Improving fraud risk management with an enhanced Fraud Triangle

The Fraud Triangle has long illustrated the core principles of the ACFE’s training in understanding how fraud occurs. Here the authors suggest a revised Fraud Triangle that considers a more detailed look at a fraudster’s personal characteristics in addition to the rationalization component of the original triangle.

The Fraud Triangle has long been a staple of fraud risk management training and practice, earning adjectives like “seminal” and “enduring.” In his July/August 2014 Fraud Magazine article, Iconic Fraud Triangle endures, W. Steve Albrecht, Ph.D., CFE, CPA, CIA, describes the original triangle’s persistently prominent role over time and across various fraud-related settings.

Without question, the Fraud Triangle’s focus on pressure, opportunity and rationalization continues to help anti-fraud professionals understand why fraud occurs and where they need to focus attention when considering fraud cases of all types. In academic circles around the world, teaching and learning the classic Fraud Triangle has become a rite of passage for students in auditing and fraud courses.

The Fraud Triangle also serves as the underlying model used in authoritative standards for external auditors, including Statement on Auditing Standards No. 99, “Consideration of Fraud in a Financial Statement Audit” (AU 316), and International Standard on Auditing 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements.”

The search for something better

Despite the Fraud Triangle’s relevance and popularity, fraud literature indicates that practitioners, policymakers and researchers are searching for a new model that builds on the classic triangle to improve understanding of why fraud occurs. Beyond simple curiosity, this search for a more robust model highlights the limitations of Dr. Donald Cressey’s Fraud Triangle and the potential for improvement in both fraud theory and practice. For example, the group of alternative models has grown over the years to include Wolfe and Hermanson’s Fraud Diamond, Crowe Horwath’s Fraud Pentagon and Albrecht et al.’s Fraud Scale. (See alternative fraud models below.)

Figure 1: The Fraud Diamond, adapted from "The Fraud Diamond: Considering the four elements of fraud," December 2004, by David T. Wolfe and Dana R. Hermanson

Figure 2: "Crowe's Fraud Pentagon," Crowe Horwath LLP, 2011

Figure 3: "The Fraud Scale," adapted from "Deterring Fraud: The Internal Auditor's Perspective," by W. Steve Albrecht, Keith R. Howe and Marshall B. Romney, 1984

The Fraud Diamond

These alternative models are different, yet they all maintain the original Fraud Triangle’s pressure and opportunity components, while changing or amending the original rationalization component to better capture the range of personal characteristics relevant for people who commit fraud.

For example, forensic accountant David T. Wolfe and professor Dana R. Hermanson (both are among this article’s coauthors) introduced the Fraud Diamond in 2004 to further develop a set of individual traits and characteristics (i.e., “capabilities”) needed to commit fraud. (See the paper, “ The Fraud Diamond: Considering the Four Elements of Fraud,” December 2004, by David T. Wolfe and Dana R. Hermanson.)

The Fraud Diamond emerged from Wolfe’s years of fraud examination experience and observations about fraudsters. Though Wolfe often recognized that “the number one cause of fraud is people,” Cressey’s Fraud Triangle includes relatively little focus on the type of person who commits fraud.

Rationalizing wrongdoing remains a critical personal characteristic for fraudsters, so the Fraud Diamond extends thinking beyond rationalization to add a fourth model component — capability — that considers six other individual abilities and traits that are observable. These capability factors include:

1. Having the right organizational position or function to take advantage of fraud opportunities.
2. Having the appropriate expertise to take advantage of fraud opportunities.
3. Having the confidence or ego to take advantage of fraud opportunities.
4. Being able to coerce others to participate in fraudulent activities.
5. Being able to deal with the stress associated with committing fraud.
6. Being a good liar.

Wolfe and Hermanson noted that opportunity represents an open “doorway” to fraud, but “… the person must have the capability to recognize the open doorway as an opportunity and to take advantage of it by walking through.” Accordingly, situational factors like pressure (including financial and nonfinancial incentives) and opportunity (including organizational governance and control weaknesses) affect the likelihood of fraud occurring, while individual capability and rationalization focus on human characteristics and traits that a person needs to act fraudulently in given situations.

The Fraud Pentagon

Similar to the Fraud Diamond, the Crowe Horwath Fraud Pentagon also amends the Fraud Triangle’s focus on individual rationalization. Developed by Jonathan T. Marks, CFE, CPA, then a partner and national leader in Crowe Horwath’s Fraud, Ethics and Anti-Corruption practice, the Fraud Pentagon was introduced in 2009 to recognize that fraudsters also need competence to orchestrate wrongdoing and a requisite level of arrogance (that includes a strong ego and an attitude of superiority, entitlement and/or greed) to commit fraud.

Testing competing fraud models

The variety of conceptual fraud models that appear in literature raises questions about whether it matters which fraud model is used in practice. In other words, do auditors and others make different judgments about fraud risks if they use different fraud models?

In 2015, Doug Boyle, Todd DeZoort (also coauthors of this article) and Hermanson published a paper, The effect of alternative fraud model use on auditors’ fraud risk judgments, in the Journal of Accounting and Public Policy. The authors tested different fraud models to advance knowledge in an area dominated by conceptual thinking and theorizing but limited in empirical testing of fraud models.

The study included 89 auditors in public accounting who either used a practice aid based on Cressey’s Fraud Triangle or a practice aid based on the Wolfe and Hermanson Fraud Diamond when assessing fraud risk at a hypothetical client. Although various fraud models exist, the study tested the Fraud Diamond against the Fraud Triangle because the diamond is an extension of the triangle.

The results of the study indicated that auditors using the Fraud Diamond practice aid produced fraud risk assessments that were higher (i.e., more conservative) than the auditors who used the Fraud Triangle practice aid.

