The fraud triangle is a model commonly used in auditing that aims to explain why an employee decides to commit fraud in the workplace. Auditors often refer to the fraud triangle when they review the risk of fraud in an organization.

Well-known criminologist Donald R. Cressey developed the fraud triangle. The premise is that to combat fraud, it’s not only necessary to realize that it happens but to determine how and why it happens. 

The fraud triangle stems from Cressey’s hypothesis that: “Trusted persons become trust violators when they conceive of themselves as having a financial problem which is non-sharable, are aware this problem can be secretly resolved by violation of the position of financial trust, and are able to apply to their own conduct in that situation verbalizations which enable them to adjust their conceptions of themselves as trusted persons with their conceptions of themselves as users of the entrusted funds or property.”

The three “points” or elements of Donald Cressey’s fraud triangle are pressure, opportunity, and rationalization. All three elements must be present for fraud to occur.

See also

5 Best Practices for Improved Risk Management


An individual can be pressured or motivated to commit fraud because of a personal financial problem, such as a large gambling debt. Sometimes, the pressure originates from problems at work. For example, an individual may be motivated to perpetrate fraud because he feels he has been given unrealistic performance targets.

However, the individual doesn’t believe that he can solve his problems legally or that he can talk to others who might be able to help him. 


The person who plans to commit the fraud uncovers an internal control weakness and doesn’t believe anyone will notice if he takes the money. Any internal control weakness, such as a lack of oversight, offers the fraudster an opportunity to steal. Typically, the fraudster starts by stealing a small amount of money and if he doesn’t get caught, he’ll likely steal even larger amounts.

An organization can reduce the risk of fraud and decrease the opportunity for theft by developing and implementing effective internal controls.


There are two facets of rationalization: 

  • The fraudster must decide that what he’ll gain from his fraudulent activity is more important than the possibility that he might get caught.
  • The fraudster must justify the fraud. For example, the fraudster may think, “The company won’t miss the money” or “The organization doesn’t pay me enough.” The individual may even rationalize the fraud by telling himself that he’ll pay the money back.

Cressey’s fraud triangle is important because it helps an organization determine the motives behind an individual’s decision to commit fraud as well as the opportunities that enabled him to perpetrate the theft. Using the fraud triangle can help a company detect and prevent fraud, in part by implementing more effective internal controls.

Automating GRC: The Next Frontier
in Risk Management