Meeting the contract
When IT undertakes a development project, it signs? figuratively or literally?a contract with the business. The contract spells out what requirements will be fulfilled and when they will be delivered. Further, IT commits to a level of quality in the product that assures its success when deployed. No attorney would permit a client to sign a legal contract unless all the risks were known, yet IT departments often lack the ability to quantify and respond to the risks that arise during development and test. Requirements management?as part of a comprehensive software quality management system?helps IT quantify the risks associated with each requirement and make informed decisions about resource allocation and release.
More than 60 percent of IT organizations that use an automated software quality system use HP Quality Center software. HP Quality Center software goes beyond traditional approaches to requirements management by allowing quality managers to reduce risk and optimize the business outcome of the project. This paper shows how it does this by tracing requirements from definition to release and by giving IT and business managers real data to support decisions about contract fulfillment.
The requirements management problem
The dynamics of software quality management are well understood. For example, most people know that the majority of software defects are introduced early in the application lifecycle but found much later. As shown in Figure 1, the National Institute of Standards and Technology (NIST) estimates about 70 percent of software defects are introduced in the requirements phase.2 And the later they are found, the more expensive they are to fix. According to one study, the cost to fix a defect after delivery is more than100 times the cost to fix it in the requirements and design phase. These facts highlight the need for close collaboration with business users, careful, unambiguous requirements definition and management of requirements throughout the application lifecycle.
Managing requirements through definition, development, test and release is a joint effort between business analysts?who represent the customer's needs?and software quality managers who shepherd them through the testing and release process. When their name is on the contract, business analysts must:
-Define concise and unambiguous requirements.
-Establish the business value of each requirement.
-Quantify the risk associated with each requirement.
-Understand the dependencies of each requirement.
Software quality managers have critical questions to answer:
-Are the requirements verifiable when implemented?
-Are the requirements realistic, and how will they be implemented and tested?
-Where do I assign testing resources for increased efficiency and reduced risk?
- Is the planned testing for the requirement a good trade-off between the requirement's business value and its risk?
Even with careful planning, requirements change, and changes ripple through development, test and release. Changes pose additional questions:
-How does the change affect other requirements?
-What tests are affected by the change?
-What new risks are introduced by the change?
-What is the effect on release?
Without answers to the questions above, trade-off decisions become a crapshoot. Analysts may believe one requirement is more important than another, but they cannot show why. Test planners may decide to reduce the test effort on some requirements, but they cannot quantify the risk of doing so, and they cannot demonstrate that the risk is justified given the business value of the requirement. When functionality must be dropped from a release, no one can demonstrate to the business that the proposed change offers the best business value at the appropriate risk point compared to other alternatives.
An effective requirements management system must help both business analysts and quality managers meet their commitments with limited resources and in the face of inevitable change. They need a structured way to manage requirements, and they need real data to evaluate alternatives. Just as important, they need a way to engage business users in a meaningful conversation about business value and risk. HP Quality Center software helps them do that.
A better approach
Many software vendors offer requirements management as a silo in a quality management system, but risk-based requirements and quality management are inseparable from the larger process of managing the planning, test and release of a software system.
