Table of Contents

Learn How to Create and Manage an RTM for full Test Coverage

In this article, I’m going to discuss what an RTM is in software testing.

I’ll also go through some fundamental points on why you need one for your software testing projects.

I’ll then talk about how to use it as part of your project to ensure you have full test coverage of each requirement.

The contents of this article are based on over a decade of working with RTM documents.

What is a requirements traceability matrix in software testing?

An RTM is a single document that captures every project requirement during a software development project. A testing team can create test scripts using full bi directional traceability by mapping each project requirement to appropriate test cases. It also allows stakeholders to understand test coverage.

Why is a Requirements Traceability Matrix Important?

All project requirements and specification can be captured in a single golden source

Whenever I start to design test cases, I always prefer to have ALL requirements beforehand.

The RTM acts as a document where you can literally ‘chuck’ everything into.

Think of the RTM as the nerve centre for all requirements.

This really makes your life easier.

We’ll get to that later in this article.

Test coverage can be captured in its entirety

Forward traceability coverage – each requirement can be mapped to a test case, script or scenario
Backward traceability coverage – Each test case and test condition can be mapped back to a requirement document using reverse traceability.
Bidirectional traceability coverage – You have full end to end visibility for each requirement

It allows easier easier requirements management and maintenance

Lets say you’ve spent some time creating test cases without an RTM.

What if customer requirements change?

How do you track which requirements have been updated, removed or added?

What if the FRS document needs an update after a static review?

It can be an absolute nightmare. You can do it but it takes a lot of work and reviewing tons of documentation.

With a RTM, you literally update the document and VOILA.

Take it from someone who has the scars.

Sorting and filtering becomes much easier.

Allows easier test script / test case / test scenario creation

I’ve found that when every user requirement is categorised in a Requirements traceability Matrix document, it is far easier to create test scripts.

For example, filtering by a specific category such as ‘area of functionality’ or ‘functional module’ gives me an idea of the types of tests to create.

Better Effort Estimation for Test Design/Test Plan Stage

You know when your Project Manager asks you ‘how long will it take to create test cases?‘.

With an RTM and some experience, this task is made somewhat easier.

I find that I can usually give high level estimates ‘better’ than if I didn’t have an RTM.

You can provide a Traceability report quickly

I’m sure many of you reading this have to provide a daily or weekly status update to your line manager or wider stakeholder group.

Now just imagine how easy it becomes when a project stakeholder randomly asks you how many test cases you’ve created or how much test coverage you have.

This is one of the major benefits of having an RTM which can be a lifesaver.

I remember a key stakeholder asked my team this question once and we couldn’t answer because there was no RTM.

We knew how many test cases we were planning to create but didn’t know the exact test coverage in terms of percentage.

We had to trawl through a magnitude of requirements documentation before we could give him the numbers.

Don’t let that be you.

Audit Trail

I’ve worked in a banking environment for many years.

It’s incredibly regulated and rightly so.

If you cough, sneeze of breathe, you have to let the regulators know. I’m obviously being pedantic but you get my drift.

An RTM allows you to capture a full audit trail of each requirement.

If an internal or external audit team wants to look at your documentation then you know you’re covered.

My projects have been audited not only by internal teams but also external (including the big 4 consultancies) many times.

You’ll know where I’m coming from for those of you that deal with the three lines of defence (3LoD) risk model.

When it comes to making notes in the RTM I always date and initial the comments section so literally EVERYTHING is documented.

It’s almost like a running commentary. It’s not required but just how I like to work.

This has honestly helped so much when it comes to things like audits or if you just want to see the history of a requirement.

Identify Regression Testing Gaps

An RTM will allow you to also identify any gaps in your existing regression test pack and allow you to update it.

Helps your Testing Team Colleagues with continuity

I’m a positive person so don’t want to use the ‘getting run over by bus scenario’

But lets say you leave your role tomorrow.

With an RTM, any one of your colleagues can pick up the document and get a real grasp of the project requirements at a granular level.

How to create a Requirements Traceability Matrix (RTM) Document Template

Your RTM needs to include a few very important pieces of information.

You can create this in Microsoft Excel, Google Sheets or any tool of your choice.

Below are the fields I always like to include as a minimum.

Project Requirement ID

This is a unique ID that will be generated specifically for this project. I usually keep this different from tha actual Requirement ID in specification documents.

Document Name

The actual name of the actual requirement document.

Document Type

This should detail the type of document you are referencing to, for example (but not limited to);

Business requirement document (BRD)
Functional Requirement Specification (FRS)
Non functional requirement specification (NFRs)
Data flow diagrams
Use Case descriptions
High Level Design (HLD)
Security Requirements

Any other software or technical requirement that you need to capture.

