Back to Software Engineering & Delivery Mastery Series

Part 5: Requirements, Specifications & the WRSPM Model

May 13, 2026 Wasil Zafar 60 min read

The most expensive bugs aren't coding errors — they're requirements errors. This article surveys the full landscape of requirements engineering — from WRSPM and KAOS to Jackson's Problem Frames, GORE, SysML, BDD, and User Story Mapping — giving you both theoretical rigour and practical tools for every project context.

Table of Contents

  1. Introduction
  2. What Are Requirements?
  3. Requirements vs Specifications
  4. Functional vs Non-Functional
  5. Requirements Elicitation
  6. The WRSPM Model
  7. WRSPM Applied Examples
  8. The RE Frameworks Landscape
  9. Formal & Academic Models
  10. Methodological Alternatives
  11. Model-Driven & MBSE
  12. Agile & Iterative Frameworks
  13. Framework Comparison
  14. Requirements Documentation
  15. Requirements Validation
  16. Common Pitfalls
  17. AI-Enhanced Requirements
  18. Exercises
  19. Conclusion & Next Steps

Introduction — Why Requirements Matter

Here is a statistic that should alarm every software professional: according to the Standish Group's CHAOS Report, over 60% of software project failures trace back not to bad code, not to poor architecture, not to infrastructure problems — but to requirements issues. Incomplete requirements. Ambiguous requirements. Wrong requirements. Missing requirements.

The cost multiplier is devastating. A requirements error caught during the requirements phase itself costs roughly $1 to fix. Caught during design, it costs $5. During coding, $10. During testing, $20. In production? $100 to $1,000. This is the famous "1-10-100" rule, validated repeatedly by researchers from Barry Boehm (1981) to modern empirical studies.

Critical Reality: Frederick Brooks, in his landmark essay No Silver Bullet (1986), argued that the hardest part of building software is not writing code — it is deciding what to build. The "essential complexity" of software lies in the conceptual structures we must get right: the requirements. No tool, no language, no methodology eliminates this fundamental difficulty.

The Requirements Gap

The requirements gap is the distance between what stakeholders actually need and what the development team actually builds. This gap exists because:

  • Stakeholders can't articulate what they want — they know it when they see it, but they can't describe it precisely in advance
  • Engineers assume context — they fill in gaps with their own assumptions, often incorrectly
  • Language is inherently ambiguous — the word "fast" means something different to a UX designer, a database administrator, and an end user
  • Requirements change — the business environment shifts, competitors launch new features, regulations evolve
  • Translation loss — every time requirements pass from one person to another (stakeholder → analyst → architect → developer), information degrades
The Requirements Gap
flowchart LR
    A[What stakeholders
actually need] --> B[What stakeholders
say they want] B --> C[What analysts
document] C --> D[What architects
design] D --> E[What developers
build] E --> F[What users
actually get] style A fill:#3B9797,color:#fff style F fill:#BF092F,color:#fff

At every arrow in this diagram, information is lost, assumptions are injected, and the gap widens. Requirements engineering exists to minimise this gap systematically.

What Are Requirements?

Definition: A requirement is a statement about what a system must do or how it must behave, expressed from the perspective of stakeholders and the problem domain — without prescribing implementation details.

Requirements answer the question: "What should the system do?" — not "How should the system do it?" This distinction is fundamental. Requirements live in the problem space; solutions live in the solution space.

Consider these examples:

  • Requirement: "Customers must be able to track their order status in real time."
  • NOT a requirement: "The system shall use WebSockets to push order status updates to a React frontend component."

The first describes a user need. The second describes an implementation decision. Both are valid and necessary — but they belong in different documents, are owned by different people, and change for different reasons.

The Bridge Metaphor

Think of requirements as a bridge between two worlds that speak different languages:

  • The Business World — speaks in terms of revenue, customers, compliance, competitive advantage, user satisfaction
  • The Engineering World — speaks in terms of APIs, databases, latency, throughput, error handling, scalability

Requirements are the translation layer. They take business intent and express it in terms precise enough for engineers to build against, while remaining understandable to business stakeholders. This dual-audience nature is what makes requirements hard.

Requirements vs Specifications

Many engineers use "requirements" and "specifications" interchangeably. This is a mistake that leads to confusion, scope creep, and miscommunication. They are different artefacts with different purposes.

A requirement says what the user needs. A specification says precisely how the system will satisfy that need at the boundary between the system and its environment.

Here is a concrete example:

Requirement: "Users must be able to reset their password."
Specification: "The system SHALL send a password reset email containing a unique, cryptographically random token (valid for 30 minutes) to the registered email address when the user clicks 'Forgot Password' on the login page. The token SHALL be invalidated after single use. The system SHALL rate-limit reset requests to 3 per hour per email address."

Notice the leap in precision. The specification adds timing constraints, security properties, rate limiting, and specific trigger conditions — all of which are engineering decisions that refine the original user need.

Comparison Across Dimensions

Dimension Requirements Specifications
Audience Business stakeholders, product owners, users Engineers, architects, QA teams
Language Natural language, business terminology Precise, often using SHALL/SHOULD/MAY (RFC 2119)
Detail Level High-level intent and constraints Detailed behaviour at system interfaces
Ownership Product owner / business analyst Systems engineer / architect
Stability Changes with business needs (moderate churn) Changes with design decisions (higher churn)
Testability Often qualitative ("easy to use") Always quantitatively verifiable
Perspective Problem space (what the world needs) Solution space (what the system does)
Example Format User stories, use cases SRS sections, interface contracts

Functional vs Non-Functional Requirements

Requirements divide into two fundamental categories: functional (what the system does) and non-functional (how well the system does it). This distinction shapes architecture, testing strategies, and project priorities.

Functional Requirements

Functional requirements describe specific behaviours or functions of the system — the features users interact with directly. They answer: "What should the system do when X happens?"

