The Fork in the Road

With NZ’s Temporary Traffic Management (TTM) sector embarking on a fundamental transition away from prescriptive rules, the industry must now learn to navigate using a compass guided by risk rather than a map of compliance. The shift is not cosmetic (no matter how relentlessly some are trying to paint it as such). It changes the question from ‘did we follow the rule’ to ‘did we understand and treat the risk’.

This philosophical shift was crystallised for me at a recent NZ Institute of Directors conference, where speaker Bowen Pan offered a powerful distinction: “Compliance stops you from driving off a cliff, but it doesn’t tell you where to drive.”

Pan’s analogy perfectly captures our current challenge. The old system provided guardrails—a defensive mechanism to prevent rule-breaking. The new risk-based paradigm is proactive; it demands that we seek out the best, safest, and most efficient path forward. One mindset is about defending against error; the other is about creating effective outcomes [and TTM].

This paper explores what a ‘risk-based mindset’ truly means. It deconstructs the entrenched compliance-centric thinking that has defined our industry and contrasts it with the proactive, analytical, and accountable mindset now required. A clear grasp of this distinction is fundamental for delivering safer outcomes, restoring public trust, and ensuring the long-term viability of our work on NZ’s road networks.

The Gap We Must Close

A compliance mindset treats standards as the end point. In TTM, this has meant choosing a diagram that ‘best fits’, not because it wholesomely reduces the specific risks present in that context. Under HSWA, that is unsafe logic. Compliance is a floor, not evidence that risks are managed as low as reasonably practicable. WorkSafe NZ guidance reinforces this, stating that organisations must assess site-specific hazards and apply controls that fit the context.

The problem with this old mindset is that it encourages passive acceptance rather than active inquiry. It outsources critical thinking to a rulebook and can lead to a dangerous complacency where a ‘score of zero on an audit’ is mistaken for the absence of risk. 

The NZ Guide to TTM (NZGTTM), demands a documented reasoning process, compelling planners to show why a chosen option achieves the lowest total risk for everyone affected.

Deconstructing the Compliance Mindset

A compliance mindset is characterised by an adherence to rules as an end in itself [1]. The focus is on meeting minimum requirements and following procedures, often without a deep understanding of the principles behind them [2]. Success is measured by the absence of non-compliance: Did we pass the audit? Does our setup match the diagram? This mindset treats safety as a checklist of obligations, which can lead to a culture where the goal is simply to satisfy what you might say are ‘external minimums’ [2].

In the context of NZ’s TTM sector, the CoPTTM became the physical embodiment of this thinking. It allowed organisations to outsource critical thought to a rulebook. A debate on TTM expectations could be won with the simple, conversation-ending statement: “because CoPTTM says so”. This approach created a dangerous illusion of safety. While it provided a standardised baseline, it also bred complacency through a belief that if all the boxes are checked, then everyone must be safe [3].

This culture has had tangible consequences. It has contributed to a bloated, supply-driven industry where control measures are often excessive and unlinked to actual hazards. It has fuelled public and political frustration over “road cone mania”, eroding the very public respect that is essential for TTM to be effective.

Most critically, a rigid adherence to rules can fail to address unique, site-specific hazards. Prosecutions under the Health and Safety at Work Act 2015 (HSWA) have shown that following a code is no defence if genuine risks were ignored. The compliance mindset asks, “Did we follow the rule?” It is reactive and satisfied with meeting the letter of the law. This is the mindset that keeps the car on the road but gives no thought to the journey itself.

Defining the Risk-Based Mindset

A risk-based mindset is proactive and analytical. It is goal-oriented, driven by the objectives of safety and operational success, rather than being driven by external rules [4]. It shifts the central question from “Did we follow the rule?” to “Did we properly understand and address the risk?” This approach is dynamic, compelling practitioners to adjust controls based on changing risk levels, rather than applying a static, one-size-fits-all solution [5].

At its core, a risk-based mindset integrates the effect of uncertainty on objectives (hint: that’s the definition of risk from ISO 31000:2018) into all planning and operations [6], [7]. It moves effort to where consequences and likelihood combine to matter most. For TTM, this means three things. First, the process must begin with the hazards posed by the work and the road environment, rather than with a predefined template. Second, it requires planners to iterate options until the chosen mix of work method and controls yields the lowest total risk across both workers and road users. Third, it requires continuous adaptation as conditions change, utilising ongoing checks and reviews rather than relying on a one-time approval.