Author

Include the name of the author of the document.

Version

This will indicate whether or not the document is a draft or baselined version.

It is also particularly handy to know this so you know which version you are designing your tests against.

If the client requirement change then you can update the RTM accordingly.

Source Document Requirement ID

This is the actual requirement ID that is in the source document.

For example, BRD0001 may be the referenced in the the business requirement document.

You should copy and paste BRD001 here.

Requirement Description

Using the above example, copy and paste the whole requirement description for BRD001 here.

Include any business rules, logic etc.

If you think that the requirement needs to be broken down further into numerous conditions, then you can also do this.

I would actively encourage this as it gives you more control over the quality of your software application under test.

Test Case ID / Test Script ID / Test Scenario ID

Add the corresponding test case, script or scenario ID where you have included the requirement.

The Initial RTM Creation Process – Pre Test Case Design Stage

For those of you that are familiar with the ISTQB testing process, the initial RTM stage would sit anywhere in between the first two phases.

This totally depends on your organisation’s processes and working practices.

I would personally create the draft RTM at the ‘Test Planning’ or ‘Analysis and Design’ phase.

It should really sit after the moment you receive the project requirements and prior to you starting your test design.

I would start on creating the RTM prior to commencing work on your test plan.

You can definitely work on the RTM and Test Strategy.in parallel.

Ensure project requirement and design specification documentation is baselined

This is SUPER IMPORTANT.

Ensure you have baselined or almost finalised requirements before you start working on your RTM.

Draft requirements that are in their early stages are not a good idea as they will mean more effort when making updates.

I’m always keen to get this done as soon as possible, BUT, its always a good idea to hold out until they are almost ready,

If you can, try and insist for a baselined version of a requirement specification document.

It really will make your life easier.

Fill out the template as much as possible

Once you receive your documentation, start to fill out key parts of the RTM. For example;

Document Name
Document Type
Author
Version
Source Document Requirement ID
Requirement Description

At this point, you will NOT be designing any test cases, only throwing all requirements into the RTM.

Think of it as a repository for project requirements.

Understand the Test Responsibility and Stakeholder’s Involvement

It’s all good and well having a complete and nice looking RTM. However, you need to know what to do with it.

What if your team can’t test a requirement but another team can?

How do you agree on who tests what?

The RTM is a great way to agree this before you start any test design work.

Let’s go through a few points on how you can mitigate any gaps in coverage;

Agree on the requirement owner(s)

There are so many different requirement types and involvement from many different teams when you test software that it can sometimes get confusing.

Ensure you make a note of who owns the requirement.

For example, the Business requirement document (BRD) is generally owned by the end user in conjunction with the Business Analysis team.

Engage with the team who wrote the requirement and ensure you capture this in the RTM.

In the comments section, date and initial with a description of the conversation or email conversation.

Agree on who tests the requirement(s)

– Pay particular attention to Non-Functional Requirements (NFRs)

– Update the relevant requirement

I’ve worked in many scenarios where the owner of the requirements isn’t necessarily the team that will conduct the test.

As a Test team function, the natural assumption is that you’ll be responsible for all testing.

This isn’t always true.

VERY IMPORTANT POINT

It’s absolutely imperative that you get this agreed before you start any design.

Take it from me, if you don’t get this agreed now, you’ll potentially have a big headache further down the line.

Oh and ALWAYS get confirmations in an email. Verbal agreements do not count.

Pay particular attention to Non-Functional Requirements (NFRs)

Managing non functional requirements can be a NIGHTMARE!

They cover a wide net of different types of tests which involve different teams.

For this reason, it’s really important that you don’t forget about these.

I had a project where I was testing a web based functional application for many months.

We had a few issues at first but we’d managed to reach the end.

I completed a draft of the Test Completion report (Test exit report), only to be told that the NFRs hadn’t been tested.

The project was due to go into Production in a few days and no stakeholder was prepared to Sign off.

This was an absolute nightmare.

So what happened?

A number of things.

The requirement owner didn’t want to test the IT security requirements.

This is not something my team ever tests.

Thankfully our team had no option but to take on the responsibility to test most of the outstanding requirements.

We didn’t have to but we did this for the greater good.

Having a very experienced and awesome Project Manager also helped immensely.

We definitely would not have managed to do it without Chris (name changed).

This is an example of ensuring that your stakeholders category agree as early as possible on their responsibility.

Ensure all requirements have been covered

Every single requirement needs to be covered in terms of whether ot nor it will be tested or not.
There must be NO gaps.