  • Users can create an account with email and password
  • The system processes credit card payments via Stripe
  • Administrators can export reports as CSV files
  • The search function returns results ranked by relevance
  • Users receive email notifications when their order ships

Non-Functional Requirements (Quality Attributes)

Non-functional requirements (NFRs) describe qualities or constraints on how the system performs its functions. They are often called "quality attributes" or "-ilities" (reliability, scalability, maintainability, etc.).

Why NFRs Matter More: Functional requirements tell you what to build. Non-functional requirements determine whether anyone will actually use it. A payment system that processes transactions (functional ✓) but takes 45 seconds per transaction (performance ✗) is worthless. NFRs are the difference between a system that works and a system that succeeds.
NFR Category Description Example How to Measure
Performance Speed and throughput Page loads in <2 seconds at P95 Load testing, APM metrics
Scalability Handling growth in load Support 10,000 concurrent users Stress testing, auto-scaling metrics
Reliability Consistency of correct operation 99.9% uptime (8.76 hours downtime/year) Uptime monitoring, MTBF
Security Protection against threats All data encrypted at rest (AES-256) Penetration testing, audits
Usability Ease of use New users complete onboarding in <5 minutes User testing, SUS score
Maintainability Ease of modification New payment provider integrates in <2 sprints Code complexity metrics, change lead time
Portability Adaptability to environments Runs on AWS, Azure, and GCP Deployment testing across platforms
Accessibility Usability for all users WCAG 2.1 AA compliance Automated a11y scanning, manual audit

The FURPS+ Model

Hewlett-Packard developed FURPS+ as a comprehensive classification system for requirements. It remains widely used in enterprise software:

  • F — Functionality (features, capabilities, security)
  • U — Usability (aesthetics, consistency, documentation, responsiveness)
  • R — Reliability (availability, failure rate, recoverability, predictability)
  • P — Performance (speed, throughput, capacity, resource consumption)
  • S — Supportability (testability, extensibility, adaptability, maintainability, configurability)
  • + — Design constraints, implementation constraints, interface requirements, physical requirements

The "+" covers constraints that don't fit neatly into the five categories — things like "must use Java 17", "must integrate with SAP", or "must run on hardware with ≤ 512MB RAM".

Requirements Elicitation Techniques

Elicitation is the process of drawing out requirements from stakeholders, domain experts, and existing systems. It's harder than it sounds — stakeholders often don't know what they need, can't articulate what they know, or disagree with each other.

Technique Description Best For Limitations
Interviews One-on-one structured or semi-structured conversations Deep understanding of individual perspectives Time-intensive, subject to interviewer bias
Surveys Questionnaires distributed to large groups Gathering data from many stakeholders quickly Shallow responses, low response rates
Observation Watching users perform their current tasks Uncovering implicit/tacit knowledge Hawthorne effect, time-consuming
Prototyping Building quick mockups for feedback Validating UI/UX assumptions early Can anchor stakeholders to prototype limitations
Workshops Facilitated group sessions (JAD sessions) Resolving conflicts, building consensus Dominant personalities can skew outcomes
Use Cases Structured descriptions of actor-system interactions Complex workflows with multiple actors Can become overly detailed, hard to maintain
User Stories "As a [role], I want [goal] so that [benefit]" Agile teams, incremental delivery Too brief for complex or safety-critical systems
Domain Analysis Studying existing systems, regulations, standards Compliance-heavy domains (healthcare, finance) May inherit legacy assumptions

Choosing the Right Technique

In practice, you combine multiple techniques. A typical elicitation strategy might look like:

  1. Domain analysis first — understand the landscape before talking to people
  2. Interviews with key stakeholders — build rapport, uncover high-level needs
  3. Workshops to resolve conflicts between stakeholder groups
  4. Prototyping to validate understanding — "Is this what you meant?"
  5. User stories or use cases to document agreed requirements
  6. Observation to catch what people forgot to mention

The WRSPM Reference Model

The WRSPM model (pronounced "wrist-pm") is a formal reference framework from requirements engineering that clarifies where requirements fit in the relationship between the real world and software. It was developed by Gunter, Gunter, Jackson, and Zave (2000) and remains one of the most rigorous ways to think about what requirements really mean.

WRSPM stands for: World assumptions, Requirements, Specifications, Program, Machine. These five elements form a chain from the real world to the physical hardware, and understanding their relationships prevents an entire class of engineering failures.

The Five Layers

W — World (Domain/Environment): The real-world environment in which the system operates. This includes physical laws, business rules, human behaviour, organisational policies, and domain knowledge that exists independently of the software. World assumptions are things we take for granted — gravity exists, users have email addresses, banks close on weekends.

R — Requirements: What stakeholders need the system to achieve in the world. Requirements describe desired changes to the world state. "Customers can track their packages" is a requirement — it describes something that should be true in the world.

S — Specifications: The precise description of system behaviour at the interface boundary between the software and the environment. Specifications describe what the system does in response to inputs and what outputs it produces — expressed solely in terms of phenomena observable at that interface.

P — Program (Software): The actual implementation — source code, algorithms, data structures, frameworks. The program is the engineer's creation that (hopefully) satisfies the specification.

M — Machine (Hardware/Platform): The computing platform on which the program executes — servers, operating systems, networks, devices. Machine properties include processing speed, memory limits, network latency, and failure modes.

