This task does a detailed assessment of the likely risks. Quantify each one of these risks by specifying the following risk elements, as defined by Tim Lister and Tom DeMarco:
Look at each missing requirement and ask this question: Is this type of requirement relevant within the system, and would I expect to have this requirement specified? For instance, in a safety-critical system you would expect to have a detailed specification of requirements that relate to damage to people and property, whereas in an inventory control system it would be reasonable for this type of requirement to be absent. If you determine that a relevant requirement is missing, then quantify it as a risk and add it to the risk analysis. The resulting risk analysis contains an assessment of all the risks that you have identified as a result of reviewing your requirement specification. Diagram 7.3. Estimate Effort |