How many questions are on the CIMA P3 exam?

CIMA does not publish a fixed number, but the P3 objective test typically contains around 60 questions to be answered in 90 minutes. Question types include multiple-choice, multiple-response, number-entry and drag-and-drop.

What score do I need to pass CIMA P3?

CIMA objective tests are marked on a scaled score from 0 to 150, and a scaled score of 100 is required to pass. The scaled score is not the same as a simple percentage of questions correct.

Is CIMA P3 available on demand?

Yes. P3 is a computer-based objective test available on demand throughout the year. It can be sat at a Pearson VUE test centre or remotely through online proctoring once you have booked through your CIMA account.

How long is the CIMA P3 exam?

The P3 objective test lasts 90 minutes. Candidates should manage their time across the objective test questions, leaving a little time to review flagged answers before submitting.

What frameworks should I know for CIMA P3?

Key frameworks include COSO ERM (2017) and ISO 31000 for risk management, the COSO internal control framework and the three lines of defence for controls, and COBIT, ISO 27001 and the CIA triad for cyber risk and information security.

Do I need work experience to sit CIMA P3?

No work experience is required to sit the P3 objective test. However, three years of relevant practical experience is required, alongside passing the exams, to gain the CGMA designation and full CIMA membership.

How much does CIMA P3 cost?

CIMA does not publish a single global P3 fee. The objective test assessment fee varies by region and is confirmed when you book through your CIMA account and Pearson VUE, in addition to your annual student subscription.

All Practice Exams

100+ Free CIMA P3 Risk Management Practice Questions

CIMA Strategic Level P3: Risk Management practice questions are available now; exam metadata is being verified.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not published per window Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

Within ISO 31000:2018, which is identified as one of the core PRINCIPLES of effective risk management?

Risk management eliminates all uncertainty

Risk management applies only to financial reporting

Risk management should create and protect value

Risk management must be outsourced to specialists

to track

Same family resources

Explore More AICPA and CIMA Credentials

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

More From This Family

Videos and articles for deeper review.

ArticleCIMA 2026: Portfolio Construction and Consulting Prep7 min read

2026 Statistics

Key Facts: CIMA P3 Risk Management Exam

90 min

Objective Test Duration

AICPA & CIMA Exam Information

~60

Objective Test Questions

AICPA & CIMA

4 x 25%

Equally Weighted Syllabus Areas

Strategic Level Blueprint 2026-2027

100/150

Scaled Score to Pass

AICPA & CIMA

On demand

Booking Availability

AICPA & CIMA / Pearson VUE

Strategic

CGMA Qualification Level

CGMA Professional Qualification

CIMA P3: Risk Management is a 90-minute, on-demand computer-based objective test sat at Pearson VUE or via online proctoring, typically containing around 60 questions in MCQ, multiple-response, number-entry and drag-and-drop formats. The 2026-2027 Strategic blueprint splits the syllabus into four equally weighted areas: Enterprise risk (25%), Strategic risk (25%), Internal controls to manage risk (25%) and Cyber risk and management control (25%). Each CIMA objective test is marked on a 0-150 scaled score with 100 required to pass. CIMA does not publish a single global P3 fee; assessment fees are confirmed by region at booking.

Sample CIMA P3 Risk Management Practice Questions

Try these sample questions to test your CIMA P3 Risk Management exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1In enterprise risk management (ERM), what most clearly distinguishes the ERM approach from traditional 'silo' risk management?

A.ERM manages risks in an integrated, organisation-wide portfolio aligned to strategy

B.ERM only considers financial and insurable risks

C.ERM transfers all risk to third parties

D.ERM eliminates the need for internal audit

Explanation: ERM takes a holistic, top-down, portfolio view of all risks across the organisation and links them to strategy and objectives, rather than managing risks separately within departmental silos. This allows interdependencies and aggregate exposures to be seen and managed.

2Under the COSO Enterprise Risk Management framework (2017), 'Enterprise Risk Management — Integrating with Strategy and Performance', what are the five interrelated components?

A.Identify; Assess; Respond; Monitor; Disclose

B.Governance & Culture; Strategy & Objective-Setting; Performance; Review & Revision; Information, Communication & Reporting

C.Control Environment; Risk Assessment; Control Activities; Information; Monitoring

D.Plan; Do; Check; Act; Report

Explanation: The updated 2017 COSO ERM framework is structured around five components: Governance & Culture; Strategy & Objective-Setting; Performance; Review & Revision; and Information, Communication & Reporting, supported by 20 principles. This replaced the earlier cube structure.