The WRSPM Reference Model
flowchart LR
    W["W
World
(Environment)"] <--> R["R
Requirements
(Stakeholder Needs)"] R <--> S["S
Specifications
(System Interface)"] S <--> P["P
Program
(Software)"] P <--> M["M
Machine
(Hardware)"] style W fill:#3B9797,color:#fff style R fill:#16476A,color:#fff style S fill:#132440,color:#fff style P fill:#BF092F,color:#fff style M fill:#666666,color:#fff

The Key Insight: Separation of Concerns

The power of WRSPM is that it forces you to ask: Which layer am I working in right now? Problems arise when layers are conflated:

  • Confusing R with S: Writing specifications when you should be understanding requirements (premature solution design)
  • Confusing W with R: Treating domain assumptions as requirements (they're not — they're givens)
  • Confusing S with P: Putting implementation details in specifications (over-constraining the solution)
  • Ignoring W: Building a system that works perfectly in theory but fails in the real world because world assumptions were wrong

Variables and Interfaces

WRSPM introduces four types of variables that describe how information flows between the world and the machine:

Variable Type Direction Description Example (Thermostat)
Monitored Variables World → System Real-world phenomena the system observes Room temperature
Controlled Variables System → World Real-world phenomena the system changes Heater on/off state
Input Variables Environment → Machine Data received by the program (sensor readings) Digital temperature reading (22.5°C)
Output Variables Machine → Environment Data sent from the program (commands) Relay control signal (HIGH/LOW)

The distinction between monitored/controlled and input/output variables is crucial. Monitored and controlled variables exist in the world — they're real physical phenomena. Input and output variables exist at the machine interface — they're digital representations. The gap between them is where sensors, actuators, and physical constraints live.

Concrete Example: Smart Thermostat

WRSPM Example

Smart Home Thermostat

Let's apply all five WRSPM layers to a smart thermostat system:

  • W (World): Rooms have thermal mass. Heat dissipates. Outside temperature varies. Humans have comfort preferences (typically 20-22°C). Heaters have lag time. Electricity costs vary by time of day.
  • R (Requirements): The home should maintain a comfortable temperature. Energy costs should be minimised. Users should be able to set schedules. The system should learn user preferences over time.
  • S (Specifications): The system SHALL maintain room temperature within ±1°C of the setpoint. The system SHALL activate the heater when temperature drops 0.5°C below setpoint. The system SHALL provide a REST API for schedule configuration. Response time for temperature queries SHALL be <200ms.
  • P (Program): PID control algorithm, machine learning model for schedule prediction, REST API server, mobile app, database for historical data.
  • M (Machine): Raspberry Pi 4, DHT22 temperature sensor (±0.5°C accuracy), relay module, Wi-Fi connectivity, 5V power supply.
IoT WRSPM Embedded
Thermostat WRSPM Variables
flowchart TD
    subgraph World
        A[Room Temperature
Monitored Variable] B[Heater State
Controlled Variable] C[User Comfort
Preference] end subgraph Interface D[Sensor Reading
Input Variable] E[Relay Signal
Output Variable] F[API Request
Input Variable] end subgraph Machine G[PID Algorithm] H[Schedule Engine] I[REST API Server] end A -->|DHT22 Sensor| D D --> G G --> E E -->|Relay Module| B C -->|Mobile App| F F --> H H --> G

Notice how the world assumptions (thermal mass, lag time) affect the specification (±1°C tolerance, 0.5°C hysteresis). If we ignored the world — for instance, assuming instant heating — our specification and program would fail in reality.

WRSPM Applied: Real-World Systems

Example 1: ATM System

Case Study

Automated Teller Machine (ATM)

The ATM is a classic requirements engineering example because it has clear physical-digital boundaries.

  • W (World): Banks have accounts with balances. Customers have PINs and cards. Physical cash exists in denominations. Banks have daily withdrawal limits. Network connections can fail. Criminals attempt fraud.
  • R (Requirements): Customers must be able to withdraw cash from their account. The system must prevent unauthorised access. Transactions must be atomic (no partial withdrawals). The system must be available 24/7.
  • S (Specifications): The system SHALL authenticate users via 4-digit PIN with max 3 attempts before card capture. Withdrawals SHALL be dispensed in multiples of £10. The system SHALL communicate with the bank's core system via ISO 8583 messages. If network connectivity is lost, the system SHALL queue transactions for ≤ 5 minutes before declining.
  • P (Program): Transaction processing engine, PIN verification module, cash dispensing controller, receipt printer driver, network communication stack, transaction log.
  • M (Machine): Industrial PC, card reader (EMV chip + magnetic stripe), PIN pad (encrypted, PCI-DSS compliant), cash dispenser (note counter, reject bin), receipt printer, network interface (primary + fallback).
Banking Security Embedded

Where WRSPM catches gaps: Consider the world assumption "physical cash exists in denominations." If the ATM only stocks £20 notes, a customer requesting £30 cannot be served — even though the requirement ("withdraw cash") is met and the software is correct. The gap is between W (available denominations) and R (any amount withdrawal). Without explicitly modelling the world, this gap hides until deployment.

Example 2: Ride-Sharing Application

Case Study

Ride-Sharing App (Uber-like)

A modern ride-sharing app demonstrates WRSPM in a complex distributed system context.

  • W (World): Roads have traffic. GPS has ±5m accuracy in cities (worse in urban canyons). Drivers are independent contractors (not employees). Passengers may cancel. Surge pricing depends on supply/demand. Local regulations vary by city. Payment processors have latency.
  • R (Requirements): Passengers can request rides and be matched with nearby drivers. Passengers can see estimated arrival time and fare. Drivers can accept or decline ride requests. Payments are processed automatically after ride completion. Both parties can rate each other.
  • S (Specifications): The system SHALL match passengers with the nearest available driver within a 5km radius within 30 seconds. ETA estimates SHALL be accurate within ±3 minutes for trips under 30 minutes. The system SHALL process payment within 60 seconds of ride completion. Driver location SHALL be updated every 4 seconds via GPS. The system SHALL handle 100,000 concurrent ride requests globally.
  • P (Program): Microservices architecture — matching service (graph algorithms), pricing service (dynamic pricing ML model), payment service (Stripe/payment gateway integration), location service (geospatial indexing), notification service (push notifications), rating service.
  • M (Machine): Cloud infrastructure (AWS/GCP), CDN for static assets, Redis for real-time location cache, PostgreSQL for transactional data, Kafka for event streaming, mobile devices (iOS/Android) with GPS and cellular connectivity.
Distributed Systems Real-time Mobile

Where WRSPM catches gaps: The world assumption "GPS has ±5m accuracy" directly impacts the specification. If the matching algorithm assumes exact driver positions, it will make poor matches in areas with GPS inaccuracy (tunnels, downtown high-rises). By explicitly modelling the world, the specification accounts for location uncertainty — perhaps requiring drivers to confirm they've arrived rather than relying purely on GPS proximity.

The Requirements Engineering Frameworks Landscape

WRSPM is the primary reference model for this article — but it sits within a rich ecosystem of frameworks, each approaching the requirements problem from a different angle. Some use formal mathematics to prove correctness; others use visual models, agile backlogs, or goal hierarchies. Understanding the landscape lets you choose the right tool for your context — or combine tools from multiple traditions.

The frameworks organise into four broad categories:

Category Framework Core Focus Best Suited For
Formal & Academic
Formal WRSPM (Zave & Jackson) Environment-to-machine chain Safety-critical, embedded, rigorous analysis
Formal Four-Variable Model (Parnas) Monitored/controlled variable relationships Real-time and safety-critical systems
Formal Twin Peaks (Nuseibeh) Co-evolution of requirements and architecture Complex systems, evolutionary development
Formal KAOS Framework Goal refinement to system constraints Safety/security requirements, regulated domains
Methodological & Conceptual
Conceptual Jackson's Problem Frames Problem archetypes (behaviours, commands, information) Understanding problem structure before solution
Goal-Oriented GORE / i* Framework Actor intentions, goals, tasks, resources Enterprise systems, stakeholder analysis
Object-Oriented Use Case / Actor-Boundary (UML) Actor interactions at system boundary Business workflows, OO design alignment
Model-Driven & MBSE
MBSE SysML Integrated requirements + parametric + behavioural models Systems engineering, aerospace, defence
MBSE Capella / Arcadia Four-layer operational-to-physical decomposition Complex engineered systems (transport, energy)
MBSE CIM / MDA (OMG) Platform-independent business model Enterprise architecture, technology-neutral specs
Agile & Iterative
Agile BDD / Gherkin Executable specifications as Given/When/Then tests Agile teams, test-driven development
Agile User Story Mapping User journey backbone with prioritised backlog slices Product discovery, release planning
Choosing a Framework: No single framework is universally superior. Safety-critical systems benefit from the rigour of WRSPM or KAOS. Enterprise business systems align naturally with GORE or Use Cases. Agile product teams thrive with BDD and User Story Mapping. Most sophisticated organisations combine frameworks — using WRSPM for environment analysis, KAOS for safety requirements, and BDD for executable acceptance tests.

Formal & Academic Reference Models

Formal reference models apply mathematical rigour to requirements engineering — using logic, set theory, and formal semantics to make requirements reasoning precise and verifiable. They dominate in safety-critical domains where ambiguity is unacceptable.

The Four-Variable Model (Parnas & Madey)

Published by David Parnas and Jan Madey in 1995, the Four-Variable Model predates WRSPM and provides a mathematical framework for understanding how software systems relate to their environment. It defines four sets of variables:

  • Monitored (MON): Environmental quantities the system observes but cannot change — temperature, pressure, user inputs, arriving packets
  • Controlled (CON): Environmental quantities the system changes — actuator positions, display content, output files, signals sent
  • Input (IN): Digital representations of monitored variables as seen by the program — the ADC reading, the parsed HTTP request
  • Output (OUT): Digital representations of what the program sends to the environment — the control word written to a register, the HTTP response bytes

The model expresses four fundamental relationships:

Relationship Maps From → To Represents Example (Thermostat)
REQ MON → CON What the system must achieve in the world Room temperature → Heater state
NAT MON → IN Natural (physical) sensing process Temperature → ADC reading
SOFT IN → OUT The software specification ADC reading → Relay control word
NAT' OUT → CON Physical actuation process Relay control word → Heater state
The Correctness Condition: The software SOFT is correct if, given the sensing process NAT and actuation process NAT', the composition NAT → SOFT → NAT' satisfies the requirement REQ. This is a precise mathematical statement of what "correct software" means in the context of its environment — correctness is always relative to world assumptions.
The Four-Variable Model (Parnas & Madey)
flowchart TD
    MON["Monitored Variables"]
    IN["Input Variables"]
    SOFT["SOFT — Software"]
    OUT["Output Variables"]
    CON["Controlled Variables"]
    MON -->|"NAT: Physical sensing"| IN
    IN --> SOFT
    SOFT --> OUT
    OUT -->|"NAT': Physical actuation"| CON
    MON -.->|"REQ: desired relationship"| CON
    style MON fill:#3B9797,color:#fff
    style IN fill:#16476A,color:#fff
    style SOFT fill:#BF092F,color:#fff
    style OUT fill:#16476A,color:#fff
    style CON fill:#3B9797,color:#fff
                            

Compared to WRSPM, the Four-Variable Model focuses specifically on the sensing and actuation relationships between world and machine. Where WRSPM's W layer captures the entire domain context, the Four-Variable Model drills into the precise mathematical relationships between observed phenomena and system actions — making it the preferred foundation for formally verified real-time control systems.

The Twin Peaks Model (Nuseibeh)

Bashar Nuseibeh proposed the Twin Peaks model in 2001 to address a fundamental weakness in linear requirements engineering: the assumption that requirements must be complete before architecture begins. He observed that in practice, requirements and architectural design must evolve together in progressive feedback loops.

Core Thesis: Neither requirements nor architecture can be finalised in isolation. Requirements discovery reveals architectural constraints; architectural exploration reveals requirements gaps. The "twin peaks" are the requirements specification and the architectural description — both converge iteratively rather than sequentially.
Twin Peaks — Iterative Co-evolution of Requirements and Architecture
flowchart LR
    R1["Requirements v1"] -->|"Arch constraints"| A1["Architecture v1"]
    A1 -->|"Reveals req gaps"| R2["Requirements v2"]
    R2 -->|"Refines arch"| A2["Architecture v2"]
    A2 -->|"Validates feasibility"| R3["Requirements v3"]
    R3 -->|"Finalises design"| A3["Architecture v3"]
    style R1 fill:#16476A,color:#fff
    style R2 fill:#16476A,color:#fff
    style R3 fill:#16476A,color:#fff
    style A1 fill:#3B9797,color:#fff
    style A2 fill:#3B9797,color:#fff
    style A3 fill:#3B9797,color:#fff
                            

The Twin Peaks model has strong practical support. It aligns with the reality of agile development — where sprints involve both refining requirements and designing architecture — and with modern systems engineering practices like iterative prototyping and architectural spikes.

