By Susan de la Vergne
Warning: If you read this story, you may just want to change how you manage requirements.
Roger was the business analyst in charge of gathering and documenting system requirements on a major business IT project when he was asked to assume the role of project manager. He happily accepted and, tucking his 200-page requirements Word document under his arm, moved into a new cubicle closer to the team.
He was new to project management and had hoped for an opportunity like this for some time. To say he was eager to be successful in this role would be an understatement. Thanks to his business analyst role, he knew the business and technical requirements work well and felt especially ready to take on project leadership.
Roger’s requirements volume was impressive. He’d organized it into discrete chapters, each one describing a different aspect of functionality the system would provide. He’d written long and winding sentences to describe the business rules the system needed to implement, the planned interactions of man and machine, the performance requirements, security issues, and more. In long lists, he’d catalogued and described end-to-end processes and created detailed data definitions. He had gathered requirements in sessions with subject matter experts (SMEs) and now considered himself a SME, which was not an opinion shared by other SMEs, alas.
Roger did not replace himself as business analyst on the project. He decided to be both PM and BA.
Changes to the Requirements
As the project moved into the design phase, questions came in from the design team about specific requirements, questions requiring answers from the SME’s. But some of these questions required significant research (like, how was that data element used in numerous other systems?). Other questions inspired outright debate among the SMEs, and Roger couldn’t get them to come to consensus. Unwilling to fall behind schedule, he simply decided what the answers should be (his opinion of himself as a SME coming in handy). He revised the document accordingly and moved on, intending simply to keep the project on schedule. Occasionally he re-published to the SMEs the now-300-page requirements PDF, but he knew they weren’t reading it. Each SME assumed some other SME was keeping up with the changes, but Roger was right: no one was reading it.
Until one day one of them did.
The Horrible Realization
Laura Lee, the senior manager among the SMEs, took the 300-page volume with her on a weekend trip to the beach where she set aside time to pour over it. What she found was a disturbing mix of fact and fiction—that is, the correct, early work of the SMEs now quite altered, in some case corrupted, by the significant decisions Roger had unilaterally applied. He’d crafted an amazing work, interleaving approved SME input with his own interpretations, and she realized to her horror that the design team was using this to guide their work!
What Went Wrong?
It’s easy to fault project management practices here. Roger was an inexperienced PM, not using proper controls and reviews to manage requirements creep. But there’s another culprit here that even the best project management practices can’t compensate for: the requirements management process itself.
The requirements were all entangled in a single monstrous volume, an easy place to bury changes, which is what Roger was effectively doing. But regardless of the tool into which they’re captured, progress on requirements and changes to them must be measured. In the case of “Roger and the Requirements Morass,” there were no indicators to tell the SMEs or the designers how much of the content was new, revised, or already approved.
Requirements should be managed as an inventory of individually numbered, accurately described, discrete, testable units. Each discrete requirement needs a status indicator, and the status indicator has to be kept current as status changes. Is the status of the requirement new? Approved? Draft? Revised? Deferred? Cancelled?
Also, each requirement needs a type indicator. What kind of a requirement is this? A security requirement? A usability requirement? A regulatory requirement?
Each requirement also needs a priority assignment (high, medium, low). And, of course, each requirement also needs a unique identifier, that is, a number (which, like the jerseys of famous basketball players, retires with it if the requirement is cancelled).
The Analyst’s job, throughout the life of the project, is of course to add to requirements as they come up and to clarify them and—just as important—to maintain status, type, and priority indicators. Without those, it’s impossible for the PM to effect good change control because there’s no window into how, and how much, the requirements are changing.
The indicators let you produce statistics—for example, how many requirements are cancelled, deferred, or new? It’s always interesting, for example, to take a reading long after requirements are supposedly done and find a whole wad of “new” requirements that are “high” priority. Now there’s a data point worth paying attention to!
Poor Roger. If he’d only known.