Fundamental elements regarding the approach of risk management within the international projects with teams in the virtual environment

International projects with teams in the virtual environment (IPTVE) are known as complex and high risk projects, these features being considered as significant obstacles to project success. Applying the appropriate risk management methodology could increase their success rate, becoming a fundamental tool for decision making. Research on IPTVE management risks is scarce, focused on specific sectors as software development or construction, without taking into account the differences between traditional and international projects. Thereby, risk management within IPTVE becomes a necessary approach for the performance in managing international projects. This article aims to improve the risk management process within IPTVE, by proposing a flexible theoretical model of the process.


Introduction
The projects and their environment have changed and, at the same time, their importance increased. Thus, necessary conditions regarding project managers and risk management techniques for projects have also changed. In a competitive environment, those who can manage risks and carry out projects more efficiently will be successfull [1]. Rahman, M and Adnan, T. [2] argue that the distinction and mitigation of risks in current projects are essential for project success. Even though researchers in the field agree that risk management plays a very important role on the success of any project, there are studies on the most implemented tools related to the success of any project management that place risk management activities on the last places of the ranking [3], which shows that practitioners are not yet fully aware of its importance.
International projects very often face failure due to different and complex factors globally. In particular, large international projects are very unlikely to meet the scope, time, cost and quality [4]. Hubbard [5] (p. 7) claims that the ultimate common mode failure would be a failure of the risk management process itself. Thus, effective risk management plays a vital role in preventing projects from failure [4] by identifiyng the most useful approach taking into account the specific features of international projects, which differentiate them from traditional ones, in order to implement appropriate risk response strategies. IPTVE, in particular, as a result of their complexity and fast pace of development [6] are threatened by numerous types of risks [7] which may represent consequences of their internal and external environment characteristics, which are constantly changing [1].
Even if it has been identified a series of specific IPTVE risks and factors [7], certainly, new risks can be detected depending on the specificity of the area of each project. It is necessary not forget that each project is unique and must be managed as such, and the risks must be treated in the same way. The risk management success must rely on understanding the different categories of risk factors that particularly affect IPTVEs, analyzing their impact on project success and prioritizing them, developing risk management strategies based on prioritization.
The purpose of the article is to highlight the importance of risk management and to propose a theoretical framework adapted to the virtual work environment, for its implementation in IPTVE management. Thus, the paper has the following structure: the second section is allocated to literature review, the third section presents the methodology, the fourth section continues with the theoretical framework proposed for risk management in IPTVE, followed by a section dedicated to conclusions and future research directions.

Defining risk management
Thus, the threats and, subsequently, each corresponding risk must be identified. In these conditions, each characteristic of a project, each field of action, should be analyzed in order to understand what are the major dangers and risks of that project, being able to evaluate them and to take action [8].
Hubbard, D.W. [5] (p. 9) defines risk as a potential loss, disaster, or other undesirable event measured with probabilities assigned to losses of various magnitudes pointing that first it has to be determined a probability that the undesirable event will occur. Then, will be necessary to establish the magnitude of the loss from this event, in terms of project resources. Chou [9] states that risk is an event about uncertain future, which is the possibility or chance of loss, danger or injury. The uncertainty is considered the central part of the risk which can lead to losses for all the interested parties. Akendiz C. [10] (p. 5) also considers that risk is the effect of uncertainty and that unplanned events can occur within objectives, having an impact on meeting them. Telmeriam [11] is defining risk referring to the objectives based on the triple constraint, claiming that risk is presented as a circumstance that may occur at any stage of a project and may affect the anticipated results of the project if not managed efficiently. Martinelli [12] indicates the objectives as benefits, claiming that project risk is the potential failure to deliver the benefits promised when a project is initiated.
Specific risk management actions developed gradually from those focused on reducing financial impact, to complex processes based on programs throughout the organization, in order to identify and reduce weaknesses that threaten the organization and its partners [13]. Risk management is considered an inseparable segment of the project management and its goal is to increase the probability and reach of the potential positive events [1]. According to PMBOK -sixth edition [14] risk management is one of the ten areas of project management knowledge.
Regarding the definition of risk management, Martin A. [15] considers that it comprises processes related to project identification, analysis and risk response, amplifying the positive effects and reducing the negative ones. Hubbard [5] (p. 11) and Akendiz, C. [10] (p. 5) have the same broader vision, offering a concentrated definition, by mentioning all the actions included in the development of the process as a succesion of steps: identifying, analyzing, establishing the order of risks according to their importance and a cost-effective application of resources to reduce, monitor and control the likelihood impact of adverse events. The probability of these events can also be minimized through a solid risk management strategy [10] (p.5). Kerzner [16] considers that risk management involves a continuous and positive approach to project's risks in order to increase its probability of success. Thereby, risk management is progressively perceived as a process of increasing the probability of project success [17].