Where it complements WRSPM: WRSPM defines the layers (W, R, S, P, M) and their logical relationships at a point in time. Twin Peaks describes the process by which those layers are populated and refined. You can apply WRSPM to understand what layer you're working in, while Twin Peaks explains how you move between those layers iteratively over multiple sprints.

KAOS: Goal-Oriented Requirements Engineering

KAOS (Keep All Objectives Satisfied) is a formal goal-oriented requirements engineering framework. Where WRSPM starts from the environment and asks "what phenomena must the system monitor and control?", KAOS starts from strategic objectives and asks "what goals must the system achieve, and how do we decompose them into precise requirements?"

KAOS structures requirements around a goal refinement tree:

  • Goals — High-level objectives expressed in linear temporal logic: "The train shall always stop before a closed barrier"
  • Sub-goals — Refined decompositions (AND/OR) until goals are assigned to individual agents
  • Agents — Components responsible for satisfying goals (software components, humans, devices)
  • Operations — Behaviours of agents that satisfy assigned goals
  • Obstacles — Conditions that prevent goal achievement, used for safety hazard analysis
KAOS Goal Refinement Tree (Rail Safety Example)
flowchart TD
    G0["Passengers reach destinations safely"]
    G0 -->|"AND"| G1["Train stops when obstacle detected"]
    G0 -->|"AND"| G2["Speed stays within limits"]
    G1 -->|"AND"| G3["Obstacle sensor reports hazards within 500ms"]
    G1 -->|"AND"| G4["Brake system activates within 200ms"]
    G2 -->|"ASSIGN TO"| G5["Agent: Speed Controller"]
    G3 -->|"OBSTACLE"| O1["Obstacle: Sensor blocked by debris"]
    O1 -->|"RESOLUTION"| G3
    style G0 fill:#132440,color:#fff
    style G1 fill:#16476A,color:#fff
    style G2 fill:#16476A,color:#fff
    style G3 fill:#3B9797,color:#fff
    style G4 fill:#3B9797,color:#fff
    style G5 fill:#BF092F,color:#fff
    style O1 fill:#666666,color:#fff
                            

KAOS is particularly powerful for safety and security requirements — the obstacle analysis forces engineers to enumerate what could go wrong, producing a comprehensive hazard register alongside the requirements. Industrial tools like DOORS and ObJECTive KAOS support KAOS modelling at scale. The Trace-Based Reification Model extends KAOS by using execution traces and reachability rules to formally verify that goal refinements are mathematically consistent with the WRSPM chain.

Methodological & Conceptual Alternatives

While formal models focus on mathematical rigour, methodological frameworks focus on how to structure the thinking process around requirements — how to decompose a problem, how to model stakeholder relationships, and how to translate between problem and solution spaces.

Jackson's Problem Frames

Michael Jackson developed Problem Frames as the sister methodology to WRSPM. While WRSPM defines what requirements engineering must achieve (the W→R→S→P→M chain), Problem Frames provide a systematic way to classify and decompose the problem before choosing a solution.

The core insight is that most software problems are instances of a small set of standard archetypes. Recognising the archetype tells you what questions to ask, what world assumptions to document, and what specification structure to use:

Frame Problem Type Machine Controls Example
Required Behaviour Make the real world behave in a certain way autonomously Physical processes (causal) Traffic light controller, HVAC system
Commanded Behaviour Enable a user to control real-world behaviour Causal domain + human operator Industrial process control, CAD tool
Information Display Keep a display in sync with the world Lexical domain (display state) Stock ticker, patient monitoring display
Transformation Convert existing data into a different form Lexical input/output data Compiler, report generator, ETL pipeline
Workpieces Create and edit a persistent model Lexical data structures Word processor, database editor, IDE

Most real systems are composite frames — combinations of several archetypes. An e-commerce checkout, for example, combines Transformation (cart → order), Information Display (inventory levels), and Required Behaviour (payment processing) frames. By identifying the component frames, you can apply the appropriate requirements technique to each part independently.

Goal-Oriented Requirements Engineering (GORE) & i*

Goal-Oriented Requirements Engineering (GORE) shifts the fundamental question from "What should the system do?" to "Why is this system needed, and what goals must it achieve?" It treats requirements as goals at different levels of abstraction, progressively refined from strategic business objectives to precise system behaviours.

GORE Core Concepts:
  • Goals: Objectives stakeholders want the system to achieve — "Reduce order processing time by 50%"
  • Tasks: Specific ways of achieving goals — "Automate order validation"
  • Resources: Physical or informational entities needed — "Order database", "Payment processor"
  • Softgoals: Quality goals without clear satisfaction criteria — "System should be maintainable" (no binary pass/fail)
  • Conflicts: Where one goal's achievement degrades another — security vs. usability, performance vs. cost

The i* (i-star) framework, developed by Eric Yu, is a prominent GORE technique that models the environment as a network of interdependent social actors. Rather than treating the software system in isolation, i* models the entire socio-technical system: who the actors are, what they want, and how they depend on each other. It produces two models:

  • Strategic Dependency (SD) model: Shows relationships between actors — which actor depends on which other for what goal, task, or resource
  • Strategic Rationale (SR) model: Shows the internal reasoning of each actor — how their goals, tasks, resources, and softgoals interrelate

i* is particularly useful for requirements in multi-stakeholder systems where organisational politics and competing objectives are as important as technical constraints — enterprise ERP systems, healthcare platforms, government services.

Use Case / Actor-Boundary Model (UML)

The Use Case model, formalised in UML, is the most widely used requirements notation in object-oriented software development. It provides a pragmatic, widely-understood notation for capturing actor-system interactions at the system boundary — bypassing the deep environmental modelling of WRSPM in favour of communication clarity.

