Skip to main content

Tag: Requirements

ITIL for BAs – Part VII; What Makes a Service Valuable?

So much of a BA’s life revolves around functional requirements that the non-functional aka supplemental aka Quality of Service (QoS) requirements do not receive the necessary attention.

ITIL V3 defines the value of an IT Service as consisting of:

  1. Utility – the degree to which the service’s attributes have a positive effect on the execution of the customers’ tasks (e.g., steps in a business process), either by providing needed performance (functionality) or removing constraints; and
  2. Warranty – the robustness of the service with respect to availability, capacity, security, and continuity (that is, availability as a result of a catastrophic incident)

The diagram below depicts the relationships between warranty, utility, and their respective elements:

itilspart7_1.png

How useful is a service that is very fit for purpose but not fit for use?  The answer is that the service may have limited usefulness if its overall availability, security and responsiveness characteristics are either unpredictable or predictably very inconsistent.  What about a service that is highly available, secure and responsive, but does not offer the necessary functionality?  It is easier to see in this case the limited value, for the stakeholders’ primary interest is the solution’s functionality.

This model of a service’s value suggests:

  • Elicitation must address both sides of the “fit for use” questions – for example:
    • Not only “how available must the service be”, but also “what is the cost to the business when it is unavailable” and “what is the cost if we cannot recover the service quickly enough as the result of a catastrophic failure”
    • Not only how secure, but what are the costs and risks to the business without that level of security
    • Not only “what is the expected demand” but “what if the solution’s response time degrades with the specified demand parameters”
  • Full understanding of warranty requirements can only be gained relative to the stakeholders’ desired outcomes (this is in fact implied by the question “what are the costs/risks if the solution fails”).
  • Fit-for-use requirements are met through some combination of (a) the architecture that will accommodate the solution and (b) various design elements of the solution that are necessary to make up for deficiencies in the architecture relative to those fit-for-use requirements.
  • Early identification of fit-for-use requirements can help the solution team leverage as much as possible from the existing architecture and then include in the design only what is necessary to close any gap.

It is vitally important to capture the “costs and risks if it fails” for use by Service Owners and the IT support team once the solution is in operation, as that information is the basis for IT’s prioritization of pending Incidents.

As I noted in the previous post, the BABOK first takes on QoS requirements explicitly in the Requirements Analysis coverage (Chapter 6).  Hopefully you will interpret the above to mean that there is a lot of value in addressing those requirements (a) much earlier in the elicitation activities and (b) with the involvement of a core leadership team including the IT architect and lead software engineer (among others).

Here’s hoping that your 2009 is off to a great start!

The Importance of Requirements Traceability

Discovering a list of requirements and then not linking them to design, construction and testing often results in the delivery of a system that may not fully support the business process which it was intended to automate. Only through traceability can the project team ensure that all requirements are implemented. Traceability assures the business stakeholders that the developed system supports their original requirements.

Client Story: A Large Financial Institution

A large financial institution recognized that their IT projects were consistently not meeting the expectations of the project stakeholders. Delivery of systems with missing or incorrect business requirements resulted in modification of business process or expensive workarounds so that the system could be used. Consequently, many costly change requests were generated, often to implement requirements which were identified during the requirements phase of the project lifecycle.

Lessons Learned

  1. Each element of the design must come from the business requirements.
  2. In order for the system to deliver value it must support the process. The system is based on the design. Therefore, the design must be based on the process the system is to support.
  3. To ensure expectations are met, test cases should be based on business requirements, not technical design.

The client did an analysis of several projects which delivered systems that did not fully meet requirements and determined that the root of the problem was an inconsistent methodology to elicit and document business requirements. After a search process, IAG was selected to assess the organizational maturity in the area of requirements. IAG was also tasked with developing a customized optimal requirements process based on industry and organizational best practices as well as IAG practical experience gained on hundreds of requirements projects.

Recipe for Success

In order to determine the root cause of the requirements deficiencies, IAG conducted a Requirements Management Maturity Assessment (RMMATM). The RMMA is used for the identification and improvement of an organization’s business analysis, requirements definition and requirements management capabilities. The assessment evaluates not only organizational capabilities with respect to process, but also staff competency, practices and techniques, tools employed, organizational infrastructure and support, deliverables, and results which are currently being achieved.

