eBook OR

[OR] [P2] [S2] [MII] [C4] Step 1 - Define Scope of Mapping Introduction

Written by Moh Heng Goh | May 4, 2026 12:56:18 PM

[P2] [S2] Chapter 4

Step 1 - Define Scope of Mapping Introduction

Introduction

The success of interconnection and interdependency mapping depends heavily on how well the scope of mapping is defined at the outset. Without a clearly defined scope, organisations risk producing fragmented, inconsistent, or overly complex mapping outputs that fail to support operational resilience objectives.

Defining the scope ensures that mapping efforts are:

  • Focused on what truly matters (Critical Business Services)
  • Aligned with regulatory expectations
  • Structured and manageable
  • Relevant for downstream activities such as impact tolerance setting, scenario testing, and recovery planning

This chapter outlines the first and most critical step in the mapping process: defining the scope, including identifying Critical Business Services (CBS), establishing end-to-end boundaries, and determining stakeholders and governance structures.

Purpose of the Chapter

The purpose of this chapter is to:

  • Establish a structured approach to defining the scope of mapping
  • Explain how to identify and prioritise Critical Business Services (CBS)
  • Define end-to-end service boundaries
  • Identify key stakeholders and governance structures
  • Provide clear deliverables for this phase

 

Identify Critical Business Services (CBS)

Definition of CBS

Critical Business Services (CBS) are the services that, if disrupted, would result in:

  • Significant harm to customers
  • Financial or operational impact to the organisation
  • Breach of regulatory obligations
  • Systemic impact on the financial ecosystem
Importance of CBS Identification

CBS identification is the anchor point for all mapping activities. Without clearly defined CBS:

  • Mapping may focus on non-critical areas
  • Resources may be misallocated
  • Resilience efforts may not align with regulatory expectations
Approach to Identifying CBS

Organisations should:

  • Adopt a service-centric perspective
  • Focus on outcomes delivered to customers or stakeholders
  • Consider regulatory guidance and industry practices
Typical CBS Examples (Banking Context)
  • Deposit and Account Services
  • Payments and Funds Transfer Services
  • Lending and Credit Services
  • Digital Banking Access

Each CBS should be clearly defined in terms of:

  • Service description
  • Customer segments served
  • Key outcomes delivered

 

Define Boundaries (End-to-End Service View)

Importance of Defining Boundaries

Once CBS are identified, organisations must define the boundaries of each service. This ensures that mapping captures the complete service delivery chain, rather than isolated components.

End-to-End Service Perspective

An end-to-end view includes:

  • Service initiation (e.g., customer request)
  • Processing and execution
  • Completion and delivery of outcomes
Key Boundary Considerations

When defining boundaries, organisations should consider:

Start Point
  • Where the service is initiated
  • Example: Customer login or transaction request
End Point
  • Where the service outcome is delivered
  • Example: Successful completion of payment or account update
Internal Components
  • Processes
  • Systems
  • Teams
External Components
  • Third-party providers
  • Market infrastructure (e.g., payment networks)

 

Avoiding Common Pitfalls
  • Overly narrow scope: Missing critical dependencies
  • Overly broad scope: Creating unnecessary complexity
  • Process-centric boundaries: Ignoring end-to-end service flow
Outcome

Clearly defined boundaries ensure that mapping:

  • Captures all relevant interconnections
  • Reflects real-world service delivery
  • Supports accurate risk and resilience analysis

 

Identify Stakeholders and Governance

Importance of Stakeholder Identification

Mapping interconnections and interdependencies is a cross-functional activity. It requires collaboration across multiple business and support units.

Without proper stakeholder involvement:

  • Mapping may be incomplete
  • Critical dependencies may be missed
  • Validation becomes difficult
Key Stakeholders

Stakeholders typically include:

Business Units
  • CBS owners
  • Process owners
  • Operations teams
Technology Teams
  • Application owners
  • Infrastructure teams
  • Cybersecurity teams
Risk and Compliance
  • Operational risk
  • Business continuity management
  • Regulatory compliance
Third-Party Management
  • Vendor management teams
  • Procurement
Senior Management
  • Oversight and accountability
  • Decision-making authority
Governance Structure

A structured governance framework should include:

  • Executive Sponsor: Provides strategic direction
  • Program Lead: Oversees mapping initiative
  • CBS Owners: Accountable for service mapping
  • Working Groups: Execute mapping activities
  • Validation Committee: Reviews and approves outputs
Roles and Responsibilities

Clear roles must be defined to ensure:

  • Accountability
  • Consistency in mapping
  • Timely completion of activities

This aligns with the Three Lines of Defence model, ensuring:

  • First line: Ownership and execution
  • Second line: Oversight and challenge
  • Third line: Independent assurance

Deliverables of Step 1

The output of this step provides the foundation for all subsequent mapping activities.

CBS Inventory

A structured list of all identified Critical Business Services, including:

  • CBS name and description
  • Service owner
  • Customer segments
  • Key outcomes
Purpose:
  • Establish scope of resilience focus
  • Align organisation on priority services

 

Mapping Scope Definition

A formal document defining:

  • Selected CBS for mapping
  • Boundaries of each CBS
  • Inclusion and exclusion criteria
  • Assumptions and constraints
Purpose:
  • Ensure consistency in mapping
  • Prevent scope creep
  • Provide clarity to all stakeholders

 

Stakeholder Matrix

A structured matrix identifying:

  • Stakeholders involved
  • Roles and responsibilities
  • Level of involvement (e.g., owner, contributor, reviewer)
Example Fields:
  • Stakeholder Group
  • Role
  • Responsibility
  • CBS Coverage
  • Contact Point
Purpose:
  • Facilitate coordination
  • Ensure accountability
  • Support validation and governance

 

Defining the scope of mapping is the critical first step in building an effective interconnection and interdependency framework. By clearly identifying Critical Business Services, establishing end-to-end boundaries, and engaging the right stakeholders, organisations lay a strong foundation for accurate and meaningful mapping.

This step ensures that mapping efforts are:

  • Focused on what truly matters
  • Aligned with regulatory expectations
  • Structured for effective execution

The deliverables—CBS inventory, mapping scope definition, and stakeholder matrix—serve as essential reference points for all subsequent phases.

In the next chapter, we will explore Step 2: Identify Data Sources, which focuses on gathering the necessary information required to perform detailed and accurate mapping of interconnections and interdependencies.

C1 C2 C3 C4 C5 C6
C7 C8 C9 C10 C11  C12
C13 C14 C15 C16 C17  C18
C19 C20 C21 C22    
   

 

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.

If you have any questions, click to contact us.

 
View full post