Executive summary

New Zealand’s shift from prescriptive Temporary Traffic Management (TTM) to a risk-based system reframes governance. Under the Health and Safety at Work Act 2015 (HSWA), PCBUs must eliminate risks, or where that is not reasonably practicable, minimise them so far as is reasonably practicable. Officers must exercise due diligence. Those duties do not change when standards change; however, the way governing bodies assure themselves must change when the prescription is removed. A mature governance approach anchors TTM decisions in ISO-aligned risk processes, clarifies decision rights across overlapping PCBUs, and assures that evidence shows controls achieve the lowest total risk for workers and road users.

This paper translates NZ’s emerging risk-based TTM system into practical governance for boards, executives and senior managers. It explains:

• what “risk-based” means in the TTM context,
• why is the lowest total risk the goal,
• how to structure roles using the Three Lines Model,
• what to require from design and delivery (including decoupling design from subcontracted delivery to remove conflicts),
• how to govern competency, and
• how to run an assurance system that privileges outcomes.

1. Why governance must change when standards change

CoPTTM invited organisations to outsource critical thinking to a rulebook. Removing CoPTTM and adopting the NZ Guide to TTM pushes PCBUs to demonstrate a context-specific risk process that achieves the lowest total risk across all affected parties. This aligns TTM more closely with HSWA section 30 and the General Risk and Workplace Management Regulations.

The governance imperative is simple. Boards cannot rely on a “compliance equals safety” heuristic. They must seek evidence that risk is being understood, evaluated, treated and monitored (in line with a reputable benchmark like ISO 31000) and that decisions are defensible against the HSWA “reasonably practicable” test.

2. What “risk-based TTM” actually means for decision-makers

Risk-based TTM means that every control is chosen because it measurably reduces relevant risks within the site context. It is not a reverse-engineered justification for a generic template, and it is not simply “less cones”. Appetite and tolerance are governance matters after treatment options have been developed to mitigate risks. Practically, the process starts with the work method, road environment and exposure pathways, then iterates solutions until the chosen mix of work method and controls yields the lowest total risk systemically.

The shift is also cognitive. Governance should anticipate and counter normalisation of deviance and overconfidence. High Reliability Organisation research shows that “preoccupation with failure” and collective mindfulness improve resilience. Boards should expect lead indicators that demonstrate learning and adjustment, not only lag indicators or zero-harm rhetoric.

3. The legal and policy frame for governance

• Primary duties and overlapping duties.
  PCBUs owe a primary duty of care and must consult, cooperate and coordinate where duties overlap. This is routine in road corridors where clients, contractors, TTM providers and RCAs share duties. Governance must ensure there is an active mechanism to discharge the “3Cs” across that chain.

• Risk management and review.
  HSWA and GRWM Regulations require elimination or minimisation, plus review of controls. Governing bodies should expect to see planned reviews where TMP changes track changes in risk, not just in scope.

• NZGTTM as enabling guidance.
  NZGTTM sets a risk-based approach and introduces the concept of lowest total risk, practice notes and documentation expectations. It does not remove legal duties, it clarifies how to plan and evidence a risk-based approach (not how to do it – that’s still your job).

4. Governance design: a Three Lines Model tailored to TTM

A practical way to structure governance is to adapt the Institute of Internal Auditors’ Three Lines Model. This clarifies who decides, who supports and who assures.

5. Decision standards for risk-based TTM

Boards should mandate a simple standard for all TTM decisions (the following uses ISO 31000 as a basis):

1. Establish context. Define objectives, interfaces and affected parties for the work.
2. Identify and analyse risk. Use suitable techniques (for example, scenario analysis, bow tie, MCDA for complex trade-offs).
3. Evaluate and select treatments. Demonstrate why each control is included, and that the set achieves lowest total risk. NZGTTM Part 2 gives clear language for this test.
4. Prefer PtD. Change the work method, time or place to remove exposure where practicable. Require explicit documentation of PtD options considered and reasons if rejected.
5. Monitor and review. Pre-starts check assumptions, deviations are recorded with a revised risk rationale, and post-job/project reviews close the loop.

6. Roles and overlapping PCBUs: making the 3Cs real

Councils and RCAs commonly hold dual roles as clients and network guardians, and contractors often rely on subcontracted TTM. Treat consultation, cooperation and coordination as an operational embedded process that is a ritual (embedded habitually). Require multi-party risk reviews at concept, at TMP approval, and at change points. Record who accepts residual risk for which hazards.

A practical device is a live RASCI that names the various parties and their roles/responsibilities across the lifecycle of a particular site/project.

7. Decouple TTM design from subcontracted delivery

Where TTM is outsourced, bundling plan design with delivery embeds a conflict. The party profiting from volume decides the volume. This can inflate cost and therefore may not correlate with safer outcomes (or right-sized TTM). A governance response is to separate design from delivery when using external suppliers, or better, build in-house capability to own design. Require that the TTM designer is unconflicted and that the TMP remains a live document with change control back to the designer.