Element Meaning Maps to WRSPM
Actor External entity (human or system) that interacts with the system Part of W (World) — external participants
Use Case A specific interaction or function visible to actors Part of R/S — observable system behaviour
System Boundary The box separating the system from its environment The W↔S interface in WRSPM
«include» One use case always includes another Decomposition within S
«extend» One use case optionally extends another under conditions Conditional paths within S

The Use Case model's strength is communication clarity with non-technical stakeholders. Its weakness — which WRSPM explicitly addresses — is that it says little about world assumptions: what environmental context makes actors behave as they do, what physical constraints bound the system, and what happens when the real world doesn't conform to the model.

Model-Driven Architecture & MBSE Approaches

Model-Based Systems Engineering (MBSE) replaces text-heavy specifications with formal, integrated digital models that link requirements, architecture, behaviour, and verification in a single authoritative source. These approaches dominate in systems engineering domains — aerospace, defence, automotive, and complex infrastructure.

SysML — Systems Modeling Language

SysML is a visual modelling language (an extension of UML) specifically designed for systems engineering. Its key innovation is the Requirements Diagram — a first-class diagram type that connects natural-language requirements directly to the architectural and behavioural elements that satisfy them, enabling automated traceability checking.

Diagram Type Purpose Requirements Relevance
Requirements Diagram Captures requirements and their relationships Primary requirements artefact — traces REQ to tests
Block Definition Diagram (BDD) System structure and component relationships Links requirements to satisfying architectural elements
Parametric Diagram Constraints on system parameters (performance, safety) Formalises NFR constraints as equations
Use Case Diagram Actor-system interactions Functional requirements capture
Activity Diagram Process flows and data transformations Behavioural specifications

SysML models in tools like Cameo Systems Modeler or IBM Rhapsody support automated traceability checking — verifying that every requirement traces to a satisfying architectural element and a verifying test case. This automation is what makes MBSE attractive for large, complex programmes where manual traceability is impractical.

Capella & the Arcadia Method

Capella is an open-source MBSE workbench (developed by Thales) that implements the Arcadia method — a structured, four-layer approach that begins with operational analysis and progressively refines to physical implementation. Each layer answers a specific question:

Arcadia / Capella — Four Engineering Layers
flowchart TD
    OA["OA: Operational Analysis"]
    SA["SA: System Needs Analysis"]
    LA["LA: Logical Architecture"]
    PA["PA: Physical Architecture"]
    OA -->|"Operational needs inform system missions"| SA
    SA -->|"Functions allocated to logical blocks"| LA
    LA -->|"Logical components realised physically"| PA
    style OA fill:#3B9797,color:#fff
    style SA fill:#16476A,color:#fff
    style LA fill:#132440,color:#fff
    style PA fill:#BF092F,color:#fff
                            

The Arcadia layers map naturally to the WRSPM chain: Operational Analysis corresponds to W (world and stakeholders), System Needs to R (requirements), Logical Architecture to S (specifications), and Physical Architecture to P/M (program and machine). Capella enforces traceability between layers, making it possible to trace any hardware choice back to the original operational need that justified it.

CIM / MDA — Computation Independent Model

The Object Management Group's Model-Driven Architecture (MDA) framework decomposes the modelling space into three levels of abstraction, separating business concerns from technical implementation:

Level Model Type Describes Maps to WRSPM
CIM Computation Independent Model Business environment — completely independent of any software or technology W (World) and R (Requirements)
PIM Platform Independent Model System logic and structure, independent of specific platform S (Specifications)
PSM Platform Specific Model System realised on a specific technology (Java, .NET, cloud) P (Program) and M (Machine)

MDA's key contribution to requirements engineering is the CIM — a model of the business world that is entirely independent of any software decision. By maintaining an explicit CIM, organisations can change their technology stack (PSM) without affecting core business rules (CIM), and can validate that every system capability traces to a genuine business need.

Agile & Iterative Requirements Frameworks

Agile frameworks embrace change as a constant. Rather than attempting to document requirements completely upfront, they treat requirements as a living backlog — progressively refined, continuously reprioritised, and verified through working software. The two most impactful agile requirements frameworks are BDD (which you've seen in the Documentation section as a notation) and User Story Mapping.

BDD / Gherkin — Executable Specifications

Behaviour-Driven Development (BDD), popularised by Dan North, solves a longstanding requirements problem: specifications that are written down but never verified against the running system. BDD replaces static specifications with executable Given/When/Then tests — requirements documents that can be run as automated acceptance tests.

BDD maps directly to WRSPM:
  • Given — World state (W): the pre-conditions that describe the environment before the interaction
  • When — Trigger at the specification boundary (S): the event or input the system receives
  • Then — Observable output (S → W): what the system produces or changes in the world

The Gherkin syntax enforces WRSPM's W↔S separation. "Given" statements belong in the world domain; "Then" statements must be observable at the system boundary — ensuring your acceptance tests remain decoupled from implementation.

BDD tools (Cucumber, SpecFlow, Behave) parse Gherkin scenarios and execute them as automated tests, creating a living specification — a document that simultaneously serves as requirements, acceptance criteria, and regression test suite.

User Story Mapping

Jeff Patton's User Story Mapping technique addresses a critical weakness of simple backlogs: a flat list of user stories has no structure, making it impossible to see the "big picture" of the user experience or plan coherent, releasable product increments.

