The Fraud Diamond and Other Extended Fraud Models

Donald Cressey's original fraud triangle, formulated from interviews with incarcerated embezzlers in the 1950s, proposed three conditions: a non-shareable financial problem (pressure), a perceived opportunity to resolve it through theft, and a rationalisation that made the act morally acceptable to the perpetrator. The model was influential because it moved fraud explanation away from simple bad character and toward observable situational conditions that could be managed. Auditing standards eventually incorporated the triangle's logic, requiring auditors to assess pressure, opportunity, and rationalisation when evaluating fraud risk.

The triangle's limitation became apparent as researchers examined large, sophisticated frauds. In the Enron, WorldCom, and HealthSouth cases, the perpetrators did not obviously suffer from financial need. The executives involved were well-compensated, yet they directed large-scale misstatements. The triangle offers little predictive power in those scenarios because pressure in the conventional sense is absent. A second limitation is that the triangle treats all individuals facing the same three conditions as equally likely to commit fraud. This is empirically false. Two employees can face identical pressure, identical opportunity, and hold identical rationalisations; one commits fraud, the other does not. The difference lies in personal attributes that the triangle does not capture.

Wolfe and Hermanson identified six specific capability traits that distinguish individuals who are able to execute significant frauds. First, position or function: the person occupies a role with sufficient authority or access to exploit the opportunity. Second, intelligence: the scheme requires planning, often across multiple accounting periods, which demands analytical and organisational ability. Third, confidence and ego: the person must believe they will succeed and that they can conceal the fraud. Fourth, coercion: in some cases, the primary perpetrator involves others by persuading or forcing them to participate. Fifth, effective lying: sustained fraud requires consistent deception across multiple interactions with auditors, colleagues, and supervisors. Sixth, immunity to stress: the psychological ability to maintain the fraud under audit pressure or management scrutiny.

In practice, the capability element changes the focus of fraud risk assessment in two ways. For transaction-based controls, it prompts assessors to ask which roles have the ability to override or circumvent controls, not just which roles have access. For personnel-based assessments, it directs attention to position, authority, and behavioural history rather than simply checking whether segregation of duties exists. A long-serving manager who has accumulated informal authority, knows every gap in the system, and has historically been trusted to resolve discrepancies quietly is a higher capability risk than a junior employee with the same access credentials.

The MICE model emerged from counterintelligence and insider-threat research, where analysts observed that the fraud triangle's single pressure element failed to capture the diverse motivations of individuals who betray organisations. Money, the most familiar motivation, covers both financial need (Cressey's original formulation) and greed: individuals who are not financially distressed but who want more than they earn. In the Galleon Group insider-trading case (US, 2011), the perpetrators were already wealthy; the motivation was competitive ego and the desire to win, not financial survival.

Ideology covers situations where the individual acts on the basis of belief, loyalty, or grievance rather than personal gain. An employee who falsifies expense claims as a form of justice for a denied pay rise, or who leaks confidential information to a competitor out of loyalty to a former colleague, is motivated by ideology. Coercion is distinct: the individual participates in the fraud because they are threatened or blackmailed. They may not benefit financially and may actively wish to stop. Ego describes the fraudster who acts for recognition, to demonstrate superiority, or because they enjoy the challenge. Several high-profile cybercrime and accounting manipulation cases have involved perpetrators whose primary motivation was demonstrating that they could circumvent the system.

Jonathan Marks, building on work by Crowe LLP, proposed the Pentagon model to address a specific gap in the fraud diamond: it still assumes that perpetrators rationalise their conduct. In some high-profile financial-statement fraud cases, there is little evidence that the perpetrators engaged in conventional rationalisation. They did not appear to believe they were doing anything wrong, or they simply did not care. The arrogance element describes individuals who are so confident in their superiority that the normal psychological barrier to fraud, the need to justify it to oneself, is absent or irrelevant.

