Requirements engineering is the sub-discipline of software engineering that elicits, analyses, specifies, validates, and manages what a system must do and the constraints under which it must do it (Zave, 1997; IEEE 830; ISO/IEC/IEEE 29148). It is the work that decides what gets built and what the project costs; everything downstream is execution against the answer it produces. This companion lays out the theory, the practitioner notation, the document structure, the validation checks, the per-requirement effort estimation method used in the course, and the tangible artefacts that make up the Phase 2 deliverable.
Requirements engineering exists because the largest single source of software project failure, measured across half a century of empirical studies, is not bad code or missed deadlines but a system that does not match what its users need. The leverage available at the requirements stage is therefore economic, not procedural: time spent here saves orders of magnitude later.
The classic curve comes from Barry Boehm's Software Engineering Economics (Prentice-Hall, 1981), which used data from TRW Inc. and IBM to plot the cost of fixing a defect against the phase in which the defect is detected. Boehm found the cost grows roughly exponentially with the lag between the introduction of the defect and its discovery. A defect introduced during requirements that is caught and fixed during requirements costs unit value; the same defect caught during coding costs 5 to 10 times more; caught during system test, 10 to 25 times more; caught after release, 50 to 200 times more. Subsequent industrial replications across very different organisations (IBM, NASA, Hewlett-Packard, GTE; summarised in Boehm and Basili, "Software Defect Reduction Top 10 List", IEEE Computer, 34(1), 2001) confirm the shape of the curve, with the post-release multiplier most often falling in the 50-to-100 range.
Two consequences follow. First, defects whose root cause is in requirements dominate the cost-and-schedule overruns of large projects (Standish Group CHAOS reports, 1994 to present, and the McConnell Code Complete survey). Second, even modest investment in requirements quality at the start (more elicitation interviews, a structured specification template, a peer review) pays back many times over by the end of the project. This is the empirical foundation for treating requirements engineering as a distinct sub-discipline, with its own standards (IEEE 830 in 1998, superseded by ISO/IEC/IEEE 29148 in 2011 and revised in 2018) and its own dedicated literature.
"Fixing a requirements error after delivery may cost up to 100 times the cost of fixing an implementation error."
Boehm (1981), restated in Boehm and Basili (2001) and in every modern RE textbook (Sommerville; Wiegers and Beatty; Robertson and Robertson).A second, less obvious point follows from the economics: the requirements stage is also where the project's identity is decided. The Twitter 140-character limit was a requirement, not an implementation accident. The iPhone's "no-stylus" rule was a requirement that ruled out a whole class of hardware solutions before Jonathan Ive's industrial-design team ever opened a CAD file. WhatsApp's end-to-end encryption guarantee was a requirement, not a feature added later. None of these defining properties were decided by writing code; each was decided by someone writing a sentence about what the system would or would not do. For the COMP433 project, the same logic applies on a smaller scale: the requirements document is the artefact in which your team decides what the system is, not just what it does.
The first half covers what requirements are and how they are written: the definition (section 2), the three abstraction layers (section 3), the functional/non-functional/domain taxonomy (sections 4 and 5), and the five-activity RE process (section 6). The second half covers how the work becomes an artefact: notation choices (section 7), the structured specification template (section 8), the requirements document structure (section 9), validation (section 10), and per-requirement effort estimation with a working calculator (section 11). Section 12 then collects what is concretely due at the Phase 2 deadline. Section 13 lists the marking pitfalls; section 14 lists the references. The running example throughout follows the course lecture deck: the Mentcare patient information system for mental health care (called MHC-PMS in older editions of Sommerville; the same system).
Requirements range from one-line wishes ("the system shall be easy to use") to formal mathematical specifications. Both ends of that range are still called requirements. The discipline is in knowing which end you are at and why.
Sommerville's definition (Software Engineering, 10th ed., 2015) is the operational one: a requirement is "a description of a service that the system must provide, or a constraint on the system." The two clauses matter independently. A service is something the system does. A constraint is a property the system has. Most documents contain both, often mixed together.
Beyond the bare definition, a practitioner-facing observation matters: requirements serve two functions in one artefact, which explains why they are written in both abstract and detailed forms:
This dual role is the reason the abstraction layer of a requirement matters as much as its content. A statement that is perfect at the bidding stage may be useless at the acceptance stage, and vice versa.