Contract models should: (i) identify designer and provider as distinct suppliers, (ii) remunerate design by complexity and value-add (and not be offset by on-road costs in order to ‘hide’ the cost of the TMP), and (iii) require assurance reviews that test whether treatments align to risk and minimise disruption consistent with safety.

8. Competency and culture: govern for capability, not tickets

The warrant era illusion of competence is no more. Governance should (and always should have) require a task-based competency framework that covers planners, designers, and site leaders, with assessment in context and supervision that tests decision quality. Sector credentials are maturing and can be aligned to organisational pathways, however ownership of competence rests with the employer PCBU.

Culturally, expect progress to require unlearning. A compliance mindset values rule following, while a risk-based mindset values defensible reasoning, adaptation and leading indicators that show learning. Encourage a healthy scepticism and preoccupation with failure. Expect (and ask) the question “where are we wrong on this?” often.

9. Public trust and efficiency: govern the narrative as well as the site

Public respect is an enabler of right-sized TTM. If road users are coached to distrust TTM, practitioners are likely to respond with stronger engineering to solicit compliance, which can increase footprint and cost. PCBUs and RCAs should make visible that controls are purposeful, proportionate and temporary, and should avoid blunt instruments that undermine trust. Measure and manage driver behaviour as an input, not only an outcome.

10. Assurance that works: from checklist to outcome

A credible assurance system focuses on whether controls reduce risk. It links data on near misses, speeds, incursions and worker exposure to specific controls, then retires controls that do not add value. It triangulates document review, field observation and performance analytics. There are several ways to visualise this, but a slider chart can be a good way to examine the multi-faceted assurance of a system as complex as TTM to ensure that it doesn’t become a binary “good enough / not good enough” type metric.
Boards should ask for independent reviews on high-risk activities, with explicit commentary on residual risk acceptance and the lowest total risk test. Assurance should consider cognitive pitfalls and build signals that surface weak anomalies early.

11. What “good” looks like in practice

Parallaxx’s maturity framework for risk-based TTM describes practical stepping stones across contracts and procurement, roles and 3Cs, competency, good practice, design, physical delivery and assurance. The markers include contractual recognition of NZGTTM, integration of TTM and work methods, live TMPs with change control, and multi-layered assurance that uses outcome data. Use the framework as your governance scorecard.

12. Conclusion

This is not a debate about cones. It is a governance problem about risky work in the road corridor. The shift to risk-based TTM is an opportunity to lead with clarity: to insist that every control we deploy is anchored to an identified risk, that the work itself is designed to remove exposure wherever practicable, and that the measure of success is lowest total risk for workers and road users, evidenced in the way decisions are made and reviewed. The law has always required this standard; the difference now is that there is nowhere left to hide behind a rulebook.

Owning this change is an executive act. It means setting the tone that “compliance equals safety” is no longer an acceptable heuristic, that Prevention through Design is the first question on every job, and that right-sizing TTM is a by-product of a disciplined process. It means making the 3Cs real across overlapping PCBUs, and insisting that TMPs stay live, with clear decision rights when conditions shift. It also means removing conflicts in the supply chain so that the party deciding “how much TTM” is not the party paid to supply it. These are governance choices.

Culture and capability are the hinge. A compliance mindset will keep asking “does this decision follow all the rules”; a risk-based mindset keeps asking “what is the risk pathway and what treatments change it.” That mindset shows up in task-based competence, contextual supervision, and a healthy preoccupation with failure. Tickets or warrants were never proof of competence. Build the capability to reason, to adapt, and to explain why an option is the safest reasonably practicable one. Then test it, often, in the field.

Also, public trust is not a communications nicety. If the public are coached to treat TTM as waste, their behaviour will deteriorate, and practitioners will reach for more intrusive engineering to force compliance. If the public can see purpose, proportion and temporariness, they tend to cooperate, and the footprint can shrink without compromising safety. Governing well means minding the narrative as carefully as the site. Be transparent, make the reasoning visible, and avoid blunt instruments that undermine confidence.

So, what does ‘bringing this to life’ look like from the governance perspective? It looks like asking different questions and refusing superficial answers. Show me the substance not the re-wrapped compliance-based system. Show me the PtD options you tried and why you rejected them. Show me how the chosen mix of work method and controls lowers total risk, not just worker risk or just road user risk. Show me how on-site deviations are decided and evidenced. Show me that design decisions are unconflicted, and that assurance connects controls to outcomes (not a ‘checklist’). These questions change behaviour, because they change what earns approval.

New Zealand can do this properly. We have already seen proofs of concept where disciplined risk-based planning reduced both harm potential and footprint, but the lesson from those trials is that maturity takes patience and method. If you lead the system to own risk, design hazards out first, decide independently of delivery profit, invest in true competence, and assure for outcomes, you will spend exactly the right amount on TTM, keep people safe, and earn public respect. That is the job. Let’s get on with it.