Arrogance produces observable patterns. These individuals may override governance procedures openly, resist audit access with hostility rather than evasion, claim special circumstances for every exception, or openly express contempt for internal controls as bureaucratic obstacles. The Waste Management accounting scandal and certain aspects of the Worldcom case exhibited these patterns at the senior leadership level. The Pentagon model is not a universal framework; it is most useful for assessing risk at the executive level and for explaining cases where the rationalisation element offers little explanatory power.

A forensic auditor using the Pentagon model as a risk lens looks for a concentration of power without accountability: one executive who controls multiple functions, resists delegation, dismisses internal controls as obstacles, and whose decisions are rarely challenged by the board. These structural and behavioural conditions elevate arrogance risk. They also correlate with the tone-at-the-top failures described in post-scandal governance reforms, including the Sarbanes-Oxley Act (US, 2002) and the UK Corporate Governance Code's independence requirements for boards.

Each extended model generates a set of behavioural indicators that auditors and fraud examiners can observe before a fraud is confirmed. The ACFE Fraud Examiners Manual catalogues over 50 individual red flags drawn from research on confirmed fraud cases. The most frequently observed across studies include: living beyond apparent means (present in approximately 36% of cases in ACFE research), financial difficulties (27%), unusually close relationships with vendors or customers (19%), and an unwillingness to share duties or take leave (10%). These figures describe base rates across all fraud types; the prevalence shifts significantly when the sample is restricted to financial-statement fraud, where authority-based indicators appear with much higher frequency.

The critical limitation of behavioural red flags is that they are not evidence. An employee who lives beyond apparent means may have income sources unknown to the employer, may have received an inheritance, or may have a spouse with a higher income. A manager who refuses to delegate may be a perfectionist with no fraudulent intent. Red flags raise the probability that further investigation is warranted; they do not establish that fraud has occurred. In legal systems that require proof to a standard (beyond reasonable doubt in criminal proceedings in the US, UK, India, Australia, and most common-law jurisdictions; clear and convincing evidence in many civil proceedings), behavioural indicators must be corroborated by documentary and transactional evidence before any conclusions are communicated to decision-makers.

A structured fraud risk assessment that incorporates the diamond, MICE, and Pentagon models proceeds in three steps. First, map opportunities in the environment: which roles have access, which controls are weak or absent, where segregation of duties is incomplete. This is the standard triangle-based analysis and remains the foundation. Second, assess capability indicators by role: which positions carry the authority to override controls, what institutional knowledge is required to exploit each opportunity, and which roles are occupied by individuals with long tenure and accumulated informal authority. Third, assess motivational and attitudinal factors: are there indicators of financial pressure, ideological conflict, ego-based dissatisfaction, or openly dismissive attitudes toward governance?

The output is a risk matrix that combines opportunity, capability, and motivation, producing higher-risk and lower-risk profiles for roles and individuals. This matrix informs the scope of the forensic audit engagement: higher-risk roles attract more intensive transaction testing, more detailed document review, and potentially a structured interview. It also informs the design of internal controls, since a role with high capability risk is a candidate for mandatory dual-approval requirements, mandatory leave, and independent reconciliation.

Audit standards reflect this multi-element approach. The AICPA's AU-C Section 240 (Consideration of Fraud in a Financial Statement Audit) requires auditors to perform a fraud risk assessment considering incentives and pressures, opportunities, and rationalisation. The International Standard on Auditing ISA 240, adopted in most jurisdictions including the EU, India (SA 240), and Australia (ASA 240), contains essentially equivalent requirements. Neither standard explicitly names the fraud diamond or Pentagon model, but the requirement to consider all three original triangle elements is directly compatible with the extended models, and guidance documents from national bodies increasingly reference the capability dimension. For the forensic auditor engaged under a separate mandate, such as an ACFE-style fraud examination, the extended models are already embedded in standard practice through the forensic auditing definition and scope and the engagement standards that govern predication.