Risk management process
Although specialists have different views on the number of steps (from two to four steps) in risk management, everyone agrees that the first step is to identify risk factors, which is an attempt to find and document all possible risk areas for a specific project [18] and maintained in each phase of the project, because risk management is a continuous activity [19]. Subsequently, the probability of occurrence and the impact on the project for each identified risk will be estimated. The impact can be on the purpose, cost or duration of the project [7].
Salmon [8] propose one of the most complete visions of the management process composed of a series of four steps, including early identification of risks with major impact on the project and resumption of the step regularly throughout the project; analysis and evaluation of each identified risk so that the measures taken are the most appropriate; application of impact mitigation measures, as well as monitoring the results of these measures in order to make the necessary adjustments.
The first phase is risk identification and the objective is to recognize and describe risks that might prevent a project achieving its goals [20]. The methods selected at this pahse can offer relevant information in identifying risks. An assessment of project documents could be considered [20].
Regarding the first step, Verzuh [21] considers there are four techniques: asking the stakeholders, making a list of possible risks, learning from past from similar projects and focusing on the risks in the schedule and budget. Zembri-Mary [22] claims that the identification is carried out through a risk review in the presence of all technical actors of the project, making possible to identify potential risks and project managers will retain the risks that have significant impact on the project. The same way, Edwards et al. [23] explain that brainstorming is considered one of the most effective techniques used to identify project risk at the appropriate time in the project life cycle. The purpose of brainstorming is to create a complete list of project risks. Usually, the project team is the one that performs brainstorming together with non-team experts from different area of experitse [24] (p. 315). PEST (political, economic, social, and technological) analysis of collaboprating organizations and SWOT (strengths, weaknesses, opportunities and threats) analysis of the project can offer new insights and completions of the risk list. Martinelli [12] considers that the most important tools for risk identification and impact assesment are represented by risk management plan, risk identification checklist, decision tree, Monte Carlo analysis and risk dashboard, in order actions to reduce them and monitor their evolution. Salmon [8] considers that the risks specific to project implementation will be mainly the responsibility of the department managers within the project, so it is necessary to first know what those risks are in particular.
After having identified the risks involved, it is necessary to analyze and prioritize risks. Risk assessment allows decision makers to understand how the risks could affect the achievement of project objectives, and also provides a basis for decision-making on the most appropriate approach to afford risks [25]. Researchers agree that it is necessary to be established a risk assesment team consisting of department managers and led by the risk manager [8]. AON [26] indicates a constant increasing involvement of all departments in an organization in the risk management process. Bunting and Siegal [13] affirm that risk managers use data measurement to prioritize risk, but, at the same time, they should not assume that if they cannot measure the risk, they cannot manage it, because it is necessary to adddress also the challenge to classify characteristics difficult to measure, such as communication quality and intrinsic human interaction, in binary bits -good or bad, better or worse, fulfilled or unfulfilled. For this stage of the risk management process, Salmon [8] states that the risk journal and the risk assessment matrix help to visualize the risks in order of priority and to establish the necessary resources as well as the measures for their management. Monte Carlo analysis can be successfully applied to be effective in determining the impact of risks through mathematical simulations.
In order to have an effective project risk management process, it is necessary to select the most appropriate mitigation and control strategies to deal with the assessed risks, in accordance with their impact. Researchers [8,27,22] consider that risk mitigation solutions can include risk avoidance by complete elimination of risk by changing project requirements ; transferring the risk to a third party by involving another party to take the risk (insurance company, specialists) ; if a risk cannot be avoided, there is necessary to implement appropriate mitigation actions to minimize the possibility of risk occurrence or that the risk has a negative effect if it materializes; accepting the risk without engagging in actions to control it and then constant monitoring of the risk in order to be able to observe in time if different methods are necessary. In order to select the apprpriate strategy, in international projects can be used multi-criteria decision-making analysis that involves multiple criteria that can be both qualitative and quantitative [28].
Control Risks often results in identifying new risks, re-evaluating current risks and closing down obsolete risks. The risk review considers the verification of the risk management process effectiveness [24] (p.351). Project team meetings are considered another efficient technique within this phase. Persistent discussions about risks allow team members to more easily identify risks, but also opportunities [24] (p.352). Risk control step can generate secondary risks which are risks that arise as a direct result of implementing a risk response [24] (p.343).
Rad and Ginger [19] consider that the stages of risk management must become a routine like the other activities of the project. A risk management monitoring and control plan should include team reviews and task planning. Risk management must be proactive to prevent problems and is an ongoing and simultaneous process (many risks are managed at the same time) [29].

Methodology
The methodology used for this paper was the bibliographic research. The literature addressed to international projects with teams in the virtual environment is very scarce. Thus, it was chosen to split our search into different parts, respectively two categories of main keywords related to project management (project risk management, international project risk management) and those related to the teams in the virtual environment (international virtual project team, virtual team risks management). Following these research in recognized databases such as Wiley Online Library, Web of Science, SCOPUS, Science Direct, DOAJ, RePEC we have read more than 190 abstracts and analyzed more than 40 full scientific articles and books tangent to the research subject.

Theoretical framework for risk management in IPTVE
The bibliographic research in the field of risk management in international projects and teams in the virtual environment revealed that the research undertaken was very scarce [7] and focused on specific phases of the risk management process, mainly, on identifying and analyzing risks in international projects [4,28] especially those in the field of construction [8,15,30,31,32] or within dispersed teams in software projects [11,29,33,34,35] and to a very small extent, virtual project teams [18,36].
The traditional project management methodologies follow linear thinking. This approach could contribute to meeting the needs of a single organization and the relationships that make up its specific environment. Over time, globalization of markets, business collaborations, technological development have generated fewer centralized partnerships, being incorporated in international projects, which require significant improvements in risk monitoring, risk mitigation and organizational management activities [34]. There are companies that invest much time and effort to develop a system of project management methods, which was only effective for certain types of projects. But, project diversity is the factor that changes the perspective to a great extent, especially in projects that require creative thinking. Thus, companies may show a tendency to avoid certain types of projects because they are not fitting with the methodology they are used to [16] (p. 330), trying to avoid failure. Casey, V. [37] showed in his research that risk management process requires additional efforts and activities to achieve its goals in a virtual environment with teams worldwide.
Therefore, what we propose is a theoretical framework for the IPTVEs risk management process (Fig. 1), as a combination between linear, circular and creative thinking, involving much more the international project team in the virtual environment, as a factor generating ideas and solutions, knowing that the degree of creativity is very high in such a type of team. The basis for the proposed model is represented by project risk management diagram from ISO 31000 risk management [20], PMBOK 5th edition [24] and Hubbard' risk management cycle [5] (p. 290).
The international project is defined as a project involving multiple locations, entities, organizations and business units [38] (p. 21), they occur when projects include people located beyond the country's borders [39] (p.14) and cross national borders in terms of purpose and nationality of stakeholders [40] (pp. [27][28]. The emergence of the virtual work environment added the feature of ʽvirtual' to international projects, transforming them and requiring a readjustment of management techniques [41], including risk management process. Starting from these definitions and concepts, we consider that the first step is taking into account that the methods used during each phase of the managament process should be established in accordance with the multilateral cooperation and virtual environment of IPTVEs. Besides the fact that new or higher intensity risks appear, certain risks can be identified and managed only through an efficient collaboration at the level of the multiple organizations that carry out the project, creating a common risk management plan [34]. The proposed theoretical framework consists of four phases, the final one, risk control becoming also an input for the first phase, risk indentification, so that it can be understood as a circular process in steps. Risks control represents the execution process of the action plan on risk responses, observation of identified risks and residual risks, identification of new risks and evaluation of the effectiveness of the risk process throughout the entire project cycle [24] (p. 349), that is why it appears on the diagram a continuous information transfer between the output of the risk response phase, namely the risk management plan, and the risk control phase.

Fig.1. IPTV risk management circular process in steps
International project team in the virtual environment is involved in each of the four steps, because it helps to build trust and facilitates adaptation to change and decisions on risk response strategies, besides the creativity side and broader view brought into the process. We also consider that the idea of Salmon [8] can bring efficiency to the process, so that each department will identify its specific risks. Minor and moderate risks should be adressed at department level and major risks that cannot be addressed with the current level of resources in the department must be raised up for the direct attention of the risk manager. All identified risks should be included in the risk management plan having indicated the department, responsable and strategy. The risk management plan is an element of the project management plan and includes details on how the specific risk management activities will be organized and carried out, supporting efficient risk management throughout the project [24] (p.313). Expert judgment is a technique by which certified specialists provide information that can underpin decisions on actions taken on identified risks [24] (p. 346).
During the process, it can be seen that communication also occupies a very important place and appears at each stage, as a circular subprocess. It is important for the project managers and risk managers to have in mind that this will be an intercultural type of communication [42]. Communication and consultation are actions with a clear objective aimed at providing support to project stakeholders in order to understand the risk, its impact, as well as the justification of decisions on specific actions. If the communication means only an exchange of information with the parties involved, the consultation also includes their participation through the feedback provided, thus being able to contribute to the decision-making [20] within the specific phase of risk management process. Communication and consultation methods will be established in accordance with the IPTVE organizational culture and stakeholders needs.

Conclusions and future research directions
The analysis of the specialized literature in the field of risk management in international projects and teams in the virtual environment revealed that the studies undertaken were very few, so there is a consistent need for research in this area.
This paper aimed to offer a graphical theoretical model of the IPTVE risk management as a circular process in steps, highlighting specific elements which have to be taken into account: multilateral cooperation virtual environment, the international project team involvement throughout the process, constant communication and consultation in a virtual and intercultural environment and continuous adjustment of the risk management plan, as a result of the decisions made within the risk response phase and the risk control phase.
Starting from this theoretical model, it will be considered to analyze in depth theoretically but also empirically each of the four steps, starting from the specific methods used in accordance with the virtual and multi-collaborative work environment, with emphasis on analyzing the specific risks and establishing the extent of the impact they may have on IPTVE, their prioritization, methods to minimize them, in identifying barriers that may arise at the level of each step and the ways to overcome them, in order to effectively manage risks, thus contributing to the IPTVEs success.