Additionally, in a hypothetical scenario describing a risky CEO (i.e., who aggressively drives employees to meet performance expectations, historically engages in disputes with auditors and has little expertise or interest in financial reporting issues), the auditors using the Fraud Diamond practice aid were especially focused on CEO capability items in developing their assessments of fraud risk.

A revised Fraud Triangle

The Journal of Accounting and Public Policy study also analyzed the auditors’ ratings of specific fraud risk factors in the Fraud Diamond practice aid. This analysis suggests a “revised Fraud Triangle” with pressure, opportunity and a third “capability” component that encompasses the fraudster’s personal characteristics.

The revised Fraud Triangle model (see below) maintains the simplicity of the original model while encouraging more detailed analysis of the personal characteristics needed to perpetrate and manage fraud over time. Although the ability to rationalize fraud remains a critical part of the revised Fraud Triangle, the study suggests that it fits well in a broader capability component that provides a more comprehensive array of fraudster characteristics and includes more readily observable fraudster characteristics and traits (e.g., position/function, expertise, confidence/ego).

Revised Fraud Triangle

Practical applications of the revised Fraud Triangle

We believe these research findings have a number of practical applications that can improve the way we learn and operationalize fraud theory.

From an educational perspective, we see that students and practitioners find the revised Fraud Triangle to be simple, intuitive and relatively comprehensive. Our conversations with students in a variety of classes and research workshops strongly suggest that the revised Fraud Triangle maintains desired model simplicity while encouraging more in-depth analysis of fraudster characteristics (i.e., elements of capability in addition to rationalization).

We find that students believe including rationalization — which is typically the most challenging factor for students to grasp — in a broader capability component is logical and helpful when understanding differences among fraud model components.

Our experience teaching with the revised Fraud Triangle indicates that it helps address questions and confusion about differences among pressure (focused on situational incentives), opportunity (focused on entity characteristics related to governance and internal controls) and the broader capability component (focused on individual traits and characteristics).

From a practice perspective, those responsible for fraud-related governance, risk assessment, prevention, detection and investigation (e.g., the board, audit committee, external and internal auditors, CFEs, management) should carefully consider the broader capability component while fulfilling their fraud risk oversight responsibilities.

Although rationalization remains a critical part of the model, we can find it difficult to observe. Changing to a broader capability component provides a more comprehensive assessment of individual characteristics needed to commit fraud and also includes characteristics like position/function, expertise and confidence/ego that are easier to observe.

Of course, you have to know the people in the organization to focus on a broader capability dimension. Pressures, controls and systems all are important considerations in preventing or detecting fraud, but we suggest that it’s also critical to know and understand the people in place so we can carefully consider capability.

For example, anti-fraud professionals can consider various individual capability dimensions when evaluating allegations of fraud, forming an appropriate response (i.e., investigate, don’t investigate, alert authorities, etc.) and evaluating evidence. Relevant capability questions include:

1. Who has the requisite expertise to commit this fraud?
2. Who has access to the assets, people and/or systems needed to commit the fraud?
3. Who has the ability to rationalize wrongdoing, lie, coerce others and manage the stress associated with the fraud?

A broad set of potential perpetrators with varied backgrounds, positions and expertise can commit some frauds, while others might require a specific individual (or individuals) with specialized knowledge, access or power. Considering various capability factors can help when evaluating allegations of wrongdoing, gathering evidence in an investigation and considering the need for changes in governance and internal controls to manage fraud risk. Considering individual abilities and traits goes well beyond simply trying to assess whether an alleged fraudster might have been able to rationalize a bad act.

As board members and external auditors review fraud risk, considering capability is critically important when assessing C-suite executives and their link to the risk of financial statement fraud. Top executives are in the right position to override controls to take advantage of fraud opportunities. Their authority and power to reward and punish subordinates also provide them with the ability to coerce others. Also, C-suite executives typically have high degrees of confidence that result from their prior success and leadership responsibilities.

C-suite executives also are accustomed to dealing with high levels of stress given their responsibilities. Ultimately, while their capabilities enable them to achieve important leadership roles, such capabilities also are critical in perpetrating fraud. We encourage board members and external auditors to assess top management’s capability.

Moving beyond the Fraud Triangle

Cressey’s Fraud Triangle has long provided anti-fraud professionals with an important framework for considering why fraud occurs. The continuing search for improvement in this area reflects the need and desire to better understand and manage fraud risks. Formal testing of alternative fraud models and the emergence of the revised Fraud Triangle provide an opportunity for anti-fraud professionals to clarify and extend their thinking about the variety of factors that contribute to fraudulent behavior, especially the capability dimension that captures the individual skills and traits needed to exploit opportunities to commit fraud.

Douglas M. Boyle, DBA, CPA, CMA, is the director of the Doctorate in Business Administration Program and chair of the accounting department in the Kania School of Management at The University of Scranton. His email is: douglas.boyle@scranton.edu. 

F. Todd DeZoort, Ph.D., CFE, is Durr-Fillauer Chair in Business Ethics and professor of accounting in the Culverhouse School of Accountancy at The University of Alabama. He was the ACFE’s 2015 Educator of the Year Award recipient. His email address is: tdezoort@cba.ua.edu.

Dana R. Hermanson, Ph.D., is the Dinos Eminent Scholar Chair of Private Enterprise at Kennesaw State University, and director of research of the Corporate Governance Center. His email address is: dhermans@kennesaw.edu.

David T. Wolfe, CPA, CFF, is a manager of investigations in the Office of the Inspector General for The Global Fund in Geneva, Switzerland, and a frequent lecturer on fraud and other topics in his expertise. His email address is: david.wolfe@theglobalfund.org.