Get Stakeholder approvals

Once you have every single requirement covered, it’s time to get approval from the stakeholder community.

Baseline document and send out to all stakeholder teams

During the Test Design Phase

Add corresponding test cases and their IDs to the RTM

As you design your test cases, make a note of the requirements that are being covered and literally fill out the RTM.

Update

If there are any specification updates, then now is a good time to update the RTM.

Pros and Cons of an RTM

There are a number of positive as well as not so good reasons for using an RTM.

Pros

Can easily track coverage and gaps can be found quickly
Allows the test team to feedback to the authors of specification documentation and therefore improving the quality of documentation.
Quality of testing can be better.

The International Journal of Engineering also list the benefits of using an RTM.

Cons of the Requirements Traceability Matrix Document

Its not all roses with a RTM. There are a few downsides too.

Can’t start until you receive documentation
Can take some time to create – especially if you’re breaking down into conditions.
Many test teams still do not adopt the RTM
Its an overhead – When you’re working to tight deadlines, managing yet another artefact can be an overhead they can cost time and money.

Wrapping Up

Having worked in many different types of software testing projects over the years, I can category say that I’ve found the RTM incredibly useful.

Not only does it help you identify any gaps in coverage, but also gives you an idea of progress.

It also comes to your rescue when there is an audit or when management want to ask you any questions.

My advice would be to incorporate this document as part of your organisation’s testing process.

It really has helped me from a test management and stakeholder management perspective.

I’d love to hear your thoughts and whether or not you use an RTM as part of your test process.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_10205646_49	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
cf_chl_2	1 hour	This cookie is used to check whether the Cloudflare Edge server supports cookies. It can be deleted if seen.
cf_chl_cc_ToqeXVNMVEuB	session	No description
cf_chl_cc_XXX		This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_prog	1 hour	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_rc_ni	1 hour	This cookie is for internal use which allows Cloudflare to identify production issues on clients.
cf_chl_seq_		This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_046ccb46ec90f85	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_064900b48386b51	session	No description
cf_chl_seq_06ed14a3896e34f	session	No description
cf_chl_seq_0b784f5f3f5915b	session	No description
cf_chl_seq_0cd57498f918783	session	No description
cf_chl_seq_0dfcccc8c551e27	session	No description
cf_chl_seq_108bf9b3e21def1	session	No description
cf_chl_seq_135ce20736d8877	session	No description
cf_chl_seq_1383fef81e66448	session	No description
cf_chl_seq_18a4bde08554fe0	session	No description
cf_chl_seq_1ff888ba78b9625	session	No description
cf_chl_seq_20cd0c64dc42191	session	No description
cf_chl_seq_24b27ff275abfa4	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_2604054c7fd4485	session	No description
cf_chl_seq_260b28d64c35d21	session	No description
cf_chl_seq_260cbcd64f7a54e	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_2d92d76a422b230	session	No description
cf_chl_seq_2dd83b95e9bc0b9	session	No description
cf_chl_seq_2ea2ab273f64659	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_31e7ce48ac7bd9f	session	No description
cf_chl_seq_3612339b455648b	session	No description
cf_chl_seq_3a62cffd0bc93b2	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_3acf7a8086e78d6	session	No description
cf_chl_seq_3e6f3b0b3b5b044	session	No description
cf_chl_seq_3f61851b72f41e6	session	No description
cf_chl_seq_450d372acd87c95	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_451b8d52f8e3db0	session	No description
cf_chl_seq_46ac02b891f8cc7	session	No description
cf_chl_seq_494e570e4691799	session	No description
cf_chl_seq_4b992421dad033d	session	No description
cf_chl_seq_4c7c738556d544e	session	No description
cf_chl_seq_51ef9e6f1c5bc42	session	No description
cf_chl_seq_58322de2dd0fb39	session	No description
cf_chl_seq_5af6952552aa62c	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_60fa0c2a938df38	session	No description
cf_chl_seq_66769d84ddc1417	session	No description
cf_chl_seq_683873b90de9ea1	session	No description
cf_chl_seq_6b50c38587ef2b2	session	No description
cf_chl_seq_6b5ba32f1bacda1	session	No description
cf_chl_seq_6c4b33d10dd48db	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_6ed2bdf13c6526a	session	This cookie is used by Cloudflare for the execution of Javascript or Captcha challenges. It is not used for tracking or beyond the scope of the challenge. It can be deleted if seen.
cf_chl_seq_722ff0fe5560b9b	session	No description
cf_chl_seq_723ca8cd66fb4a7	session	No description
cf_chl_seq_768a95e260a561f	session	No description