A key pillar of this mindset is Prevention through Design (PtD). The safest control is the one you never need because the hazard was designed out. PtD is the most reliable way to reduce harm because it eliminates failure modes upstream by changing the work method, timing, or location to remove exposure to live traffic in the first place [8]-[11].

How the Mindset Changes TTM Practice

Adopting this mindset fundamentally changes decision-making. The criteria for a TTM solution shifts from legality to defensibility. It is not about adherence to a diagram but about demonstrating that the outcome is safe enough, given what is reasonably practicable under HSWA. This requires a focus on new practices.

A critical concept here being the ‘lowest total risk’ idea posed in the NZGTTM. This warns against simply shifting risk from workers to road users or vice versa. A risk-based mindset requires testing whether the overall harm potential has decreased collectively, not just whether a particular risk has been solved while creating another more significant one (hint: this is how we get into trouble by over-engineering TTM).

Success metrics must also evolve, moving from lagging to leading indicators. Instead of counting zero audit failures or incidents, we should measure meaningful proactive activity: pre-work/activity risk reviews that improve a plan, the quality of near-miss reporting, and the number of controls that successfully eliminate exposure [12].

The Human Problem We Must Manage

Cognitive bias and the normalisation of deviance are the hidden enemies of a risk-based system. After repeated success without failure, people begin to accept anomalies and shortcuts as normal. This dynamic contributed to both the Challenger and Columbia disasters, where management accepted evidence of O-ring erosion and foam strikes because previous flights had survived [13]-[16]. The TTM analogue is treating a history of no incidents with a particular methodology (or control measure) as proof that it is safe everywhere.

Adopting a risk-based mindset changes how decisions are made at every level.It must now be about anchoring actions in a deep understanding of risk and consequence.

Decision-making becomes informed by analysis, not prescription. Instead of starting with a CoPTTM diagram, a risk-based process starts with the work methodology and the specific environmental risks.

This mindset also empowers real-time sensemaking and adaptation. In a complex worksite, conditions can change rapidly. A strict compliance culture can discourage individuals from acting outside the ‘approved’ plan, even if they sense something is wrong. A risk-based culture, by contrast, fosters what organisational psychologist Karl Weick called “collective mindfulness”, where teams are continually interpreting ambiguous cues to recognise when a situation is developing toward failure [20]. It empowers a frontline worker to halt a process because it feels unsafe, trusting their professional judgment over the checklist.

Achieving this requires overcoming significant psychological barriers. Humans are prone to cognitive biases that cloud risk judgement. Normalcy bias, the belief that because something has not happened it will not happen, is powerful. It leads to the dangerous mindset of “we have done this 100 times, what could go wrong?” A true risk-based mindset counters this by maintaining what High Reliability Organisations (HROs) refer to as a ‘preoccupation with failure’- a healthy and persistent unease that prevents success from breeding complacency [12]. This is perhaps the hardest cultural work of all – building a collective scepticism that constantly questions assumptions and looks for the faint signals of emerging trouble.

Recommendations for Organisations embarking on their risk-based TTM transition

The shift from compliance to a risk-based mindset is a multi-year cultural transformation, not a simple change of documents (as I keep saying). The journey must be deliberate and honest. My ‘starters for 10’ on actions to enable meaningful change:

1. Invest in genuine competency, not [just] credentials. The old TTM warrant system created an illusion of capability. Under HSWA, the responsibility for ensuring a person is competent for a task rests solely with their employer. Organisations must move beyond tick-box stuff and develop robust internal systems to build, verify, and maintain the deep risk assessment and critical thinking skills required for this new environment. This means defining the specific competencies needed for each role and creating tailored training and development pathways.
2. Reclaim ownership of risk management. For too long, contractors have outsourced safety decisions to the CoPTTM or to TTM subcontractors. This must end. A risk-based mindset requires contractors to own the risk they create. This means bringing risk-thinking in-house and making it central to work planning, rather than an afterthought delegated to a perversely incentivised TTM supplier.
3. Cultivate a culture of questioning and learning. A risk-based mindset cannot survive in a culture of blame. Leaders must actively foster a culture of psychological safety, where employees feel secure enough to report near-misses, question established practices, and admit mistakes without fear of retribution [17]. This means reframing errors as valuable learning opportunities and rewarding the proactive identification of hazards. Leaders must model this behaviour, openly discussing risks and demonstrating a commitment to learning over maintaining a facade of perfection.