Story maps organise stories in two dimensions:

  • Horizontal axis (backbone): User activities in narrative order — the user journey spine, from first touch to goal completion
  • Vertical axis (depth): Stories at different priority levels — from the minimum viable skeleton down to edge cases and enhancements
User Story Map — Backbone and Stories
flowchart LR
    A["Browse Products"] --> B["Add to Cart"] --> C["Checkout"] --> D["Track Order"]
    A --> A1["View product list"]
    A --> A2["Filter by price"]
    B --> B1["Update quantity"]
    C --> C1["Enter payment"]
    D --> D1["View order status"]
    style A fill:#132440,color:#fff
    style B fill:#132440,color:#fff
    style C fill:#132440,color:#fff
    style D fill:#132440,color:#fff
    style A1 fill:#3B9797,color:#fff
    style A2 fill:#3B9797,color:#fff
    style B1 fill:#3B9797,color:#fff
    style C1 fill:#3B9797,color:#fff
    style D1 fill:#3B9797,color:#fff
                            

Story maps answer a question that flat backlogs cannot: "If we only build the stories in this horizontal slice, do we have a coherent, releasable product?" Each horizontal slice through the map represents a release candidate — not a random collection of features, but a complete (if minimal) user journey.

Story Mapping vs WRSPM: Story maps model the R layer (requirements) from the user's journey perspective. They do not explicitly model world assumptions (W), which makes them powerful for product discovery but insufficient for safety-critical or highly constrained systems. For maximum rigour, combine story maps (for user-journey structure and release planning) with WRSPM analysis (for world assumptions, system boundaries, and NFRs).

Choosing Your Framework — Comparison

No framework covers every requirements engineering need perfectly. Here is a comparative guide across the key dimensions that matter in practice:

Framework Formality World Modelling Agile-Compatible Tool Support Best For
Formal & Academic
WRSPM High Explicit (W layer) Partial Academic + manual Safety-critical, embedded, rigorous analysis
Four-Variable Model Very High Explicit (MON/CON) Low Formal verification tools Real-time control, formal verification
Twin Peaks Medium Implicit High Process guidance only Complex systems with evolving constraints
KAOS High Via obstacles Low–Medium DOORS, ObJECTive KAOS Safety/security requirements, regulated domains
Methodological & Conceptual
Problem Frames Medium Via domain analysis Medium Manual / diagramming Problem decomposition before solution design
GORE / i* Medium Via actor dependencies Medium iStar toolkit, OpenOME Multi-stakeholder enterprise systems
Use Case / UML Low–Medium Minimal (actors only) High Enterprise Architect, Rational Rose OO systems, business workflows
Model-Driven & MBSE
SysML High Via operational analysis Low Cameo, Rhapsody, Papyrus Aerospace, defence, complex engineered systems
Capella / Arcadia High Explicit (OA layer) Low Capella (open-source) Thales-type systems engineering programmes
CIM / MDA Medium Explicit (CIM layer) Medium Enterprise Architect, MagicDraw Enterprise architecture, platform migration
Agile & Iterative
BDD / Gherkin Low (executable) Via Given pre-conditions Very High Cucumber, SpecFlow, Behave Agile teams, continuous delivery
User Story Mapping Very Low None (journey-only) Very High Mural, Miro, physical sticky notes Product discovery, MVP scoping, roadmapping

Requirements Documentation

Once requirements are elicited and analysed, they must be documented in a form that's accessible, unambiguous, and maintainable.

The Software Requirements Specification (SRS)

The IEEE 830-1998 standard (now superseded by ISO/IEC/IEEE 29148:2018) defined the classic SRS document structure:

  1. Introduction — Purpose, scope, definitions, references, overview
  2. Overall Description — Product perspective, functions, user characteristics, constraints, assumptions
  3. Specific Requirements — Functional requirements, non-functional requirements, interface requirements
  4. Appendices — Supporting information, analysis models

While formal SRS documents are still used in regulated industries (aerospace, medical devices, defence), most modern software teams use lighter-weight alternatives.

Modern Alternatives

User Stories with Acceptance Criteria:

Story: As a customer, I want to reset my password so that I can 
       regain access to my account.

Acceptance Criteria:
  - Given I am on the login page
    When I click "Forgot Password"
    Then I see a form asking for my email address

  - Given I enter a registered email address
    When I submit the form
    Then I receive a password reset email within 2 minutes

  - Given I click the reset link in the email
    When the link is less than 30 minutes old
    Then I can set a new password

  - Given I click the reset link in the email
    When the link is more than 30 minutes old
    Then I see an "expired link" message with option to request again

BDD (Behaviour-Driven Development) Format:

# Feature: Password Reset
# Scenario: Successful password reset request

Given the user "john@example.com" has a registered account
And the user is on the login page
When the user clicks "Forgot Password"
And enters "john@example.com" in the email field
And clicks "Send Reset Link"
Then the system sends a password reset email to "john@example.com"
And the email contains a unique token valid for 30 minutes
And the system displays "Check your email for reset instructions"

Decision Records (ADRs) for NFRs:

{
  "title": "ADR-007: Response Time Requirements",
  "status": "accepted",
  "context": "Users report frustration with page load times. Analytics show 40% bounce rate when pages take >3s.",
  "decision": "All API endpoints must respond within 200ms at P95. Page loads must complete within 2s on 4G connections.",
  "consequences": "Requires caching layer, CDN for static assets, database query optimisation. May limit feature complexity per page."
}

Requirements Validation

Validation ensures that documented requirements actually represent what stakeholders need and that they're of sufficient quality to build against. The "VCCUUT" qualities of good requirements are:

Quality Question Red Flag
Valid Does this represent a genuine stakeholder need? "Gold plating" — features nobody asked for
Consistent Does this contradict any other requirement? "The system must be open-source" + "The system must use proprietary DRM"
Complete Are all scenarios covered? Are edge cases addressed? No mention of error handling, timeouts, or failure modes
Unambiguous Can this be interpreted in only one way? "The system should be fast" — fast means what?
Verifiable Can we write a test that proves this is met? "The system should be user-friendly" — how do you test this?
Traceable Can we trace this to a business need and forward to tests? Orphan requirements with no known origin or purpose

Validation Techniques

  • Requirements Reviews: Formal inspections where stakeholders, analysts, and engineers walk through requirements together, checking for completeness and consistency
  • Prototyping: Building throwaway or evolutionary prototypes to validate understanding — "Is this what you meant?"
  • Model Validation: Using formal models (state machines, sequence diagrams, Petri nets) to check for impossible states or deadlocks
  • Test-First Validation: Writing acceptance tests before implementation — if you can't write a test, the requirement isn't clear enough
  • Traceability Matrices: Mapping every requirement to its source (business need) and its verification method (test case)

Common Requirements Pitfalls

After decades of requirements engineering practice, the same failure patterns repeat across organisations and industries:

1. Scope Creep

Requirements grow continuously without corresponding adjustments to timeline, budget, or team size. Each individual addition seems small, but cumulatively they transform the project. The antidote: a formal change control process and a definition of "done" for the requirements phase.