The canonical three-layer model (Sommerville, 10th ed.) distinguishes user requirements, system requirements, and software specification. Each layer has a different audience and uses different language. A document that fails to distinguish them tends to be wrong for everyone reading it.
Natural-language statements (plus diagrams) of the services the system provides and its operational constraints, written for the customer. The customer must be able to read, agree, and confirm. Technical jargon is excluded.
A structured document setting out detailed descriptions of system services and constraints, written for customers (to confirm) and developers (to build to). Often forms part of the contract between client and contractor.
A detailed software description, written for developers, that can serve as the basis for design and implementation. Programming-language abstractions, interface signatures, and algorithms are acceptable here.
By convention used throughout the course, every user requirement (UR) is numbered and refined into one or more system requirements (SR) with the same root. The notation is straightforward: UR4.0 refines into SR4.1, SR4.2, and so on. The shared root carries the traceability: any change to UR4.0 propagates to every SR4.x, and any test result against SR4.x rolls up to UR4.0. Below is the canonical example for account registration.
Notice the relationship. UR4.0 is a single sentence that the head of the clinic can read and confirm. SR4.1 through SR4.7 are seven sentences that the developer can build to and the tester can write acceptance tests against. They say the same thing at different levels of abstraction.
The numbering is not decorative. It is the foundation of traceability: every SR carries the prefix of the UR it refines, so a question about why a particular system requirement exists has an answer ("it implements UR4.0"), and a question about what testing covers a user requirement has an answer ("the tests for SR4.1 through SR4.7"). Section 10 and the discussion of traceability matrices return to this.
Sommerville's classification separates requirements into three mutually exclusive categories: functional, non-functional, and domain. The third one is often skipped in lighter treatments and is exactly where the most subtle errors come from.
Statements of the services the system should provide, how the system should react to particular inputs, and how the system should behave in particular situations. They are usually written with the system as subject and "shall" as the modal verb. Example, from the Mentcare system:
Constraints on the services or functions offered by the system. They describe how well, how fast, under what load, for whom, with what guarantees. They are not optional polish: if NFRs are not met, the system can be useless even when every functional requirement passes.
A worked NFR example for the Mentcare system:
Notice the verifiability: "available" is not abstract here, it has a measurable threshold (downtime under five seconds per day during stated hours). Section 5 returns to NFR families and metrics.
Requirements that come from the application domain of the system and that reflect characteristics of that domain. Two examples from the course's lecture material:
Domain requirements have two characteristic problems, both consequences of the fact that the domain is not the developer's home discipline:
Domain requirements often generate additional functional and non-functional requirements when they are unpacked. They also have the highest unit cost of being missed, because a missed domain requirement usually surfaces during operation, not testing.
Sommerville's NFR classification sorts non-functional requirements into three families by where the constraint comes from. The families have different stakeholders, different acceptance criteria, and different test procedures.
| Family | Origin | Examples |
|---|---|---|
| Product | The delivered product must behave in a particular way. | Execution speed, response time, reliability, availability, accessibility level, memory footprint, browser compatibility. |
| Organisational | Consequences of organisational policies and procedures. | Mandatory IDE, process standards, programming language, code-review process, mandatory development methodology. |
| External | Factors external to the system and its development process. | Interoperability with other systems, legislative or regulatory compliance, ethical constraints, accessibility law. |
An NFR is almost always wrong on its first draft. The natural English form is a wish, and a wish cannot be tested. The conversion to a testable form is made explicit by distinguishing a goal (a general intention) from a verifiable non-functional requirement (a statement with a measurable threshold).
The goal is still useful: it tells the developers what the team is trying to achieve. The verifiable requirement tells the tester what to measure. Both belong in the document; they do not replace each other.
Below is the standard metric table for the most common NFR types. The entries are not exhaustive, but the pattern they set is: every NFR can be reduced to one or more measurable properties.
| Property | Measure |
|---|---|
| Speed | Processed transactions per second; user-event response time; screen refresh time. |
| Size | Megabytes; number of ROM chips; binary size; package count. |
| Ease of use | Training time required; number of help frames consulted; task completion rate; SUS score. |
| Reliability | Mean time to failure; probability of unavailability; rate of failure occurrence; availability percentage. |
| Robustness | Time to restart after failure; percentage of events causing failure; probability of data corruption on failure. |
| Portability | Percentage of target-dependent statements; number of target systems supported. |
A useful editorial test: if an NFR cannot be tied to a row of this table or its extension, it is still a goal.
Sommerville's RE process model has five activities. They are not strictly sequential; the process is iterative, conventionally drawn as a spiral that re-enters each activity as new information arrives. The list below is the canonical decomposition.
Working with customers and other stakeholders to find out the application domain, the services the system should provide, the required performance, hardware constraints, and other relevant matters. Techniques include interviews, scenarios, use cases, and ethnography.
Classifying and organising elicited requirements; identifying conflicts between requirements from different stakeholders; negotiating resolutions; ranking by priority. Two stakeholders rarely agree on every requirement, and the analysis step is where the disagreements are surfaced and resolved.
Writing the requirements down in a structured form that is unambiguous, complete, and traceable. This is the most visible output of RE, and the activity that produces the requirements document.
Checking that the specified requirements define the system the customer wants. Section 10 covers the three standard validation techniques (reviews, prototyping, test-case generation).
Managing change. Real projects discover new requirements after the spec is "frozen"; treating the document as immutable is unrealistic. RE management is the process of accepting, evaluating, and integrating those changes without losing the document's coherence.
The five activities feed each other continuously. Elicitation in week 8 often invalidates a requirement specified in week 3; validation often surfaces an unstated stakeholder need; management often forces a re-prioritisation. The process is finished not when the activities stop but when the document is stable enough to commit to.
Sommerville's table of notation choices is the standard taxonomy used in the course. Each row trades off readability against precision differently; most documents use more than one row.
| Notation | Description | Trade-off |
|---|---|---|
| Natural language | Requirements written as numbered sentences in plain English. Each sentence expresses one requirement. | Maximum readability. Minimum precision. Prone to amalgamation (several requirements in one sentence) and confusion (functional and non-functional mixed). |
| Structured natural language | Requirements written in natural language on a standard template (form / table). Each field describes one aspect of the requirement. | Compromise. Reads almost like natural language, structure rules out the worst ambiguities. Section 8 covers the template used in COMP433. |
| Design description languages | A language with programming-language abstractions, used to specify operational behaviour. Now rarely used; remains useful for interface specifications (e.g., IDL, OpenAPI). | High precision. Low customer accessibility. Customer cannot usually confirm it. |
| Graphical notations | Diagrams (UML use case, activity, sequence) supplemented by text. Common for functional requirements with non-trivial workflow. | Excellent for showing structure and flow. Weak for specifying constraints. Best combined with text. |
| Mathematical specifications | Notations based on finite-state machines, set theory, predicate logic. Used in safety-critical and regulated domains. | Unambiguous by construction. Most customers cannot read it. Rarely used outside specific industries (avionics, automotive safety, formal methods research). |
The problems with relying on natural language alone are well-documented (Meyer 1985; Sommerville 2015, ch.4):
The standard fix is to keep natural language for user requirements (so the customer can read them), then switch to structured natural language for system requirements (so the developer can build to them).
The structured-natural-language template used in the course is adapted from Cockburn's use case format (Cockburn, 2001). Every system requirement that is non-trivial gets one of these. The template's value is in the discipline it forces: a field that is blank is a question still open.
The fields, in order, are: Title, Purpose, Description, Actors, Trigger, Pre-condition, Workflow, Alternative Workflow, Post-condition. The course's canonical worked example is the insulin pump's dose computation routine:
| CompDose: Compute Insulin Dose | |
|---|---|
| Title | Compute Insulin Dose (CompDose) |
| Purpose | To compute the insulin dose based on the measured sugar level. |
| Description | Computes the dose of insulin to be delivered when the current measured level of sugar is in the safe zone between 3 and 7 units. |
| Actors | SystemTimer (the actor that interacts with this requirement). |
| Trigger | Automatic. Triggered automatically every 10 minutes by SystemTimer. |
| Pre-condition | The insulin reservoir contains at least the maximum allowed single dose of insulin. |
| Workflow |
1. Obtain current sugar level reading r2. 2. Read stored previous two sugar level readings, r0 and r1. 3. Compute increasing or decreasing level of sugar within the safe zone. 4. Compute a single dose of insulin based on the sugar level. 5. If the dose is within the allowed limits (5 to 15 mg), deliver the insulin dose; otherwise generate a beep sound. 6. Replace previous readings with current readings: r0 = r1 and r1 = r2. |
| Alternative workflow | If the computed dose is outside the allowed limits, no insulin is delivered; an audible alert is raised. The reading replacement step still executes. |
| Post-condition | Previous readings replaced and stored. |
The fields are not optional. A spec with no actors does not say who triggers it; a spec with no pre-condition is unsafe; a spec with no post-condition cannot be tested. The "alternative workflow" field captures the most common source of bugs in production systems: the path that runs when the normal one does not work.
For a more readable but equivalent version, the template can be flattened into a paragraph: "The CompDose requirement, triggered every 10 minutes by SystemTimer when the insulin reservoir is sufficient, reads the current sugar level, compares it against the previous two readings, computes a single dose between 5 and 15 mg, and either delivers it or raises an alert; in either case the reading buffer is updated." The structured form is preferred for the document; the paragraph form is useful for review meetings.
Tabular specifications are useful when a requirement's behaviour is condition-driven, for example a decision table giving the dose for each combination of trend and rate. The course slides include the tabular form for CompDose; we omit it here for brevity.
A requirements document is the agreed statement of the system requirements. It is an artefact that has to serve customers, developers, testers, regulators, and the project's own future. The structure used in the course follows Sommerville's nine-section template, anchored in the IEEE 830 (1998) recommended practice and its successor ISO/IEC/IEEE 29148 (2018).
Before the structure, the obligations. A requirements document must:
The high-level skeleton (IEEE Std 830-1998, now superseded by ISO/IEC/IEEE 29148:2018) is short:
This is a generic skeleton that has to be instantiated for a specific system. The COMP433 instantiation, drawn from Sommerville's chapter 4 and the IEEE 830 outline, expands it into nine sections:
| Chapter | What it contains |
|---|---|
| Preface | Expected readership; version history; rationale for the current version; summary of changes since the previous version. |
| Introduction | The need for the system; brief description of its functions; how it works with other systems; how it fits into the business or strategic objectives of the organisation commissioning it. |
| Glossary | Technical terms used in the document. The document should not assume that the reader is familiar with the application domain. |
| User requirements definition | The services provided for the user. Non-functional system requirements are also described here. Natural language, diagrams, and other notations understandable to the customer. |
| System architecture | A high-level overview of the anticipated system architecture, showing the distribution of functions across system modules. Reused components are highlighted. |
| System requirements specification | Functional and non-functional requirements in detail. Interfaces to other systems may be defined here. |
| System models | Graphical system models showing the relationships between system components and the system's environment. Object models, data-flow models, or semantic data models, as appropriate. Chapter 4 covers these models in depth. |
| System evolution | Assumptions on which the system is based; anticipated changes due to hardware evolution, changing user needs, evolving regulation. Useful for designers, who can use it to avoid design decisions that would constrain likely future changes. |
| Appendices | Detailed application-specific information: hardware and database descriptions, minimal and optimal hardware configurations, database logical organisation, and so on. |
| Index | An alphabetic index plus, where useful, an index of diagrams, an index of functions, and so on. |
The document is read by four kinds of audience, each looking for different things:
Want to confirm that the document captures what they asked for and that they can hold the supplier accountable to it. Read the User requirements definition closely; skim the rest.
Want to estimate cost, schedule, and risk. Use the document for planning and for negotiating scope with the customer. Read the Preface, Introduction, and System architecture sections most carefully.
Want to build the right system. Read the System requirements specification and System models in detail; refer to the System architecture for context.
Want to verify that the system meets its requirements. Need every system requirement to be verifiable. Read the System requirements specification, then write acceptance tests against each requirement.
Four writing rules apply to every requirement, regardless of which section it is in. They are restated in every modern RE textbook (Sommerville; Robertson and Robertson, Mastering the Requirements Process, 3rd ed.; Wiegers and Beatty, Software Requirements, 3rd ed.):
And one negative rule: avoid computer jargon. The customer is the document's primary audience for the User requirements section; jargon there is a barrier, not precision.
Requirements validation asks whether the specified requirements define the system the customer actually wants. It is distinct from verification, which asks whether the system meets the specified requirements; validation is the upstream activity that decides whether the specification is right in the first place.
Systematic manual analysis of the requirements document by stakeholders, often in structured walk-throughs. Cheap, broad coverage, surfaces ambiguity and inconsistency well. Less effective for finding gaps in coverage.
Using an executable model (low- or high-fidelity) of the system to let stakeholders interact with the proposed behaviour. Surfaces requirements that no review would find: confusing flows, missing affordances, mismatched mental models.