3A company defines the amount and type of risk it is willing to accept in pursuit of its objectives. This concept is best described as the organisation's:

A.Residual risk

B.Risk capacity

C.Risk appetite

D.Risk register

Explanation: Risk appetite is the amount and type of risk an organisation is willing to take in order to meet its strategic objectives. It guides risk responses and the setting of tolerances, and it is set by the board.

4The 'TARA' framework classifies risk responses. What does each letter represent?

A.Transfer, Accept, Reduce, Adjust

B.Treat, Assess, Report, Audit

C.Treat, Avoid, Reduce, Accept

D.Transfer, Avoid, Reduce, Accept

Explanation: TARA stands for Transfer, Avoid, Reduce and Accept — the four generic strategies for responding to risk. The chosen response usually depends on the likelihood and impact of the risk relative to appetite.

5On a likelihood/impact risk map, which combination would normally indicate a risk that should be AVOIDED or the activity exited entirely?

A.High likelihood, high impact

B.Low likelihood, low impact

C.Low likelihood, high impact

D.High likelihood, low impact

Explanation: A risk that is both high likelihood and high impact threatens objectives severely and frequently; where it cannot be cost-effectively reduced or transferred, avoidance (exiting the activity) is the appropriate response. This is the top-right quadrant of the heat map.

6Which statement correctly describes 'gross (inherent) risk' versus 'net (residual) risk'?

A.Gross risk is after controls; net risk is before controls

B.Gross risk is before controls; net risk is after controls

C.Both are measured after insurance only

D.Net risk always equals risk appetite

Explanation: Gross or inherent risk is the level of risk before any controls or responses are applied; net or residual risk is what remains after controls are in place. Comparing the two shows how effective controls are at reducing exposure.

7A manufacturer faces a possible loss of £4,000,000 from a plant fire with an estimated probability of 0.05. What is the expected value of this risk?

A.£800,000

B.£4,000,000

C.£200,000

D.£20,000

Explanation: Expected value equals probability multiplied by impact: 0.05 × £4,000,000 = £200,000. Expected value is widely used to prioritise risks and to assess whether the cost of a control or insurance premium is justified.

8Within ISO 31000:2018, which is identified as one of the core PRINCIPLES of effective risk management?

A.Risk management eliminates all uncertainty

B.Risk management applies only to financial reporting

C.Risk management must be outsourced to specialists

D.Risk management should create and protect value

Explanation: ISO 31000:2018 states that the purpose of risk management is the creation and protection of value, and lists principles such as being integrated, structured, customised, inclusive, dynamic and based on best available information. Value creation/protection is the central principle.

9Who holds ultimate responsibility for an organisation's risk management and the setting of risk appetite?

A.The board of directors

B.The external auditors

C.Operational line managers

D.The internal audit function

Explanation: The board has ultimate accountability for risk management, including approving the risk appetite and ensuring an effective risk management framework exists. It may delegate oversight to a risk committee but retains overall responsibility.

10A risk register typically records, for each risk, all of the following EXCEPT:

A.Likelihood, impact and a risk score

B.The market share of the organisation's competitors

C.A description of the risk and its category

D.The risk owner and chosen response

Explanation: A risk register documents each risk's description, category, likelihood, impact, score, owner, controls and response. Competitor market share is general market intelligence and is not a standard field of a risk register.

About the CIMA P3 Risk Management Practice Questions

Verified exam format metadata for CIMA Strategic Level P3: Risk Management is pending. The practice questions above remain available while official exam length, timing, passing score, fee, and administrator details are reviewed.

100+ Free CIMA P3 Risk Management Practice Questions

Explore More AICPA and CIMA Credentials

CIMA Certified Investment Management Analyst

CGMA Chartered Global Management Accountant

ABV Accredited in Business Valuation

AICPA Certified in Financial Forensics (CFF)

AICPA CITP Certified Information Technology Professional

AICPA CVFI Certified in Valuation of Financial Instruments

More From This Family

Key Facts: CIMA P3 Risk Management Exam

Sample CIMA P3 Risk Management Practice Questions

About the CIMA P3 Risk Management Practice Questions