2. Gold Plating

Engineers adding features that weren't requested because they seem "obvious" or "cool." This wastes effort and complicates testing. The antidote: strict adherence to documented requirements — if it's not written down, it doesn't get built.

3. Ambiguous Language

Danger Words in Requirements: Watch for these ambiguity signals — each one hides an untested assumption:
  • "The system should be fast" — fast means what? 100ms? 1 second? 10 seconds?
  • "The system should handle many users" — many means 100? 10,000? 10 million?
  • "The system should be easy to use" — for whom? A developer? A grandmother?
  • "The system should be secure" — against what threats? At what cost?
  • "The system may support..." — is this required or optional?
  • "The system should usually respond..." — what about when it doesn't?

4. Missing Non-Functional Requirements

Teams document what the system does but not how well it should do it. Performance, security, scalability, and maintainability requirements are left implicit — which means they're left to individual developers' judgement (which varies wildly).

5. Assumption Bias

Both stakeholders and engineers bring assumptions from their previous experience. A stakeholder who previously used System A assumes the new system will work similarly. An engineer who previously built microservices assumes the new system needs them. These assumptions go unexamined until they clash with reality.

6. Stakeholder Conflicts

Different stakeholders want different things. Sales wants features fast. Security wants everything locked down. Operations wants simplicity. Finance wants cost minimisation. Without explicit conflict resolution, requirements become contradictory.

7. Requirements Churn

Requirements changing faster than the team can implement them. This indicates either premature implementation (building before requirements are stable) or a genuinely volatile domain (where iterative/agile approaches are essential).

AI-Enhanced Requirements Engineering

Large Language Models and AI tools are beginning to augment (not replace) requirements engineering practices. Here's how practitioners are using them today:

  • Generating acceptance criteria from user stories: Given a user story, AI can generate comprehensive Given/When/Then scenarios including edge cases that humans often miss
  • Ambiguity detection: AI can flag vague language ("should be fast", "many users") and suggest quantitative alternatives
  • Completeness checking: AI can identify categories of requirements that are missing — "You have performance requirements but no security or accessibility requirements"
  • Consistency analysis: AI can detect contradictions between requirements documents written by different teams
  • Test case generation: AI can generate test cases directly from specifications, improving requirements-to-test traceability
  • Requirements rewriting: Converting informal stakeholder language into structured, testable specifications
AI Limitations: AI tools cannot validate requirements against business reality — they don't know whether a requirement is correct, only whether it's well-formed. Domain expertise, stakeholder relationships, and contextual judgement remain irreplaceable human contributions.

Exercises

Exercise 1: Library Management System Requirements

Write 5 functional requirements and 5 non-functional requirements for a university library management system. For each non-functional requirement, specify the category (performance, security, usability, etc.) and provide a measurable acceptance criterion.

Hint: Consider scenarios like book checkout, overdue returns, inter-library loans, search, and accessibility compliance.

Exercise 2: WRSPM for a Smart Home Thermostat

Apply the WRSPM model to a smart home thermostat that supports: multi-zone control, energy-saving schedules, voice commands, and weather-based pre-heating. For each layer (W, R, S, P, M), write at least 3 specific items. Identify at least 2 monitored variables and 2 controlled variables.

Hint: Think about what world assumptions (W) could invalidate your specifications — e.g., what if the weather API is unavailable?

Exercise 3: Ambiguity Detection

The following requirements contain ambiguities. Identify each ambiguity and rewrite the requirement to be testable and unambiguous:

  1. "The system should respond quickly to user requests."
  2. "The application must support a large number of concurrent users."
  3. "Data should be backed up regularly."
  4. "The interface should be intuitive for all users."
  5. "The system should handle errors gracefully."
Exercise 4: From Vague to Testable

Convert these vague requirements into precise, testable specifications using the SHALL keyword and quantitative measures:

  1. "The website should load fast."
  2. "The system should be secure."
  3. "The app should work on mobile."
  4. "Reports should be generated quickly."

Hint: For each, ask: Who? What? When? How much? How do we verify?

Conclusion & Next Steps

Requirements engineering is where software projects are won or lost. This article has surveyed the full landscape of the discipline — from the rigorous WRSPM reference model through formal academic alternatives, goal-oriented methods, model-based systems engineering, and agile iterative practices. No single framework covers every context: the art of requirements engineering lies in choosing and combining the right tools for the project at hand.

Key takeaways from this article:

  • Requirements ≠ specifications — requirements describe what stakeholders need; specifications describe precise system behaviour at the system boundary
  • Non-functional requirements often matter more than functional ones for system success
  • The WRSPM model separates World, Requirements, Specifications, Program, and Machine — forcing explicit documentation of world assumptions that other frameworks ignore
  • Formal models (WRSPM, Four-Variable, KAOS) provide mathematical rigour for safety-critical systems; conceptual frameworks (Problem Frames, GORE, i*) structure the thinking process
  • Twin Peaks reminds us that requirements and architecture must co-evolve — neither can be finalised in isolation
  • MBSE approaches (SysML, Capella/Arcadia, CIM) automate traceability from business need to physical component
  • BDD and User Story Mapping make requirements executable and user-journey-structured for agile teams
  • Ambiguous language is the enemy — always quantify, always ask "how would we test this?"

Next in the Series

In Part 6: Software Architecture & Design Patterns, we'll explore architectural patterns like Client-Server, Pipe-and-Filter, Layered, and Master-Slave — and learn how to make design decisions that shape entire systems.