CIMA Performance Strategy P3 Syllabus
The P3 Performance Strategy module concentrates on two main issues; the identification and management of the risks facing organisations. The management and control of financial and non-financial risks using management strategies such as financial instruments, and monitoring systems of internal control, are also covered within the P3 syllabus.
The P3 syllabus pays particular attention to ‘new’ sources of risk and closely examines the risks associated with governance, ethical and environmental issues.
The P3 module is separated into five topics each with suggested study weightings which can be found alongside each section title.
A. MANAGEMENT CONTROL SYSTEMS (10%)
• The application of control systems and related theory to the design of management accounting control systems and information systems in general (i.e. control system components, primary and secondary feedback, positive and negative feedback, open and closed-loop control).
• Variation in control needs and systems dependent on organisational structure (e.g. extent of centralisation versus divisionalisation, management through strategic business units).
• Assessing how lean the management accounting system is (e.g. extent of the need for detailed costing, overhead allocation and budgeting, identification of non-value adding activities in the accounting function).
• The ways in which systems are used to achieve control within the framework of an organisation (e.g. contracts of employment, policies and procedures, discipline and reward, reporting structures, performance appraisal and feedback).
• Structure and operation of management accounting control systems (e.g. identification of appropriate responsibility and control centres within the organisation, performance target setting, avoiding unintended behavioural consequences of using management accounting controls).
• Cost of quality applied to the management accounting function and “getting things right first time”.
B. RISK AND INTERNAL CONTROL (25%)
• Types and sources of risk for business organisations: financial, commodity price, business (e.g. from fraud, employee malfeasance, litigation, contractual inadequacy, loss of product reputation), technological, external (e.g. economic and political), and corporate reputation (e.g. from environmental and social performance or health and safety) risks.
• Quantification of risk exposures (impact if an adverse event occurs) and their expected values, taking account of likelihood.
• Information required to fully report on risk exposures.
• Risk map representation of risk exposures as a basis for reporting and analysing risks.
• Fraud related to sources of finance (e.g. advance fee fraud and pyramid schemes).
• Risks associated with international operations (e.g. from cultural variations and litigation risk, to loss of goods in transit and enhanced credit risk). (Note: No specific real country will be tested).
• Purposes and importance of internal control and risk management for an organisation.
• Issues to be addressed in defining management’s risk policy.
• The principle of diversifying risk. (Note: Numerical questions will not be set).
• The risk manager role (including as part of a set of roles) as distinct from that of internal auditor.
• Purposes of internal control (e.g. safeguarding of shareholders’ investment and company assets, facilitation of operational effectiveness and efficiency, contribution to the reliability of reporting).
• Elements in internal control systems (e.g. control activities, information and communication processes, processes for ensuring continued effectiveness etc).
• The principles of good corporate governance based on those for listed companies (the Combined Code), e.g. separation of chairman and CEO roles, appointment of non-executive directors, transparency of directors’ remuneration policy, relations with shareholders, the audit committee. Other examples of recommended good practice may include The King Report on Corporate Governance for South Africa, Sarbanes-Oxley Act in the USA, The Smith and Higgs Reports in the UK, etc).
• Operational features of internal control systems (e.g. embedding in company’s operations, responsiveness to evolving risks, timely reporting to management).
• Minimising the risk of fraud (e.g. fraud policy statements, effective recruitment policies and good internal controls, such as approval procedures and separation of functions, especially over procurement and cash).
• The pervasive nature of internal control and the need for employee training.
• Costs and benefits of maintaining the internal control system.
• Recommendations for internal control (e.g. The Turnbull Report).
• Ethical issues identified in the CIMA Code of Ethics for Professional Accountants, mechanisms for detection in practice and supporting compliance.
C. REVIEW AND AUDIT OF CONTROL SYSTEMS (15%)
• Major tools available to assist with a review and audit process (e.g. audit planning, documenting systems, internal control questionnaires, sampling and testing).
• Operation of internal audit, the assessment of audit risk and the process of analytical review, including different types of benchmarking, their use and limitations.
• The process of review (e.g. regular reporting to management on the effectiveness of internal controls over significant risks) and audit of internal controls.
• Particular relevance of the fundamental principles in CIMA’s Ethical Guidelines to the conduct of an impartial and effective review of internal controls.
• Detection and investigation of fraud.
• Role of the internal auditor and relationship of the internal audit to the external audit.
• Relationship of internal audit to other forms of audit (e.g. value-for-money audit, management audit, social and environmental audit).
• The nature of the external audit and its process, including the implications of internal audit findings for external audit procedures.
• The principles of good corporate governance for listed companies, for the review of the internal control system and reporting on compliance.
• Application of the CIMA Code of Ethics for Professional Accountants to the resolution of ethical conflicts in the context of discoveries made in the course of internal review, especially section 210.
D. MANAGEMENT OF FINANCIAL RISK (35%)
• Sources of financial risk, including those associated with international operations (e.g. hedging of foreign investment value) and trading (e.g. purchase prices and sales values).
• Transaction, translation, economic and political risk.
• Operation and features of the more common instruments for managing currency risk: swaps, forward contracts, money market hedges, futures and options.
• Quantification of risk exposures, their sensitivities to changes in external conditions and their expected values.
• Minimising political risk
• Operation and features of the more common instruments for managing interest rate risk: swaps, forward rate agreements, futures and options.
• Simple graphs depicting cap, collar and floor interest rate options.
• Theory and forecasting of exchange rates (e.g. interest rate parity, purchasing power parity and the Fisher effect).
• Principles of valuation of financial instruments for management and financial reporting purposes (IAS 39), and controls to ensure that the appropriate accounting method is applied to a given instrument.
• Quantification and disclosure of the sensitivity of financial instrument values to changes in external conditions.
• Internal hedging techniques (e.g. netting and matching).
E. RISK AND CONTROL IN INFORMATION SYSTEMS (15%)
• The purpose and content of IM, IS and IT strategies, and their role in performance management and internal control.
• The potential ways of organising the IT function (e.g. the use of steering committees, support centres for advice and help desk facilities, end user participation).
• The arguments for and against outsourcing.
• Techniques available to assist audit in a computerised environment (computer-assisted audit techniques e.g. audit interrogation software).
• Methods for securing systems and data back-up in case of systems failure and/or data loss.
• The importance and characteristics of information for organisations and the use of cost-benefit analysis to assess its value.
• Minimising the risk of computer-based fraud (e.g. access restriction, password protection, access logging and automatic generation of audit trail).
• Risks in IS/IT systems: erroneous input, unauthorised usage, imported virus infection, unlicensed use of software, theft, corruption of software, etc.
• Data collection and IT systems that deliver information to different levels in the organisation (e.g. transaction processing, decision support and executive informative systems).
• Risks and benefits of Internet and Intranet use by an organisation.
• The criteria for selecting outsourcing/facilities management partners and for managing on-going relationships, service level agreements, discontinuation/change of supplier, hand-over considerations.
• Controls which can be designed into an information system, particularly one using IT (e.g. integrity, security, and contingency controls).
• Control and audit of systems development and implementation.
CIMA Performance Strategy P3 Exam Past Questions
The P3 assessment exam is split into two sections. Section A has a case-study styled questions relating to a the same pre-seen scenario as the other two strategic level modules and section B involves answering TWO out of three questions. The questions tend to be quite long so only one has been provided as a specimen to demonstrate the general style.
The Y Company produces a range of dairy products such as yoghurts, cream and butter from one factory. The main ingredient for these products is milk, which is obtained from 27 different dairy farms (fields where cows are allowed to graze and produce milk) within a 60 km radius of the factory. Y requires that milk must be delivered within 6 hours of being obtained from the cows and that the farms themselves use “organic” principles (farming without using manmade pesticides, growth hormones etc.). Transportation systems in Y’s country are good and milk is rarely delivered late.
Each farm provides a quality certificate on each batch of milk produced confirming adherence to these standards (this is important to Y although customer satisfaction surveys show Y products are sold on taste, not sourcing of ingredients).
In Y’s factory, yoghurt is produced in batches. The inputs to each batch such as milk, fruit, appropriate bacteria and other ingredients, are recorded in the batch database showing the source of that ingredient, that is, the specific farm. During production, Y’s quality control department tests each batch for purity (lack of contamination from harmful bacteria etc) and acceptable taste, with the results being recorded in the quality control database. Any batches not meeting quality standards are rejected and destroyed. Y’s costing systems have maintained a 5% failure rate in production for the last 6 years which is now well in excess of the industry average.
On completion of each batch, the quality control department again undertakes purity control and taste testing. Batches are rejected where standards are not met; a further 2% failure rate is expected at this stage.
Batches of yoghurt etc are packed on Y’s premises and then despatched for sale via retail outlets such as supermarkets; Y does not sell direct to the consumer. However, Y has an excellent brand name resulting from innovative advertising and high product quality. Product reviews in magazines and news websites have always been favourable meaning that Y does not need to pay much, if any, attention to customer feedback.
a) Evaluate the control systems in Y for the manufacture of yoghurt, recommending improvements to those systems where necessary.
a) Explain the process of risk mapping and construct a risk map for Y. Discuss how risk mapping can be used within the Y organisation.
(Total = 25 marks)
Choose your training provider and decide on your mode of study such as full-time, part-time or online.