Foreword: This Isn’t About Cones, It’s About Decisions

For years, Temporary Traffic Management (TTM) in New Zealand has been governed by a rulebook. The Code of Practice (CoPTTM) gave us diagrams to follow, and governance was often reduced to a simple, compliance-based question: “Did we follow the rules?”

That era is over.

NZ is replacing prescriptive TTM with a risk-based system. This does not change legal duties, but it does change how officers and leaders gain confidence that work in the road corridor is planned and delivered to achieve the lowest total risk.

Under NZ’s Health and Safety at Work Act 2015 (HSWA), Persons Conducting a Business or Undertaking (PCBUs) must eliminate risks or, if elimination is not reasonably practicable, minimise them so far as is reasonably practicable. Officers must exercise due diligence. In a prescriptive era, leaders often equated compliance with safety. That shortcut is woefully incomplete. NZGTTM expects decisions to be based on the specific risks associated with the activity and location, and for controls to be chosen because they reduce the total risk for workers and road users. The public expects the same, and they expect disruption and cost to be justified.

This guide is written for governors and senior managers who want practical direction. It explains what to ask for, what good looks like, and how to check that decisions align with the organisation’s risk appetite. It also addresses incentives and commercial models, because how an organisation pays influences how people behave. The aim is simple: Use exactly the right amount of TTM by making better decisions about the work and the controls.

This guide provides the mechanism to achieve better safety while also unlocking efficiency, reducing cost, and rebuilding public trust.

A standard, outdated governance question was: “Is our TTM system compliant?”

A more appropriate governance question is: “How are we demonstrating that our TTM system manages risk?”

This guide is structured to provide a framework for asking the right questions, setting the right strategy, and obtaining the right assurance. It moves from the foundations to the principles and behaviours, providing practical, tangible actions surrounding Temporary Traffic Management (TTM).

A ‘starter for ten’ – some simple actions

You can separarate this first section as a stand-alone quick start guide.

We understand this guide is long, so if time is not on your side and you want the ‘quick version’ here are a series of ‘starters for ten’ to activate this guidance in lieu of digesting the full document end-to-end.

Five potential questions for your next Board meeting

Disclaimer: the following questions are examples only but give a flavour of the types of TTM-specific questions directors can be asking. These questions would change based on the organisational configuration and relationship to TTM.

A simple “what good looks like” checklist

Use this to gauge the organisation’s current state and to pick a starting step. It mirrors the seven domains used in NZTA’s ‘what does good look like’ framework.

[1] Controls that were considered, but ultimately not used (i.e. for not being ‘reasonably practicable’) are recorded. This is an excellent way to demonstrate the process of decision making, especially in line with the hierarchy of controls, is working.

[2] This refers to designing out the risk as part of the work methodology configuration. Preventing TTM risk by it not materialising in the first place through good work design is a form of elimination and should be recorded.

Example Officer prompts related to TTM

Leveraging the Institute of Directors (IoD) Health and Safety Governance Guidance 5C’s:

Getting started: a 90-day setup plan

If you’re not sure where to start – the following basic 90-day plan actions can give you somewhere to begin.

About this guide

Scope

• Risk-based governance of temporary traffic management across concept, design, approval, delivery, change, and review.
• The organisational levers Boards and executives control: roles and decision rights, appetite statements, procurement and incentives, competence, and assurance.
• What to measure and how to learn.

This is not a technical manual for TTM, nor does it contain detailed procurement templates or contractual material. This is a governance guide of how to make appropriate decisions in those domains.

Icons and panels used throughout

To help readers digest important information relevant for them, the following icons represent key themes through this guide

Important terminology and language

• Lowest total risk means the chosen mix of work method and controls reduces net risk across workers and road users more than any other reasonably practicable option.
• ALARP (or SFARP) refers to the HSWA standard of managing risk so far as is reasonably practicable.
• The 3Cs are the HSWA duties to consult, cooperate and coordinate where duties overlap.
• Prevention through Design (PtD) is the discipline of changing the work so the hazard is removed, or people are no longer exposed to it. In TTM this means starting with the job, not the cones.
  • Typical PtD moves include: alter the method to avoid live traffic exposure, shift time to low demand windows, relocate off the carriageway, prefabricate or pre-assemble off site, use trenchless or remote techniques, sequence for short, complete closures instead of prolonged shoulder work, and design physical separations that remove the need for lower-order controls. Only after feasible PtD options have been tried and recorded should the team rely on administrative controls and signage.

Governance positions adopted in this guide

A powerful guide for governance of Health and Safety in New Zealand is published by the Institute of Directors (NZ) (IoD). This TTM-specific governance guide draws from several of the principles and guidance provided by the IoD and you will see those references throughout this document.

The following more specific philosophical positions are taken across this document as a basis for guidance:

• Compliance is not a proxy for safety. Boards need evidence that decisions are reasoned from risk, not from templates.
• [Risk] appetite guides acceptance after treatment. Appetite is not a substitute for treatment.
• Separate TTM design from supply where TTM is subcontracted. If not separated, install strong conflict controls and verify them.
• Incentives matter. Contracts must pay for outcomes that match value and objectives.
• Competence is owned by the employer PCBU. Credentials and courses are inputs, not evidence of competence in context.
• Assurance must check effectiveness. Reports should help officers understand whether the conditions for safe work exist and are maintained, as advised in IoD guidance.

Part A: Duties, decisions, and the end of “compliance” as a defence

The end of “compliance” as a defence

HSWA has always set the duty: PCBUs must eliminate risks, or if elimination is not reasonably practicable, minimise them so far as is reasonably practicable.

Officers must exercise due diligence.

CoPTTM fostered a belief adherence to that standard meant the duty was met. That belief was never safe. It shifted attention away from site-specific risk and from the Officer’s personal obligation to be satisfied the organisation has the right knowledge, systems, resources, information flows, and verification in place.

The Institute of Directors’ material is unambiguous: officers are expected to build knowledge, understand operations and the risk profile, ensure resources and systems, ensure information reaches the top and is acted on, and verify effectiveness through personal due diligence. Those six areas should be treated as the backbone of TTM governance and reporting.

Regarding TTM, boards should not be asking “are we compliant”. They need to see evidence that thinking across the organisation is occurring that links the hazards of the work and place to the chosen configuration, and why that configuration gives the lowest total risk for workers and road users.

What risk-based TTM means for governance

Risk-based TTM is not a code word for using fewer cones. It means using the right controls for the risks that actually exist. Every sign, barrier, cone, temporary speed limit and attenuator truck must be purpose-tied to a risk pathway.

Confidence that the organisation has done what is reasonably practicable comes from the quality of the process, not the thickness of the plan: hazards identified, Prevention through Design exhausted, feasible options compared, reasons recorded, and a simple plan for how decisions will be reviewed when conditions change. 

There is a sweet spot.

• Too little treatment leaves risk above ALARP and will not stand up to scrutiny and may result in harm.
• Too much treatment adds unnecessary worker exposure for installation and removal, driver confusion, and disruption that does not reduce net risk (and adds waste and cost).

The job of governance is to insist the team finds and demonstrates that sweet spot can be found systemically through good processes and capability across the organisation and supply chain.

The central governance challenge: balancing competing objectives

Absolute safety is not available. Every job carries residual risk after treatment. Each day, the organisation accepts a level of residual risk to achieve project progress and keep the network functioning. Pretending otherwise pushes decisions underground.

Good governance makes the trade-off deliberate. It requires the organistion to state what residual risk remains, why further reduction is not reasonably practicable, and how that acceptance lines up with the organisation’s risk appetite. That is the difference between unspoken compromise and a defensible decision grounded in appetite that has been translated into clear, management-level choices.

Every roadwork site is a three-way trade-off:

1. Safety: Lowering exposure and crash severity risk to ALARP.
2. Project achievement: Finishing the work so the asset delivers value.
3. Network utility: Keeping the network functioning for people and freight.

A full closure during the day may be best for safety and programme yet poor for the network. The Officer’s role is not to instruct the preferred option, but to set the strategy and appetite that guide those trade-offs and to require transparent reasoning when objectives clash.

Risk appetite is the tool that declares how much project or network pain the organisation will accept to meet safety outcomes.

What a sound TTM decision looks like

A decision that would withstand scrutiny has four features:

This is consistent with IoD’s call for reports that help officers understand whether the conditions for safe work exist, whether critical controls are effective, and how the organisation learns when reality differs from plan.

What the Board should expect to see

Boards should not be fed data that says little about whether work can be done safely. They should ask for concise information that matches IoD expectations and supports decisions: a short narrative of the risk reasoning for high-complexity activity, field verification of a small set of critical controls, what changed after assurance, and the unresolved uncertainties that need further checking.

Directors should complement this reporting with personal verification, such as site visits, to see how work is actually done and validate that reality matches the paperwork.

Expect a plain record of any residual risk the organisation is accepting and why that acceptance aligns with its established appetite.

