Risk Management (P3)
P3 – Risk Management — analysing, evaluating, and managing strategic, operational, and financial risk, including internal control and cyber risk
Exam Duration
90 minutes
Pass Mark
100 out of 150 scaled score (equivalent to approximately 67%)
Students
30,000+
Download Your Free Study Plan
Join over 30,000+ students who have used Learnsignal to pass their exams.
We're committed to your privacy. The information you provide is used to contact you about relevant content, products, and services.
Risk Management (P3) — overview
P3 is the Performance pillar at the Strategic level — dedicated to identifying, analysing, evaluating, and managing risk across an organisation. It's the paper that prepares CGMAs for roles in risk management, internal audit, and strategic finance.
The syllabus covers enterprise risk management frameworks, strategic risk (competitive, reputational, regulatory), operational risk (process, people, systems, compliance), and financial risk (credit, liquidity, market, currency, interest rate). You'll also learn about internal control systems, cyber and data-protection risk, and the role of internal audit in monitoring and assuring risk responses.
P3 rewards applied judgment and the ability to apply risk frameworks to complex business scenarios. Practise writing short, structured responses that recommend specific controls and risk responses for a given situation.
What You'll Learn
- Enterprise risk
- Strategic risk
- Internal controls
- Cyber risk
Career Relevance
The Performance pillar is the costing, budgeting, and decision-making heart of management accounting. It's the foundation of roles such as Management Accountant, Commercial Analyst, Finance Business Partner, and anyone supporting short- or medium-term business decisions. Passing the Strategic level, combined with three years of relevant practical experience, earns you the CGMA (Chartered Global Management Accountant) designation and full CIMA membership (ACMA). This opens senior roles such as Financial Controller, Head of Finance, Finance Director, CFO, Internal Audit Director, and senior strategic roles across industry and consulting.
Exam Format
- Duration:90 minutes
- Pass Mark:100 out of 150 scaled score (equivalent to approximately 67%)
- Format:60 equally-weighted questions drawn from all content areas in the blueprint. Item types include multiple choice, multiple response, fill-in-the-blank (number entry), and drag-and-drop. All questions are independent — partial marks are not available. Candidates may answer in any order and navigate between questions.
Prerequisites
You must have completed the Management level (E2, P2, F2 plus the Management Case Study) before registering at the Strategic level. In practice this usually means completing the full Operational and Management levels in sequence; direct exemptions into the Strategic level are rare and typically require chartered membership of another recognised body.
Risk Management (P3) syllabus
The content areas you'll cover in P3 and their assessment weightings.
Risk Management (P3) exam format
How P3 is assessed, how long you have, and what to expect on exam day.
Computer-based objective test
90 minutes
60 equally-weighted questions drawn from all content areas in the blueprint. Item types include multiple choice, multiple response, fill-in-the-blank (number entry), and drag-and-drop. All questions are independent — partial marks are not available. Candidates may answer in any order and navigate between questions.
On demand at Pearson VUE test centres worldwide or online, bookable up to 48 hours before the exam date
100 out of 150 scaled score (equivalent to approximately 67%)
How to pass Risk Management (P3)
Expert tips from Learnsignal's CIMA tutors for passing P3.
ERM frameworks are core
COSO ERM and ISO 31000 both appear. Know the components of each and how they relate. Risk identification, assessment, response, monitoring — the full cycle.
Internal control — COSO and controls categories
COSO Internal Control framework (control environment, risk assessment, control activities, information/communication, monitoring). Preventive/detective/corrective controls. All examinable.
Financial risks — quantitative and qualitative
Currency, interest rate, credit, liquidity, market risk — know the types, measurement (VaR, sensitivity, scenario), and responses (hedging, diversification, transfer, avoidance).
Cyber and information risk is rising in weight
Cybersecurity, data breaches, GDPR, system outages — all examinable. Know the risk categories and the main control frameworks (ISO 27001, NIST).
Operational risk — people, process, systems, external
The Basel categorisation applies widely. Know the four categories, typical controls, and how operational risk interacts with financial risk.
Ethics is embedded everywhere
Every scenario in P3 can be read as ethical. Apply CIMA's Code of Ethics framework (integrity, objectivity, professional competence, confidentiality, professional behaviour) to risk decisions.
Ready to study Risk Management (P3)?
Full CIMA access — videos, mocks, mentoring, and the study planner — included with every Learnsignal plan.
See CIMA pricing →Risk Management (P3) — frequently asked questions
Common questions about P3 — what's covered, how it's assessed, and how to prepare.
Ready to start Risk Management (P3)?
Get instant access to CIMA tutors, on-demand video lectures, practice question banks, and exam-focused mocks to pass your next paper with confidence.
This page was last updated: