The Fraud Triangle: Pressure, Opportunity, and Rationalisation

Donald Cressey conducted his research at Joliet and Terre Haute federal penitentiaries between 1949 and 1951. He interviewed 133 men convicted of embezzlement or other occupational theft, trying to identify conditions common to all cases. His method was inductive: he started with candidate hypotheses, tested each against the interview data, and revised until he found a formulation that fit every case without exception.

The formulation he arrived at, published in Other People's Money (1953), described trust violators as individuals who held a position of financial trust, faced a problem they defined as non-shareable, had knowledge that the problem could be solved secretly by violating that trust, and applied to their own conduct a verbalisation that enabled them to adjust their conception of themselves as trusted persons. The phrase 'verbalisation' is Cressey's term for rationalisation: the internal narrative that bridges the gap between the person's self-image as honest and the act they are about to commit.

The term 'fraud triangle' was not Cressey's own; it was coined later, most prominently by fraud examiner and educator Steve Albrecht in the 1970s and 1980s, who gave Cressey's three conditions their triangular visual representation. The triangular framing made the model accessible to practitioners and helped embed it in professional training curricula, including those of the ACFE, CIMA, and ICAI.

Pressure, as Cressey defined it, does not mean any financial stress. It means a problem that the individual perceives as impossible or deeply dangerous to disclose. Gambling debts, personal debts accumulated secretly, addiction expenses, or a business failure hidden from family all qualify. A straightforward financial setback that can be openly discussed and managed through normal channels does not.

Auditors and fraud examiners look for observable indicators of pressure during fieldwork. These include lifestyle changes inconsistent with salary, evidence of personal financial distress such as wage garnishments or bankruptcy filings in public records, unusual performance pressure where sales or profitability targets appear unachievable through legitimate means, and interpersonal stress indicators documented in HR records. In financial statement fraud cases, the pressure often sits at the organisational level rather than the individual level: a company facing debt covenant violations or analyst earnings expectations creates pressure that management experiences as institutional.

The ACFE's Report to the Nations, published biannually, consistently shows that the most common individual pressure categories in detected frauds are living beyond means, financial difficulties, and unusually close association with vendors or customers. These categories have remained stable across the editions published since 2002, covering data from thousands of cases across multiple jurisdictions including the United States, the United Kingdom, India, and sub-Saharan Africa.

Opportunity is the element most directly within the control of management and auditors. An employee can experience extreme financial pressure and construct elaborate rationalisations, but without access to the asset and a plausible concealment path, no fraud occurs. This makes opportunity the primary target of internal control design.

The core opportunity conditions are access to the asset, control over the records relating to that asset, and a weak or absent independent review. Segregation of duties is the most powerful single control against opportunity: separating the functions of authorisation, custody, and recording means that committing a fraud requires overcoming at least two independent control points. Where a single employee authorises a transaction, holds custody of the asset, and records the journal entry, opportunity is close to complete.

Concealment is equally important. Many frauds that are technically feasible are not attempted because the perpetrator cannot identify a way to hide the act long enough to extract value. Auditors assess concealment opportunity by asking: could this transaction be processed without creating a visible audit trail? Could a discrepancy be plausibly attributed to error rather than theft? Could records be altered after the fact without triggering a system alert? The more questions that receive affirmative answers, the higher the opportunity score.

Rationalisation is the element that distinguishes occupational fraud from opportunistic theft by someone with no prior moral commitment to honesty. Most occupational fraudsters think of themselves as honest people before the fraud begins. The rationalisation is the cognitive mechanism that allows them to maintain that self-image while acting dishonestly. Cressey found this element in every single case he studied.

Common rationalisations documented across the research literature include: 'I am only borrowing the money and will pay it back', 'the organisation owes me for unpaid overtime or unrecognised contributions', 'my salary is below market and this is correcting an injustice', 'the organisation is doing something wrong itself and does not deserve my honesty', and 'the amounts are too small for anyone to notice or care'. The 'borrowing' rationalisation is particularly significant because it allows perpetrators to maintain an extended fraud: as long as they intend to repay, they do not have to define themselves as thieves.

Rationalisation is the hardest element to observe directly, but it is not invisible. An organisation with a culture of minor ethical violations, where expenses are routinely inflated, where personal use of company assets is tacitly accepted, or where management sets aside stated policies when convenient, creates an environment in which rationalisation is easier to construct and sustain. This is why anti-fraud programmes include tone-at-the-top messaging, ethics hotlines, and consistent enforcement of the code of conduct: they erode the plausibility of common rationalisations.

Audit standards in multiple jurisdictions require auditors to consider fraud risk explicitly. The International Standard on Auditing ISA 240 requires auditors to assess the risks of material misstatement due to fraud, maintain professional scepticism, and evaluate whether identified risks are addressed by the audit response. The US Public Company Accounting Oversight Board's AS 2401 (formerly SAS 99) similarly requires a fraud risk assessment that considers the fraud triangle elements. The Institute of Chartered Accountants of India's SA 240 mirrors ISA 240 in its fraud triangle framing.

In practice, a fraud risk assessment structured around the fraud triangle proceeds in three steps. First, the auditor identifies pressure indicators through interviews with management and staff, review of HR records and performance reports, and analytical procedures that flag unusual financial results. Second, the auditor maps the control environment to assess opportunity: where are the segregation of duties gaps, who has unchecked access to which systems, and how are journal entries reviewed? Third, the auditor assesses the cultural and organisational signals that would make rationalisation easier or harder: is the ethics policy enforced, are there whistleblower complaints, does management set an example of compliance?

The fraud triangle also informs the engagement planning stage of a forensic audit. When a forensic auditor is brought in following a referral, identifying which triangle element triggered the scheme guides the scope of evidence gathering. A scheme driven primarily by opportunity calls for a detailed control gap analysis. A scheme that persisted despite adequate controls suggests strong rationalisation and may call for interview techniques focused on surfacing the internal narrative. Understanding which element dominated also helps the organisation design a proportionate remediation response.

The ACFE fraud tree provides a classification of specific scheme types that maps well onto opportunity analysis: asset misappropriation schemes require direct access to assets; corruption schemes require a position in the procurement or contracting process; financial statement fraud requires access to the accounting records and the authority to influence them. Mapping scheme classifications to opportunity gaps is a practical application of the fraud triangle in fieldwork.

The fraud triangle has been influential for seven decades, but it has documented weaknesses. The most significant is sampling bias: Cressey's entire dataset consisted of convicted solo offenders. Collusion, where two or more employees share the fraud or one provides cover for the other, undermines the rationalisation element because the moral burden is distributed. A conspirator who did not initiate the scheme may participate without constructing a personal rationalisation at all, simply following a trusted colleague.

A second critique is that the model assumes a pressure-first causal sequence: the person faces a problem, perceives opportunity as a solution, and then constructs a rationalisation. Some fraudsters, particularly those operating in cultures where corruption is normalised, act opportunistically in the absence of prior pressure. The opportunity triggers the act, and the rationalisation follows rather than precedes it. The MICE model, which replaces pressure with motivation and expands it to include ideology, coercion, and ego-driven drivers alongside financial need, attempts to capture this broader range.

Wolfe and Hermanson's fraud diamond (2004) added capability as a fourth element to account for the observation that many employees face all three triangle conditions but do not commit fraud because they lack the technical skill, system access, or the psychological confidence to execute and sustain the scheme. High-value financial statement frauds, in particular, require knowledge of accounting standards, access to the general ledger, and often the authority to override controls, a combination that significantly limits the pool of capable perpetrators. The fraud diamond and these extended models are examined in depth in the related fraud diamond and extended models topic.