Bad Ass BA; Peer Review. Part 3.

Clarity

Design and implementation statements are “how” statements; a requirements document has “what” statements that ideally do not imply a desired solution.

If a requirement doesn’t pass your “sniff test”, it likely won’t make sense to anyone else.

If you think the requirement statement is a fragmented thought, other people will too. The BA author may need to request more information (not necessarily more detail).

Statements can become too terse (fragments), or too verbose. “Verbose” can be any of these:

• Too wordy, but the statement is still just one requirement
• More than three lines long.

A statement that is longer than three lines of text is not always verbose, but verify!

Is the text understandable to a business person and understandable by an independent third-party? The problem isn’t just a missing term in the glossary; if the requirement is jargon infested, the BA author should revise it for the benefit of mere mortals.

If not, the BA author may need to provide more information in the requirement, or explanatory text along with the requirement.

If not, does the requirement need more detail to limit it to a single interpretation, or should there be a set of related requirements to reduce the likelihood of ambiguity?

It takes a clever BA to decompile a complex idea and turn it into a requirement. The result of the first attempt may be an overloaded requirement, i.e., a single requirement that is actually more than one requirement. Look for requirements that have more than one relative clause, more than one instance of a semicolon, or the frequent red flag, more than three lines of text. These attributes are often indicators that the requirement needs to be split up into a set of multiple-but-related requirements, each with their own identifier, e.g., Security-011a, Security-011b.

• Sometimes a requirement needs an explanatory note, that is, text that is supplementary to the core requirement. Be sure that the note is separated, even by a blank line, from the core requirement so that it is clear which statement is the requirement and which is the explanatory note. Notes should not have the telltale “shall” verb.
• Sometimes the explanation is a design constraint. Design constraints need to be assembled in their own section such as an appendix section for design constraints, or, at the very least, listed in the Assumptions.

Testable, Verifiable

“I’ll know when I’m happy” is not an acceptable evaluation criterion!

Key, high priority requirements need explicit success criteria and/or metrics. Lower priority requirements or very detailed requirements may have implicit success criteria.

An example of a clear evaluation criterion is a named process that a human or a machine can execute to verify the requirement has been met.

Sometimes the success criteria/metrics get separated from the requirement, e.g., in another section of the document. Use cross-references or some other means for the reader to put the two together.

Weasel words will be the ruin of the project.

Business-Critical Dates

There are many ways to define “critical to the business”. It is important to distinguish “critical” and “important”. In my humble opinion, there are four types of truly “critical” dates:

• Beyond this date there will be an impact on revenue generation
• Beyond this date we will lose the ability to conduct business
• If we miss this date (which we announced to the media) we will be subject to ridicule and derision in the press which will drive our stock price into the ground
• If we miss this date we will be subject to contractual or regulatory sanctions, such as a monetary fine. For example, being out-of-compliance, or a real estate lease date expiring, or a contractual completion date not being achieved.

Even if the date isn’t “critical” by the definition above, a date can be important to the customer and should be identified as such so that the project manager knows about both the date and the expectation.

3rd Parties and Partnerships

Compliance

Compliance requirements often first appear as an assumption. Assumptions can be overlooked during design and implementation. Calling out a compliance requirement ensures that the project test plan will have a line item for verification of compliance. Examples of compliance are data privacy (Personal, Identifying Information (PII)), payment card industry (PCI), legal, financial, and governing entity policy compliance.

Adding the statement, “This project do not have any compliance requirements.” is better than just leaving the Compliance section of the document blank, which looks like the author forgot something.

Business Communication Processes

If the project is going to have an impact on how users do their work, in terms of what they see or what they do, then there needs to be a communications plan. The BA author may think that it is overkill to have a requirement for a standard project deliverable but the manager of the group that provides end user support may see things differently.

Internationalization and Localization

Internationalization, known as I18n (meaning “I – eighteen letters -N”) to people who do this for a living, is the process of planning and implementing products and services so that they can easily be adapted to specific local languages and cultures. Doing the work of translating the text into local language and culture is called localization, aka “L10n”.

Timing / Response

A requirement for “fast response” isn’t testable! “Fast” compared to what? Is less than 10 seconds acceptable? Is less than 2 seconds acceptable?

Reporting

According to best practices, a requirements document should have a business case. That business case identifies the expected ROI for the work that will be done. For the project to be truly successful, it needs to produce the evidence for delivering on the ROI claim.

Unknown, Missing, Incomplete Requirements

Some BRD templates have an “Open Issues” section were unknown, missing, incomplete or “still under discussion” topics are called out. Ideally each issue has the following information to help the BA close the issue:

• A unique identifier for the Issue, this could be as simple as “Issue.1”
• A description of what the issue is
• The date the issue was first identified
• The name of the person responsible for resolving the issue and a target date for that resolution
• A status for the issue, e.g., Open/Closed/Deferred. Seeing a column of “closed” issues is so satisfying.

Requirements Statement Style

Should any particular requirement be specified in more detail? In less detail? It is important that each requirement be stated at an appropriate level of detail, and that all the requirements in a given document be at the same level of detail.

Each company has its own rules for the level of information that should be included in a requirements document. If your company doesn’t have a guideline, here is a possible starting point:

• A Business Requirements Document has project-level requirements that describe the needs of the Stakeholders.
• A Functional/Non-Functional Requirements document has requirements at the software system level and may include requirements at the subsystem-level.
• A System Requirements document has even more detailed requirements.

Requirements in the form of “Ability to …” are ambiguous unless there is a context-setting statement that all requirements describe who or what the actor is. Requirements must identify the actor as a human or an automated agent. “Ability to …” statements create problems because the reader has to guess at whom or what will have the ability.

Consistency of Requirements

It is normal for different groups within a company to have different terms for the same object. For example, in the United States what we call “regulations” may be called “rules” in Europe. It is important to identify both terms in the document’s glossary. Use one term consistently in the requirements.

The most common types of conflict are logical conflict and temporal conflict.

An example of logical conflict is when there is a general requirement for a “green” system, specifically, no printing, and, a conflicting requirement for the automatic generation of the quarterly sales results report to be faxed to the executives in Japan. An example of temporal conflict is when one requirement says that customer satisfaction data will be sent to an FTP site on a weekly basis and another requirement says that customer satisfaction data will be uploaded and processed on a daily basis.

Once such requirements have been identified, there are two possible ways to proceed. Either have the stakeholders come to an agreement, or, create an Open Issue to address the conflict as part of the design effort.

Requirement Traceability

If not, there may be a gap in the body of requirements.

Common problems with Categories of Requirements

• UI requirements are really good at hiding in a category other than a User Interface category.
• System Interface requirements are often distributed throughout a BRD. Assembling interface requirements in one place makes it so much easier to understand what a project need is. Or, if there is a good reason for not moving the interface requirements from their functional category, give the technical team a reason to appreciate the BA by suggesting a table of Interface cross-references so that at least there is a logical assembly.
• Be sure to distinguish internal interfaces from external interfaces. In some companies interface requirements are documented in a separate Interface Requirements Document (IRD) or Interface Control Document (ICD)

Sometimes a statement begins life as a requirement but over the course of revisions, it evolves into something different such as scope, assumption, business rule, or role/responsibility statement.

Business people often use the terms interchangeably. The technical team knows there is a big difference!