The Path Forward

NZ’s transition to a risk-based TTM system is a necessary evolution. It is a response to a system that produced escalating costs and public frustration without a corresponding improvement in safety. However, the new framework is only as good as the people and organisations implementing it. The greatest challenge is not learning new rules, but unlearning old habits of thought.
Compliance kept us legal. A risk-based mindset keeps people alive and enables work to be done. It is an offensive posture. It asks the right questions early, designs hazards out where possible, and adapts fast when conditions change. NZGTTM points to that future. HSWA demands it. Our job now is to build the capability and the culture to make it normal practice.

References

[1] C. Davis, “To make an impact, safety efforts need to move beyond regulation,” Canadian Occupational Safety, 6 May 2025. [Online]. Available: https://www.thesafetymag.com/ca/news/profiles/to-make-an-impact-safety-efforts-need-to-move-beyond-regulation/534700.

[2] J. Robbins, “Is Lab Safety An Ethical Issue?,” Inside Higher Ed, 24 Oct. 2012. [Online]. Available: https://www.insidehighered.com/blogs/sounding-board/lab-safety-ethical-issue.

[3] S. Winstanley, “Compliance Mindset V Value Mindset,” 2020. [Online]. Available: https://www.scribd.com/document/468065580/Compliance-Mindset-V-Value-Mindset.

[4] T. Merktrakarn, “Risk-Based Mindset: The Core of Modern Risk Management,” 2025. [Online]. Available: https://www.brightdefense.com/resources/risk-based-mindset/.

[5] K. Weick and K. Sutcliffe, Managing the Unexpected: Resilient Performance in an Age of Uncertainty. San Francisco, CA: Jossey-Bass, 2011.

[6] ISO, ISO 31000:2018 Risk management — Guidelines.

[7] ISO, “The new ISO 31000 keeps risk management simple,” Feb. 15, 2018. Available: https://www.iso.org.

[8] NIOSH, “Prevention through Design — About,” Jan. 18, 2024. Available: https://www.cdc.gov/niosh/ptd.

[9] NIOSH, Prevention through Design Toolkit for the Construction Industry, DHHS (NIOSH) Publication 2024-124, 2024.

[10] OSHA, “Construction industry resources on design for safety.” [Online]. Available: https://www.osha.gov/prevention-through-design.

[11] CPWR, “Prevention through Design annotated bibliography.” [Online]. Available: https://www.cpwr.com/research/prevention-through-design-annotated-bibliography.

[12] M. J. Gaunt, “Safety Requires a Healthy Preoccupation With Failure,” Pharmacy Times, Jun. 2021. [Online]. Available: https://www.pharmacytimes.com/view/safety-requires-a-healthy-preoccupation-with-failure.

[13] Columbia Accident Investigation Board, Report Volume I, Aug. 2003. [Online]. Available: https://www.nasa.gov/columbia/caib-report.

[14] NASA, “Safety message: Normalisation of deviance and groupthink,” Nov. 3, 2014. [Online]. Available: https://nasa.gov/news/safety-message-normalisation-deviance-groupthink.

[15] Aerossurance, “Challenger launch decision overview,” Jan. 27, 2016. [Online]. Available: https://aerossurance.com/safety-management/challenger-launch-decision-overview/.

[16] U.S. DOE, Archive of CAIB report chapters. [Online]. Available: https://nsarchive2.gwu.edu/NSAEBB/NSAEBB390.

[17] Ethico, “Ethic Fails: Turning Mistakes Into Innovations,” 2023. [Online]. Available: https://ethico.com/ethicsverse-episodes/compliance-best-practices-learning-from-mistakes/.

[18] J. M. Etchegaray et al., “Preoccupation with failure and adherence to shared baselines,” BMJ Open Quality, 2019. [Online]. Available: https://bmjopenquality.bmj.com/content/8/3/e000595.

[19] ThinkReliability, “High Reliability Organizations: five principles overview.” [Online]. Available: https://www.thinkreliability.com/high-reliability-organizations-five-principles.

[20] K. Weick, “The collapse of sensemaking in organisations: The Mann Gulch disaster,” Administrative Science Quarterly, vol. 38, no. 4, pp. 628–652, 1993.