The CHAOS Report has consistently identified poor requirements as the leading cause of project failure — across industries, methodologies, and company sizes. Not poor engineering. Not budget overruns. Not scope creep. Poor requirements. If you want to understand why most software projects fail to deliver their intended value, this is where to look.
Requirements gathering is the most critical skill a Business Analyst owns. It's also the most consistently underestimated. Here's the framework I've developed through real engagements to ensure nothing critical gets missed.
Understanding the Types of Requirements
Before gathering anything, you need clarity on what you're gathering. Requirements fall into three categories, each serving a different function in defining what needs to be built:
Business Requirements
These define the 'why' — the organisational goal the solution needs to achieve. 'Reduce customer churn by 15% within 12 months.' 'Eliminate manual data entry from the invoicing process.' Business requirements anchor everything else. When scope debates arise later, you return to these to resolve them.
Functional Requirements
These define what the system must do — the specific behaviours, features, and capabilities needed to achieve the business requirement. 'The system must allow users to filter invoices by status, date range, and client.' 'The dashboard must refresh data every 4 hours automatically.' These are the requirements developers build to.
Non-Functional Requirements
These define how the system must perform — quality attributes like performance, security, scalability, and usability. They're frequently overlooked in requirements documentation and consistently responsible for post-launch problems. 'The system must load within 2 seconds for 95% of requests.' 'All user data must be encrypted at rest and in transit.'
A requirements document without non-functional requirements is a half-finished document. Systems that work but perform poorly, expose data, or can't scale are failed systems.
The Five Elicitation Techniques
Elicitation is the process of drawing requirements out of stakeholders — and it's as much an art as a science. Different stakeholders, different problems, and different organisational contexts require different approaches. These five techniques cover the majority of situations:
1. Structured Interviews
One-on-one conversations with key stakeholders, guided by prepared questions but open to exploration. The most important rule: listen more than you talk. Use open questions ('Tell me about the current process') before closed ones ('Does the current system do X?'). Silence is not a problem — it's often where the most important information emerges.
2. Requirements Workshops
Facilitated group sessions designed to elicit, align, and validate requirements across multiple stakeholders simultaneously. Workshops are particularly valuable when stakeholders have conflicting views — the facilitated format surfaces disagreements in a controlled environment, rather than letting them emerge as surprises during delivery.
3. Process Observation
Watching stakeholders work — physically or remotely — to understand how processes actually function rather than how they're described in documentation or by management. What people say they do and what they actually do are consistently different. Observation closes that gap.
4. Document Analysis
Reviewing existing documentation — process maps, system manuals, previous requirements documents, audit reports, complaints logs — to extract baseline requirements and identify gaps or contradictions. Often the most efficient way to understand what exists before designing what should.
5. Surveys and Questionnaires
Useful for gathering input from a large number of stakeholders where one-on-one interviews aren't practical. Best suited for quantitative questions and closed-choice data rather than exploratory requirements. Always follow up on outlier responses — they frequently signal important edge cases.
The SMART Requirements Framework
A requirement that isn't testable isn't a requirement — it's an aspiration. Every functional requirement you write should pass the SMART test:
- Specific — it describes exactly one behaviour or capability, not a general category
- Measurable — there is a clear way to verify whether the requirement has been met
- Achievable — it is technically feasible within the project constraints
- Relevant — it directly supports a stated business requirement
- Traceable — it can be linked back to its source and forward to its test case
Run every requirement you write through this checklist. If it fails any single criterion, rewrite it before it goes into the document.
“Ambiguous requirements are not better than no requirements. They're worse — they create the illusion that everyone is aligned when they aren't.”
The Seven Most Common Pitfalls
In every engagement where requirements have caused problems, the root cause is almost always one of the following:
- Assuming instead of confirming — BAs filling gaps in their understanding with assumptions rather than follow-up questions
- Capturing solutions instead of needs — stakeholders describing what they want the system to do rather than what business problem they need solved
- Missing edge cases — requirements that cover the happy path but fail to address exceptions, errors, and boundary conditions
- Ignoring non-functional requirements — performance, security, and scalability overlooked until post-launch
- Insufficient stakeholder coverage — requirements elicited from a vocal minority while key users are not consulted
- Requirements that can't be tested — vague language like 'the system should be user-friendly' with no measurable criterion
- No traceability — requirements that can't be linked back to a business objective or forward to a test case
Documentation Best Practices
Requirements live in documents — and how those documents are structured matters as much as what they contain. These practices ensure your requirements documentation actually serves its purpose:
- Use a consistent template — structure reduces cognitive load for readers and ensures nothing is systematically missed
- Number every requirement — this enables precise traceability and unambiguous reference in conversations and test cases
- Include the rationale — for each requirement, record why it exists so future teams can make informed decisions about changes
- Separate must-haves from nice-to-haves — using MoSCoW prioritisation (Must Have, Should Have, Could Have, Won't Have)
- Version control the document — every requirements document should have a version history and a sign-off log
- Link to test cases — every functional requirement should have at least one corresponding acceptance criterion
Validation: The Step Most BAs Skip
Writing requirements is necessary but not sufficient. Those requirements need to be validated — confirmed with stakeholders to ensure they accurately represent what's needed, and reviewed for completeness, consistency, and testability.
Structured walkthroughs — where the BA presents each requirement to relevant stakeholders and invites challenge — are the most effective validation technique. They surface misunderstandings before they become built-in defects.
Requirements signed off without a structured walkthrough are requirements that haven't actually been validated. The sign-off is not the validation — the conversation is.
Putting It Together
Requirements gathering is a process, not an event. It begins before the first stakeholder meeting and doesn't end until the solution is validated against the original business objectives. The BAs who consistently produce clear, complete, testable requirements share one trait: they treat every conversation as an opportunity to surface something they don't yet know.
Follow the framework. Apply the SMART criteria. Run every document through the pitfall checklist. Validate everything. The investment is front-loaded, but the savings — in rework, in misaligned delivery, in post-launch fixes — are substantial.