BAI02
(Manage Requirements Definition )

Define and implement a requirements definition and maintenance procedure and a requirements repository that are appropriate for the size, complexity, objectives and risk of the initiative that the enterprise is considering undertaking.

Express business requirements in terms of how the gap between current and desired business capabilities needs to be addressed and how a role will interact with and use the solution.

Throughout the project, elicit, analyze and confirm that all stakeholder requirements, including relevant acceptance criteria, are considered, captured, prioritized and recorded in a way that is understandable to the stakeholders, business sponsors and technical implementation personnel, recognizing that the requirements may change and will become more detailed as they are implemented.

Specify and prioritize the information, functional and technical requirements based on the confirmed stakeholder requirements. Include information control requirements in the business processes, automated processes and IT environments to address information risk and to comply with laws, regulations and commercial contracts.

Validate all requirements through approaches such as peer review, model validation or operational prototyping.

Confirm acceptance of key aspects of the requirements, including enterprise rules, information controls, business continuity, legal and regulatory compliance, auditability, ergonomics, operability and usability, safety, and supporting documentation.

Track and control scope, requirements and changes through the life cycle of the solution throughout the project as understanding of the solution evolves.

Consider requirements relating to enterprise policies and standards, enterprise architecture, strategic and tactical IT plans, in-house and outsourced business and IT processes, security requirements, regulatory requirements, people competencies, organizational structure, business case, and enabling technology.

Define and execute a feasibility study, pilot or basic working solution that clearly and concisely describes the alternative solutions that will satisfy the business and functional requirements. Include an evaluation of their technological and economic feasibility.

Identify required actions for solution acquisition or development based on the enterprise architecture, and take into account scope and/or time and/or budget limitations.

Review the alternative solutions with all stakeholders and select the most appropriate one based on feasibility criteria, including risk and cost.

Translate the preferred course of action into a high-level acquisition/development plan identifying resources to be used and stages requiring a go/no-go decision.

Involve the stakeholders to create a list of potential quality, functional, and technical requirements and risk related to information processing (due to, e.g., lack of user involvement, unrealistic expectations, developers adding unnecessary functionality).

Analyze and prioritize the requirements risk according to probability and impact. If applicable, determine budget and schedule impacts.

Identify ways to control, avoid or mitigate the requirements risk in order of priority

Ensure that the business sponsor or product owner makes the final decision with respect to the choice of solution, acquisition approach and high-level design, according to the business case. Co-ordinate feedback from affected stakeholders and obtain sign-off from appropriate business and technical authorities (e.g., business process owner, enterprise architect, operations manager, security) for the proposed approach.

Obtain quality reviews throughout, and at the end of, each key project stage, iteration or release to assess the results against the original acceptance criteria. Have business sponsors and other stakeholders sign off on each successful quality review.