Part B. The Governance Architecture: Roles and Responsibilities

A Governance Model for TTM Decisions

To govern the risk-based approach defined in Part A, organisations must establish a clear architecture for making, challenging, and verifying TTM decisions. In a risk-based world, the quality of outcomes rests on the quality of decisions. Governance fails when decision rights are blurred or accountability is vague.

The Board’s role is to approve this architecture. The “Three Lines Model,” common in risk management, is one way to structure accountability.

• First Line: Management (Owns the Risk) This is the project or operational management team (e.g., the Prime Contractor). They are responsible for executing the work and own the TTM decision. They must balance the three competing objectives (Safety, Project Achievement, Network Utility) and select the final, lowest-total-risk approach.
• Second Line: Risk & Support (Sets the Framework) This is the organisation’s internal specialist function (e.g., H&S team, TTM Principal, Risk Manager). They support the First Line by providing the tools, standards, and competent advice. Crucially, they also challenge the First Line’s decisions, ensuring the risk process was followed and appetite was applied correctly.
• Third Line: Assurance (Provides Verification) This is the independent assurance function (e.g., internal audit, independent reviewers). They verify that the entire system (Lines 1 and 2) is working effectively. They report directly to the Board or a committee, providing an objective view on whether critical controls are effective in practice.

Decision Rights When Conditions Change

A TTM plan is a hypothesis. It will be wrong the moment it hits the road. Weather, traffic, or on-site discoveries will require change. The governance model must define decision rights for when the plan deviates from reality.

• Who can make on-site adjustments?
• What triggers a formal “stop and redesign”?
• What is the live feedback loop back to the TTM designer?

Governing Competence: Owning the PCBU Duty

Relying on “tickets” or “warrants” (as has historically been the case) as the sole evidence of competence is not a defensible governance position. The legal duty under HSWA rests with the PCBU to ensure its people are competent for the specific tasks they perform, in the context of the work.

The Board’s role is to seek assurance that a robust competence system exists, one that the organisation owns and controls.

• Competence vs. Credentials. Credentials (like warrants or courses) are an input to competence, not proof of it.
• Competence in Context. True competence is the verified ability to apply skill and knowledge to make sound risk-based decisions in the field, not just in a classroom.
• Governing Roles. Governance should focus on assurance for the critical decision-making roles—such as the TTM designer, the reviewer, the on-site leader, and the auditor.

Part C. The Decision Framework: Appetite, PtD, and Assurance

Setting and Using Risk Appetite

A common governance failure is to misuse risk appetite. It is not an excuse to skip reasonably practicable controls. Its correct function is to guide the acceptance of residual risk—the risk that remains after all reasonably practicable steps to eliminate or minimise have been taken.

In TTM, this is critical for guiding management on how to transparently and consistently balance the three competing objectives (Safety, Project Achievement, and Network Utility) introduced in Part A.

A high-level corporate statement is insufficient. The appetite statements must translate to practical application and be supported by clear direction that project teams can use to make defensible decisions.

The ALARP Test: A Defensible Decision Process

For Officers to gain confidence and meet due diligence duties, they need to rely on a repeatable, robust process. This is the definitive test to ensure a decision is defensible and that the ALARP standard was met.

One method of assurance is this 6-step process for all TTM activities:

1. Prevention through Design (PtD) is recorded. All feasible options to eliminate or substitute the hazard (e.g., change of work method, time, or location) were identified and evaluated first. The reasons for rejecting them are documented.
2. Site-specific risk analysis. The specific risk pathways for this site and this work were analysed, moving beyond generic templates.
3. Options analysis. The selected mix of controls was demonstrably shown to achieve the lowest total risk compared to other feasible options.
4. Residual risk is named. The remaining risks (after all controls are applied) are explicitly stated, and accountability for accepting them is assigned. These are demonstrably below the level of acceptable risk identified through the operationalisation of the Board’s risk appetite.
5. Field deviations are logged. A live process exists to capture changes in the field (where work-as-done differs from work-as-imagined) and to feed this back to the designer for a revised risk assessment.
6. Post-work review. A learning loop exists to confirm whether an alternative approach would have been reasonably practicable in hindsight, with lessons fed into future designs.

Part D. The Enablers: Commercials, Contracts, and Reporting

The First Commercial Guardrail: Decouple Design from Delivery

How an organisation pays for TTM is a powerful driver of behaviour. Governance of TTM risk is incomplete without governance of its commercial incentives.

A fundamental conflict of interest exists when the party paid by the volume of TTM is also the party deciding the volume of TTM. This model financially incentivises waste and “cone mania,” not risk management.

Note: This does not include where TTM is self-performed within an organisation. The conflict of interest materialises where a sub-contractor is commissioned to decide themselves on the quantity of TTM, and subsequently profit from inflamed volume.

As a governor, the Officer must set the guardrail that this conflict not be tolerated or will be managed with suitable prejudice.

Incentives That Drive the Right Behaviour

Current models often fail because of misaligned incentives:

• Contractors may be incentivised to minimise their direct costs, which may lead to corner-cutting or, conversely, to maximising volume on a schedule of rates.
• RCAs are often sensitive to managing political disruption (e.g., public complaints), which may lead to sub-optimal decisions like prolonged night works to avoid shorter daytime closures, or an aversion to closing roads.
• The public bears the external costs of delay, which are rarely priced into the decision.

Officers must set commercial guardrails that require management to align these incentives with the organisation’s [and it’s stakeholders] total objectives.

Potential instruments for contracts and alliances:

Several of the following mechanisms are used in jurisdictions globally to align incentives with optimal TTM performance aligned with overall objectives:

• Lane Rental. A charge is applied to the project for the time it occupies the road, pricing the “Network Utility” and creating a powerful incentive to finish faster.
• Gain Share. A formal mechanism to share the financial benefits of verified reductions in user delay, TTM costs (from PtD), or residual harm.
• Safety Performance Incentives. Bonuses tied to meaningful lead or outcome indicators (e.g., verified control effectiveness, PtD innovations), not just paperwork or lag indicators (e.g., LTIFR).
• Integrated Payment Structures. TTM costs are fully integrated with the work method and paid as part of the total project, not as a separate provisional sum. This encourages the contractor to use PtD to reduce the total

Contracting Chain Oversight

TTM almost always involves multiple PCBUs. The legal duty to Consult, Cooperate, and Coordinate (the 3Cs) are therefore not optional. Good governance ensures these duties are explicitly defined in procurement processes and contracts.

• Procurement. Evaluation should be structured to score a supplier’s capability to deliver risk-based TTM, not just their price.
• Contracts. Contract models should explicitly separate design from delivery (as per Section 7) and require the provision of risk-based evidence (like the “TTM Design Rationale”) as a condition of payment.
• Data. Contracts should specify requirements for data sharing on performance, including near-misses, on-site modifications and adaptions, and control effectiveness.

Part E. Assurance and Verification: Governing the “Check”

The Officer’s duty of due diligence requires them to verify that resources and systems are in place and are effective.

Moving Assurance from Presence to Effectiveness

A persistent failure of TTM governance is assurance that checks for presence, not effectiveness.

• Old Assurance: “Is the TTM plan on site? Do the cones match the diagram?”
• New Assurance: “Is the TTM plan effective at managing the actual risks? Is the decision process that created it defensible?”

The Board’s role is not to conduct assurance, but to approve an assurance strategy that asks the right questions. This plan must be risk-based, focusing resources on critical controls and high-impact activities, not just a random sample.

Effective assurance must triangulate information from three sources to be creditworthy:

• Documentation. Reviewing the process that was used to arrive at the chosen TTM controls.
• Field Observation. Assessing “work-as-done” and actual road user behaviour.
• Feedback Loop Data. Analysing the perpetual integration of lessons from successes and failures for continuous improvement.

The Officer’s Personal Assurance: Using the 5Cs

Beyond the formal assurance plan, Officers have a personal duty to be curious and apply their own judgement. The IoD’s 5Cs framework provides a practical model for this.

Part F. Learning and Continuous Improvement

Governing the “Act” Loop: Learning from Work

A governance system that only “checks” but never “acts” is incomplete. The final part of the Officer’s duty is to ensure the organisation learns and improves. This means creating a formal loop from the field back to the design, competence, and commercial systems.

A significant risk in any operation is the gap between “work-as-imagined” (the plan) and “work-as-done” (the reality). A good governance system is obsessed with finding this gap.

Creating a Systemic Learning Loop

Learning is not an accident; it is a process that must be governed. The Board’s role is to ensure this process is resourced and effective.

Part G. Conclusion: The Officer’s Role in Practice

The Six Due Diligence Questions for TTM

The Health and Safety at Work Act 2015 and the IoD guidance provide six key areas for Officer due diligence. This guide has provided the TTM-specific framework to answer them.

An Officer who can confidently answer these six questions is more likely to be exercising their duty of due diligence.

