What is Risk Treatment Plan

Last updated: 2025-08-26

Definition of a Risk Treatment Plan (RTP)

Risk Treatment Plan (RTP) is a simple roadmap for how a company will address each identified risk. For every risk, the plan explains how it will be handled and what follow-up actions or controls need to be put in place. The plan also lists who is responsible, timelines, required resources, and how progress will be tracked. A plan typically includes:

  • Risk treatment strategy describes how the risk will be handled — whether it will be accepted, reduced (mitigated), transferred (e.g., via insurance or contracts), or avoided
  • Planned controls and actions: specific controls or tasks that must be put in place to reduce the identified risks

What a Risk Treatment Plan Should Include

A Risk Treatment Plan (RTP) highlights priority risks and gives a clear summary of each. For every risk, it typically includes:

  • Risk Description: A short summary of the identified risk.
  • Risk Owner: The person or team responsible for managing the risk.
  • Inherent Risk Level: The risk rating before any actions are taken (e.g., Low, Medium, High).
  • Treatment Strategy: The chosen approach: Avoid, Mitigate, Transfer, or Accept.
  • Due Date: The target date to complete the actions.
  • Action Plan (Measures): Specific steps to address the risk and who is accountable for each step.
  • Status: Progress update (e.g., Not Started, In Progress, Completed).
  • Residual Risk Level: The expected risk rating after the actions are completed (if applicable).
  • Notes/Comments: Any additional details or considerations.
what a risk management plan template

How to Create a Risk Treatment Plan in Small and Medium Businesses?

Aptien GRC simplifies the risk monitoring and control process by eliminating the need for tedious document creation. Having everything online saves time and enhances collaboration across your organization, ensuring all risk-related information is available and up-to-date. This enables efficient management of tasks and responsibilities.

  1. Open the Risk Register: Access your risk register within Aptien GRC.
  2. Create or Select a Risk: Create a new risk or select an existing one.
  3. Select "Risk Treatment": In the risk tab, choose the "Risk treatment" option.
  4. Enter Details: Input the risk treatment strategy, deadline, and other relevant information.
  5. Manage Activities: For simpler or one-off measures, manage activities using tasks above the risk.
  6. Handle Complex Measures: For more complex measures, enter or create a detailed measure.
how to create a risk management plan

How to Manage, Monitor and Review Risk Treatment Plan

Aptien GRC streamlines the process of monitoring and reviewing risks by moving away from tedious offline paper documents. As an online risk & task management platform saves time and enhances collaboration across your organization, ensuring that all risk-related information is accessible and up-to-date. This ensures all risk-related information is available online, effectively managing and mitigating risks. Here's how Aptien GRC supports effective risk management:

  • Real-Time Risk and Measures Tracking: Monitor progress of each action item, ensuring deadlines are met and delays addressed.
  • Automated Alerts and Notifications: Send alerts to responsible parties when actions are due or risk status updates occur.
  • Regular Reviews and Updates: Facilitate regular reviews, reassess risks, update strategies, and adjust action plans.
  • Documentation and Audit Trails: Maintain detailed records of actions, changes, and decisions for compliance and audits.
how to manage the tasks in the risk management plan

You manage more complex measures as separate projects

  • you manage more complex measures as separate projects