IAG conducted a series of structured interviews with stakeholder groups including Business Analysts, Project Managers and key members from Lines of Business and IT. Additionally, IAG administered an assessment survey and a Business Analyst competency test to measure perceived and actual skill levels of the staff responsible for requirements management. Several common themes arose while conducting interviews with stakeholder groups, one of which was the lack of traceability after the requirements had been discovered. A number of key stakeholders went so far as to voice their skepticism about the success of any new requirements methodology since past projects had been implemented without incorporating all requirements discovered under previously-used practices. It was determined that the root cause of these past failures was that once business requirements were documented and handed over to the design and construction teams, they were not referenced going forward. In fact, test cases usually tested the design rather than the business requirements; if requirements did not make it into the design, testing would not catch the problem.

“For the first time, this approach provides us with a flexible and adaptable approach that takes us from our clients’ true business requirements seamlessly through software design. We also generate our test cases right at the start and ensure traceability through our SDLC.”

J.S., AVP Individual Systems

Upon completion of the RMMA, IAG produced a Requirements Practices Guide which included both an elicitation framework androbust tracking of requirements from discovery through testing and implementation. IAG then demonstrated the value of traceability through the success of several projects, in which the Financial Institution engaged IAG as a partner during the Requirements Phase. The Financial Institution now writes functional requirements which are derived directly from the business requirements discovered when describing the business process. These requirements are managed using a Requirements Traceability Matrix connecting them to design and testing elements and even linking change requests created during the course of the project. This has resulted in a dramatic decrease in missed requirements as demonstrated by a 75%reduction in change requests on similarly-sized projects.

Advice for Project Managers

When managing your project’s requirements consider what was needed in this client’s case: a better process to create functional requirements for each business component to be automated, as well as, the ability to trace those requirements through design, construction and testing to ensure each business requirement is satisfied as intended.

The client’s expectations are that the system performs functions to support their business process, as documented in their business requirements. Therefore, you have to reflect your client’s business process in the functional requirements. Ultimately, you must deliver a system which allows the business to function in its desired state. You can achieve this by creating a functional requirement for each business component to be automated – but – don’t forget to trace each requirement through the development lifecycle. Both are needed to ensure the system meets stakeholder expectations.


Duncan McDonald is a Senior Consultant at IAG Consulting (http://www.iag.biz/) with over 20 years of experience in bringing practical advice to clients across many industries.  Duncan has completed dozens of large-scale requirements projects with IAG’s clients as a lead requirements facilitator and requirements architect.  As a requirements trainer and best practices advisor, Duncan has also supported a variety of large clients in becoming more efficient in requirements discovery and management practices.  Duncan is a sought-after consultant, who brings pragmatic solutions to clients that want dramatic performance gains. 

The BAs are Coming! The BAs are Coming!

BA Fire Alert!  How will the new Administration impact Business Analysis?  Please go to http://citizensbriefingbook.change.gov/ideas/viewIdea.apexp?id=087800000004t42&srPos=2&srKp=087 ASAP and vote!  There is a nationwide “brainstorming elicitation” being performed by the Obama transition team, and the idea in the link above is a BA clarion call!  This is your chance to be heard in an important new way, using a state of the art elicitation technique.

If you don’t like the idea you see, add your own, but PLEASE get involved – this is important.  It is a unique chance to lobby on a level playing field.  Tell your friends, your bosses, your professional colleagues, your government employee friends, spread the link by email, use your Linked In contacts, Facebook, the works!

The inspiration for the above initiative is that a different kind of Story from the Front has come to my attention. We are so consumed with our experience of BA (or its lack of practice in our immediate environment) that we don’t think about what this means for people’s lives.  Thinking about this is important; it keeps us in other people’s shoes, and is good practice in learning how to “say” things to be heard, supported, and gain consensus.

Check these samples out, and send me an email ([email protected]) letting me know which one(s) you relate to the most, and sharing YOUR story.

Story 1

“I certainly agree that business analysis has real value in the government sector. It may be interesting to note that I am currently engaged as a consultant in a Feasibility Study and Cost/Benefit Analysis for a state government project. I am proud of the techniques and skills that I, as a BA, can bring to the team performing the Feasibility Study and to the client who is fully committed to supporting the effort.  

“The business problem goes well beyond abstract notions of IT and process. It impacts thousands of children who are subject to abuse and neglect, foster and adoptive parents who take them under their care, case workers who become their advocates, and community organizations and private providers who deliver vital services.”

Story 2

“I recently was asked to join a government project for a federal government web service that was struggling with requirements.  With the support of another CBAP, we were able to help improve the requirements somewhat, but only with incredible resistance from the project management itself.  This resistance came in spite of the fact that CBAPs were hired specifically to satisfy the government that the requirements were being handled well.

“While the project will go on to “succeed”, there were cheap, powerful opportunities missed, all because project management had better ideas than stakeholders. I saw this as a direct “violation” of BA values, and did what I could to encourage stakeholder ideas. 

 “When you realize that the project would be a great benefit to this agency’s “clients”, it is a shame that these opportunities were missed. But I am confident that they will be  implemented in time – requirements get “paid now or paid later”, as always.

“As BA is increasingly better understood, I am guessing that this resistance will diminish.  The government clients were pleased enough with the CBAPs’ work, and felt they had been heard well when we were done.  The project management contract was not renewed, and one of the CBAPs was brought back to follow up with requirements on the development side.

“Like life, this was imperfect and messy, yet there is a positive trend in the outcome.  Clients ultimately love the integrity of the BA values and approach, and I love being a CBAP, and I love that the government “clients” in this case will get a better service from my contribution.”

Keep sending me your stories, and remember the people that we ultimately serve!

Thanks to my gentle readers for their frankness and willingness to share.

More shall be revealed.

Have fun!

ITIL for BAs. Part VI; “Non-functional Requirements”

The two most recent posts about ITIL for BAs emphasized the roles of the IT Service, the Service Catalog, Service Level Management, and the Service Owner in encapsulating IT as a Service Provider.

It would be natural at this point to explore the ITIL/BA relationship from the Service life cycle point of view.  Much of both Service Strategy and Service Design address what are typically referred to as non-functional or supplemental requirements.  ITIL refers to them as Quality of Service (QoS) requirements.

Other BAs have rightfully pointed out (here is a good example) that QoS requirements frequently do not get the attention they deserve.  There are a number of contributing factors:

  • Stakeholders in QoS requirements are generally not the same as the functional requirements stakeholders
  • The negotiations involved in QoS requirements and functional requirements are different:
    • Functional requirements are normally negotiated by reconciling scope, schedule, and cost factors with development/test/release resources.
    • QoS requirements need to be negotiated by reconciling quality characteristics (availability, capacity, continuity, etc.) with IT infrastructure capabilities (assets), constraints (architecture), and even policy (especially in the area of information security management)
  • Elicitation techniques such as brainstorming, focus groups, interface identification, prototyping, requirements workshops, and reverse engineering are primarily used for functional requirements elicitation.
  • QoS requirements traceability is evasive; it’s one matter to trace the relationship between a function point in a software library to a step in a business process; it’s quite another matter to trace, say, the specific capacity characteristics of a particular IT component to the variety of business demands relying on that capacity.

It is also interesting to note that the BABOK addresses non-functional requirements most fully in Requirements Analysis rather than in Elicitation. 

ITIL’s coverage of QoS requirements is explicit, robust, and effective at contributing to deep business/IT integration.  This is evident particularly in the processes defined (Demand Management, Capacity Management, etc.), the extent to which those processes are embedded in the early stages of the IT Service life cycle, and the way in which ITIL defines “utility” (what the IT Service can do) and “warranty” (how well it does it) and then relates utility and warranty directly to their role in business strategy.  In my next post, we’ll cover that in more detail and then move into specific QoS-related processes and roles.

If you have any good stories to share about your BA experiences and the challenges around QoS requirements, please share them – your comments are great food for thought for your fellow BAs.

Meanwhile, Happy New Year to you and yours!

Can I have My Requirements and Test Them Too?

A study by James Martin, An Information Systems Manifesto (ISBN 0134647696) has concluded that 56% of all errors are introduced in the requirements phase and are attributed primarily to poorly written, ambiguous, unclear or missed requirements  Requirements-Based Testing (RBT) addresses this issue by validating requirements to clear any ambiguity or identifying gaps. Essentially, under this methodology you initiate test case development before any design or implementation begins.

Requirements-based testing is not a new concept in software engineering – in fact you may know it as requirements driven testing or some other term entirely – and has been indoctrinated in several software engineering methodologies and quality management frameworks.  In its basic form, it means to start testing activities early in the life cycle beginning with the requirements and design phase and then integrating them all the way through implementation. The process to combine business users, domain experts, requirements authors and testers; and obtain commitments on validated requirements forms the baseline for all development activities. 

The reviewing of test cases by requirements authors and, in some cases, by end users, ensures that you are not only building the right systems (validation) but also building the systems right (verification).  As the development process moves along the software development life cycle, the testing activities are then integrated in the design phase. Since the test case restates the requirements in terms of cause and effect, it can be used to validate the design and its capability to meet the requirements. This means any change in requirements, design or test cases must be carefully integrated in the software life cycle.

So what does this mean in terms of your own software development lifecycle or the overarching methodology? Does it mean that you have to throw out your Software Development Life Cycle (SDLC) process and adopt RBT? The answer is no!. RBT is not an SDLC methodology but simply a best practice that can be embedded in any methodology. Whether the requirements are captured as use cases, as in Unified Process, or scenarios/user stories, as in Agile development models, the practice of integrating requirements with testing early on helps in creating requirement artifacts that are clear, unambiguous and testable. This not only benefits the testing organization but the entire project team. However, the implementation of RBT is much cleaner in formal waterfall-based or waterfall derived approaches and can be more challenging in less formal ones such as Agile or Iterative-based models. Even in the most extreme of the Agile approaches, such as XP, constant validation of requirements is mandated in the form of ‘customer’ or ‘voice of the customer’ sitting side-by-side with the developers.

To illustrate this, let us take the case of an iterative development approach where the requirements are sliced and prioritized for implementation in multiple iterations. The high-risk requirements, such as non-functional or architectural requirements, are typically slated in initial iterations.  Iterations are like sub-projects within the context of a complete software development project. In order to obtain validated test cases, the team consisting of requirements authors, domain experts and testers cycle through the following three sets of activities.

  • Validate business objectives, perform ambiguity analysis. Requirement-test case mapping.
  • Define and formalize requirements and test cases.
  • Review of test cases by requirements authors and domain experts.
canihave1.png

 

Any feedback or changes are quickly incorporated and requirements are corrected. This process is followed until all requirements and test cases are fully validated.

Simply incorporating core RBT principles into your methodology does not imply that fewer errors will be introduced in the requirements phase. What it will do is catch more errors early on in the development process. You have to supplement any RBT exercise by ensuring you have the means to build integrated and version-controlled requirements and test management repositories. You must also have capabilities to detect, automate and report changes to highly interdependent engineering artifacts.  This means proper configuration and change management practices to facilitate timely sharing of this information across teams. For example, if the design changes, the impact of this change must be notified to both the requirements authors and the test teams so that appropriate artifacts are changed and re-validated.

Automating key aspects of RBT also provides the foundation for mining metrics around code and requirements coverage, and can be a leading indicator of the quality of your requirements and test cases. True benefit from the RBT requires a certain level of organizational maturity and automation. The business benefits from having increased software quality and predictable project delivery timelines.  Thus, by integrating testing with your requirements and design activities, you can reduce your overall development time and greatly reduce project risk.


Sammy Wahab is an ALM and Process consultant at MKS Inc. helping clients evaluate, automate and optimize application delivery using MKS Integrity. Mr. Wahab has helped organizations with SDLC and ITSM processes and methodologies supporting quality frameworks such as CMMI and ITIL. He has presented Software Process Automation at several industry events including Microsoft Tech-Ed, Java One, PMI, CA-World, SPIN, CIPS, SSTC (DoD). Mr. Wahab has spent over 20 years in technical, consulting and management roles from software developer to Chief Technology Officer with companies including Tenrox, Osellus, American Express, Parsons, Isopia Compro and Iciniti. Mr. Wahab holds a Masters in Business Administration from the University of Western Ontario.