After arguing that ERM is a more simple and straightforward undertaking than most people realize, the authors go on to correct what they take to be the ten most common corporate misconceptions that now stand in the way of effective applications of ERM. Among the most important errors of thinking or execution is widespread confusion about concepts like “inherent risk” and “risk appetite,” and an equally common failure to tie such concepts to the firm's overall business and financial strategy. Another common mistake is continued reliance on decentralized risk management practices while failing to achieve an effective corporate-wide purview and controls. In a related failing, the development of highly specialized risk management skill sets without a solid grounding in the firm's strategy and culture is a prescription for trouble. Finally, the widespread view that ERM is simply another category of response to Sarbanes-Oxley reflects a near total misunderstanding of the spirit and aspirations of ERM. Whereas compliance with SOX is mainly a backward-looking exercise, the intent of ERM is to help senior management maximize value. For that reason the shortest, most reliable path to a successful implementation is to get executive management or board-level buy-in, reach agreement on business objectives and risk tolerances, and allocate resources through the business planning process to manage identified risks from all sources that could pose a threat to those objectives.