The Model: A Brief Review
The fraud triangle, developed by criminologist Donald Cressey in the 1950s, describes the three conditions that are typically present when an individual commits fraud. Pressure — also called motivation or incentive — is the personal financial or situational need that drives the individual toward fraud. Opportunity is the circumstance that allows the fraud to be committed without immediate detection. Rationalisation is the cognitive process by which the individual justifies the fraudulent behaviour to themselves as acceptable or necessary.
All three elements are typically present in cases of employee fraud, though their relative prominence varies. Embezzlement cases often involve significant personal financial pressure — a gambling debt, a medical emergency, a business failure. Management fraud cases may involve more systemic pressure — performance targets that cannot be achieved legitimately, compensation structures that reward short-term results regardless of how they are achieved.
Where Auditors Misapply the Model
The most common misapplication is treating the fraud triangle as a checklist rather than as a diagnostic framework. Auditors who ask "are there any fraud pressures in this area?" and receive a "no" from management have not conducted fraud risk assessment — they have asked management to self-report the conditions that might cause their staff to defraud the organisation. Unsurprisingly, the answer is almost always no.
Effective fraud risk assessment uses the triangle as a lens for examining the control environment, not as a survey instrument. The question is not "is there pressure?" but "what pressure-creating conditions exist in this environment, and which of our controls are most likely to fail when those pressures are present?"
A second common misapplication is focusing exclusively on the opportunity dimension — because it is the most directly actionable. Auditors can identify and test control gaps; they cannot easily identify individual rationalisation, and they have limited ability to address systemic pressure. But this asymmetry leads to a pattern where fraud risk assessments focus almost entirely on segregation of duties, access controls, and authorisation limits while largely ignoring the social, cultural, and incentive factors that determine whether people will exploit control weaknesses when they have the opportunity.
Using the Triangle as a Practical Audit Lens
To use the fraud triangle effectively, auditors should examine all three elements during fraud risk assessment — not just opportunity.
Pressure indicators to examine: Unusual employee financial behaviour (living above apparent means, significant personal financial distress), high-pressure performance targets with large incentive compensation attached, recent redundancy announcements or restructuring creating job insecurity, management under external pressure to report specific financial results.
Opportunity indicators to examine: Weak segregation of duties in high-risk transaction streams, override capabilities that are broadly distributed or infrequently monitored, reconciliation processes that are consistently delayed or inadequately reviewed, systems that allow manual adjustments without automatic logging.
Rationalisation indicators to examine: Culture of viewing policy compliance as optional when inconvenient, management modelling behaviour that is inconsistent with stated values, history of undisclosed policy violations that were not addressed when discovered, narrative within the organisation that certain rules do not apply in certain circumstances.
The most effective fraud prevention posture addresses all three elements simultaneously: controls that reduce opportunity, monitoring that increases detection probability, and culture-building that makes rationalisation more difficult. Organisations that focus only on controls will find that determined fraudsters simply wait for the moment when the control breaks down.
The Triangle's Limitations
The fraud triangle, valuable as it is, has known limitations. It describes individual fraud committed by people who are under pressure, have opportunity, and can rationalise their actions — but it is less useful for understanding collusive fraud, where multiple participants share both the opportunity and the rationalisation, or for understanding management fraud driven by systemic organisational incentives rather than individual need. The fraud diamond model — which adds capability as a fourth element — and more recent research on organisational fraud provide useful supplements for auditors working in complex fraud risk environments.