Writing acceptance tests against each requirement before the system is built. A requirement that cannot be turned into a test is a requirement that has not been written precisely enough. Each test failure indicates either a system defect or a specification defect.
Whichever validation technique is used, the same questions are asked of each requirement:
| Property | The question |
|---|---|
| Correctness / Validity | Does the system provide the functions that best support the customer's actual business needs? |
| Precision / Unambiguity | Can any of the requirements be interpreted in more than one way? If yes, rewrite until they cannot. |
| Consistency | Are there requirements that conflict? Where two requirements cannot both hold, one of them must be revised or dropped. |
| Completeness | Are all the functions the customer requires included? Completeness is the hardest property to check, because the gaps are exactly the things you have not thought of. |
| Verifiability | Can each requirement be verified and validated? A requirement that cannot be verified is a wish. |
| Traceability | Is each requirement uniquely identified? Can it be traced backward to its origin (a stakeholder, a regulation) and forward to the design and tests that realise it? |
| Realism / Feasibility | Can the requirements be implemented within the specified time and budget, given the available team skills and technology? An impossible requirement, no matter how desirable, must be revised before the contract is signed. |
A traceability matrix is a tabular tool that records, for each requirement, where it comes from and where it goes. The minimal version is a two-column list: requirement ID and source. A richer version is a grid that maps every requirement to every test case, every design element, and every regulation it implements.
The value of traceability matrices is measured in change. When a requirement is revised, the matrix tells you which tests need updating, which design elements may be affected, and which downstream documents need a corresponding edit. Without the matrix, the same question takes hours of manual cross-referencing.
On a regulated project (medical, automotive, aviation), traceability is not optional; it is required for certification. On a non-regulated project, it is one of the cheapest forms of insurance: a small overhead during writing, in exchange for the ability to answer change-impact questions in seconds rather than days.
Once the requirements are specified, the natural next question is: what will this cost, and how long will it take? COMP433 uses a simplified, per-requirement estimation method specified in the course lecture notes. The method is bottom-up, transparent, and easy to revise. Below: the method, its context among other estimation techniques, and an interactive calculator that runs it on whatever requirements list you enter.
The method's data model is small. For each user requirement, the estimator records two numbers:
From these, two derived quantities are computed:
Project-level numbers then follow:
The method is not a black box. Every input is one the estimator chose, and every output is a direct arithmetic consequence of the inputs. That transparency is the method's value: a stakeholder who questions a number can be shown which input drives it, and an estimator who learns the project is slipping can revise one row of the table to absorb the new information.
The calculator below ships with the worked example from the course lecture notes pre-filled. Edit any cell to recompute. Add or remove rows for your own requirements. Change the weekly salary, schedule buffer, or margin range to reflect your context.
| UR | Description | Concurrent developers | Effort per developer (person-weeks) | Total effort (person-weeks) |
|---|
The example data above matches the worked example in the course lecture notes (slide 105). Reset returns to it. The four parameters underneath the table (buffer, salary, margins) are the dials a real estimator would adjust to match their context; defaults follow the course example.
The per-UR method is one entry in a long literature on software effort estimation. The most widely cited alternatives are listed below, with the kind of project each is best suited to. The course's simplified method is the appropriate choice for Phase 1 of the COMP433 project; the others are listed so the reader knows what else exists and when to reach for them.
| Method | Origin | Where it shines |
|---|---|---|
| Per-UR simplified method (course) | Bottom-up by user requirement; developers and weeks per UR. | Small to medium projects where requirements are written before estimation. Transparent; revisable. Adopted for COMP433 Phase 1. |
| COCOMO II | Boehm, Software Cost Estimation with COCOMO II (2000); revision of COCOMO 81. | Larger projects where size can be estimated in KSLOC or function points. Uses 17 cost drivers (product, personnel, project, platform attributes) to scale a base estimate. |
| Function points | Albrecht (1979); standardised by IFPUG. | Information-system projects where requirements can be counted as inputs, outputs, files, inquiries, interfaces. Language- and platform-independent. |
| Use case points | Karner (1993); a function-points adaptation for use-case-driven projects. | Object-oriented projects where requirements are expressed primarily as use cases. Counts actors and use cases, weighted by complexity. |
| Expert judgement / Delphi | Originally RAND Corp. (1959); Wideband Delphi adapted by Boehm. | Projects with novel technology or domain where reference data is scarce. Structured aggregation of expert estimates with controlled iteration. |
| Analogous estimation | Estimation by analogy to historical projects. | Organisations with a deep historical record of similar projects. Cheap, fast, surprisingly accurate when the analogy is genuine. |
| Planning poker / story points | Grenning (2002); popularised by Cohn (2005). | Agile teams estimating user stories on a continuing basis. Relative sizing using a Fibonacci-style scale; team consensus through iterative card play. |
Two observations from the literature, both well-supported by industrial data and worth carrying into any estimation exercise:
The first eleven sections lay out the discipline. This one lists exactly what your team submits at the Phase 2 deadline. Treat the checklist as the assessment grid: each row is evaluated independently, and a missing row is the most common cause of weak submissions.
| # | Artefact | Where defined | Acceptance criterion |
|---|---|---|---|
| 1 | Numbered User Requirements (UR) list | Section 3, plus the writing rules in section 9. | Each UR has a stable identifier (UR1, UR2, ...). Each is one sentence in customer-readable language. Each names a clear actor or goal. No UR mixes a function with a constraint; no UR contains two requirements joined by 'and'. |
| 2 | System Requirements (SR) refinements | Section 3 (the URn / SRn.m convention). | Every UR that needs refinement decomposes into one or more SRs that share its prefix (UR4 -> SR4.1, SR4.2). Each SR is developer-precise and testable. Trivial URs (one-line wishes that need no refinement) may stand on their own. |
| 3 | Non-Functional Requirements (NFR) table | Sections 4 and 5. | At least one NFR per applicable family (product, organisational, external). Each NFR has a measurable threshold (a number, a unit, and a verification method). Wishes are not accepted: "the system shall be fast" is rejected; "p95 page load shall be under 800 ms on 4G" is accepted. |
| 4 | Structured specifications for the non-trivial SRs | Section 8 (the nine-field template). | Every SR whose workflow has at least one decision or one alternative path gets a structured spec. All nine fields populated: Title, Purpose, Description, Actors, Trigger, Pre-condition, Workflow, Alternative Workflow, Post-condition. |
| 5 | Effort estimation against the UR list | Section 11 (the calculator). | Per-UR estimate: concurrent developers, person-weeks per developer, total person-weeks. Roll-up: total effort, schedule (1.30 buffer), cost, quoted price range (1.10 to 1.30 of cost). Numbers must be defensible against a sanity check (average effort per UR, anomalies flagged). |
Before you submit, the team runs through the following list together. Each item should be answerable with "yes, page N" or "yes, section N". Any "no" is rework before the deadline, not after.
The Phase 2 deliverable is assessed on what is in the document, not on what the team intends to add later. A UR that is "going to be" detailed later is, for the purposes of this submission, missing. The most common cause of weak submissions at this stage is incomplete NFRs and missing alternative-workflow fields in structured specs, both of which are easy to add before submission.
Drawn from Sommerville, Wiegers, Robertson and Robertson, and recurring review findings on real requirements documents. Each one is a recurring source of defects discovered too late.
Adjectives that pass natural-language reading but cannot be tested. Replace each with a measurable property and a threshold. "Fast" becomes "responds in under 1.5 seconds for 95% of queries".
"The system shall be fast and secure" mixes two NFRs. They have different stakeholders, acceptance criteria, and test procedures. Split them.
"The system shall use a drop-down list to select the doctor" prescribes a control before design. Write "the system shall let the user select a doctor from the available list" and leave the control to interaction design.
Domain experts forget to say things that, in their world, are obvious. Write down the obvious. A pharmacist will not say "doses are non-negative"; that does not mean the system can assume it.
"All requirements are critical" is the same as "there is no plan for scope cuts under pressure". Rank explicitly so the team knows what survives.
A requirement with no link backward (to a stakeholder or regulation) and no link forward (to a test or design element) is an orphan. When asked "why is this here?", the answer should be in the document, not in memory.
Treating the document as immutable forces the team to ship the wrong thing or to maintain a shadow spec. Versioned, with a documented change process, is the working alternative.
An estimate that pre-dates the requirements is a guess. The per-UR method exists exactly to prevent this: if there are no URs, there is no number to compute.
The course textbook is identified at the head of the list; the rest are works directly referenced in the body and standard practitioner references.
The requirements document is a text artefact. Most non-trivial systems also need graphical models: use case diagrams, activity diagrams, class diagrams, sequence diagrams. Chapter 4's companion covers the notation, history, and accurate drawing of each.
Open Ch.4 companion →