1. Do I acquire and update my knowledge of TTM matters?
   (See Part B, Section 4: Governing Competence)

2. Do I understand the operations and risk profile of our TTM?
   (See Part A: Core Concepts; Part C: The ALARP Test)

3. Do I ensure the organisation has the right resources and systems?
   (See Part D: Commercials & Incentives; Part B: Governance Architecture)

4. Do I ensure we have information flows for hazards, incidents, and risks?
   (See Part F: Learning Loop; Part D: Measures That Matter)

5. Do I ensure the organisation has processes to comply with its duties?
   (See Part C: The ALARP Test; Part B: The 3Cs/RASCI)

6. Do I verify that these resources and systems are effective?
   (See Part E: Assurance and Verification)

A Continuous Governance Cycle

This guide began with a 90-day setup plan. That plan is not a “one-off” task but the beginning of a continuous cycle of governance. The Board’s ongoing role is to:

• Set Expectations. Part B: Architecture; Part C: Appetite; Part D: Commercials.
• Ensure Capability. Part B: Competence.
• Verify Effectiveness. Part E: Assurance; Part D: Measures.
• Drive Learning. Part F: Learning Loop.

The shift from compliance to risk-based TTM is not a new rulebook; it is a new way of thinking. It moves accountability from a set of diagrams to the quality of an organisation’s decisions.

For Officers, this is a shift. It demands courage to stop accepting “compliance” as an answer. It requires curiosity to ask “why” and “how do you know?” And it requires a focus on building a resilient system where competent people, guided by clear incentives, can make defensible decisions. That is the core of good TTM governance.

Appendices and Tools

Appendix A: Cyclical Governance Agenda Topics

This provides key topics for the Board (or its relevant committee) to sequence on its forward agenda. This ensures all aspects of Officer due diligence are covered over a 12- to 18-month cycle, anchored to the IoD’s “what you need” (Foundations) and “what you do” (Principles) framework.

Foundational Reviews (Annual Cycle)

Verification & Learning (12-18 Month Cycle)

Appendix B: Officer Self-Assessment Tool (Adapted from IoD)

This tool adapts the IoD’s individual review questions to provide a specific TTM governance lens. It is intended to help Officers assess their own behaviours and identify gaps in their due diligence practice against the 5Cs.

TTM Governance Self-Assessment Questions

Appendix C: Procurement and Contract Principles

This appendix provides the core principles Officers should expect to see in management’s procurement documents and evaluation criteria, as introduced in Part D.

Appendix D: Example Templates

These examples illustrate the type of information and frameworks appropriate for board-level governance. They are summaries that should be fed by more detailed operational processes.

Example 1: Strategic TTM Governance RASCI

This high-level RASCI clarifies accountability between the Board and its executive team. It defines who is accountable for the system of TTM governance, which is separate from the project-level RASCIs management uses.

Example 2: TTM Decision Paper (Governor’s Summary)

This is an example of a one-page summary for the board or a committee, requested for a TTM decision with significant strategic, financial, or reputational implications. It focuses on the trade-offs and justification, not the operational details.

Project: State Highway X – Bridge Deck Replacement

Decision: Select TTM methodology for 12-week main works programme.

Objectives in Tension:

• Safety: Risk of vehicle incursion into a large, static worksite.
• Project Achievement: Requires 12 weeks of uninterrupted work.
• Network Utility: SHX is a critical freight route with no viable detour (< 50km).

Prevention through Design (PtD) Options Considered:

1. Full Closure (12 weeks). Rejected. Disproportionate network and economic impact (est. >$30M). Not reasonably practicable.
2. Prefabrication Off-site. Partially Adopted. Reduces on-site time from 20 weeks to 12.

Table 1: Basic options table (example only)

Recommendation & Rationale (Lowest Total Risk)

• Option C: Single-Lane w/ Signals + Barriers. This option is recommended as it demonstrably achieves the lowest total risk.
• It provides the highest level of safety (Good) by using positive protection (barriers) to eliminate the critical risk of vehicle incursion.
• Crucially, it also delivers the best project outcome (Excellent) by creating a full, separated lane for the work area. This significantly improves project efficiency, safety, and work quality, avoiding the constraints of Option B.
• The Medium network delay from signal queuing is considered an acceptable and manageable trade-off for the significant, verifiable gains in both worker safety and project efficiency..

Residual Risks Accepted by Management

• Medium network delay and queuing during peak flows (to be managed with signal phasing).
• Risks associated with the installation and removal of the barrier and signal systems (to be managed via a specific, short-term plan, e.g., night closure).

Appendix E: Assurance Pack

This appendix provides some tools for Officers or Senior Managers to lean into the assurance process (Part E).

Audit Guide: Key Questions for Outcome-Focused Reviews

This guide helps Officers/senior managers set the expectation for their assurance function (internal or external).