1 – In the RAT, presumably I do not list risks that are already mitigated?
When performing Risk Assessment and Treatment you need to include every risk you understand as relevant, even if there are controls already implemented to treat them.
If you already have controls implemented, you should consider their effects on the risk value, so that your risk assessment table reflects the current situation of your environment. The existing controls should be included in the "Existing Controls" column in your Risk Assessment Table template.
By the way, included in the toolkit you bought you have access to a video tutorial that can help you fill the risk assessment and risk treatment tables.
These articles will provide you a further explanation about risk assessment: