 2002 and 2007, road traffic accidents accounted for 25 percent of fatalities in the French armed forces, 25 times more than combat operations. Addressing these risks requires well-defined procedures that are refined over time and backed by robust enforcement. In other words, the risks are managed through a strong command-and-control structure in which only senior officers have a significant degree of autonomy.  Hierarchy is rigidly enforced. Risky activities are identified and discouraged by explicit incentives in a quasi-contractual environment.

In times of war, risk ceases to be the main issue; uncertainty and “strategic surprises” become the critical concerns. Dealing with uncertainty requires a different approach from dealing with risk. Soldiers look for leaders rather than managers. Those at a lower level in the hierarchy are given more autonomy and hierarchy is less rigidly enforced.  Incentives become fuzzier and rewards are granted based on outcomes rather than on activities beforehand.  Personal commitment rather than quasi-contractual incentives become the dominant motivation.

For example, the French Army operates its Leclerc tanks in two modes. In peacetime, any anomaly automatically stops the tank, which is then sent for inspection and maintenance – the battle tank leader has no control over this.  In wartime, the machine is re-parameterised to give the battle tank full control and the ability to override any safety feature when necessary.

Managing corporate risk

In organisations, cyber-attacks are an everyday threat. Cyber-risk management involves implementing procedures to protect the network against known problems. But this set up can also exacerbate unexpected attacks once the system is penetrated. If IT teams could be given autonomy to fragment the system to defend it, they could reduce the likelihood of extensive damage when under attack.

The US Government Printing Office recently suffered from a cyber-attack but it had such an antiquated network that it apparently confused the hackers. The weak risk-management procedures made it easier for the assailants to penetrate the system, but the strong (accidental) uncertainty-management techniques ensured that the penetration was not fully exploited. What turned out to be a fluke in this case could hold lessons in dealing with uncertainty.

Some better suited to handle uncertainty

Not all leaders are equipped to deal with uncertainty. While many organisations have a Chief Risk Officer, very few appoint a Chief Uncertainty Officer. The military recognises that some leaders are better equipped to handle risk, while others are better at handling uncertainty. At the beginning of the First World War, the French commander-in-chief, Joffre, replaced 134 generals appointed in peacetime who were deemed ineffective in wartime.

As with risk management, leaders have to formalise the organisational appetite for uncertainty and develop and implement policies, tools and procedures to cultivate a culture that can adapt in times of crisis.

With corporate and military environments becoming increasingly similar civilian organisations can learn a lot from the solutions deployed by the armed forces to manage uncertainty.

This article is an edited version of “Chief Uncertainty Officers, the Case of the Armed Forces,” forthcoming in Insurance and Risk Management (Assurances et gestion des risques) Vol. 82 (1-2), pp 177-190.

Gilles Hilary is an INSEAD Professor of Accounting and Control and The Mubadala Chaired Professor in Corporate Governance and Strategy. He is also a contributing faculty member to the INSEAD Corporate Governance Initiative.

Paul-Antoine Croizé, is a former Captain in the French Army and a Key Account Manager, SE Asia & Pacific at BRF

Follow INSEAD Knowledge on Twitter and Facebook