This study aims to show the importance of the presence of an IT specialist within an organization. Small and medium-sized companies increasingly hire cloud solutions, which refer to servers, web hosting, drives, antivirus, etc. In addition, external companies carry out physical and logical computer maintenance once a year. This leads companies to omit a systems specialist since support is external, and it is assumed that activities in the technological area are increasingly less. It is important to demonstrate to senior management the importance of IT Governance in small and medium-sized companies. Given that there is no comprehensive strategic vision regarding the use of IT in the organization, there is a lack of knowledge of IT Governance. The objective of this work is to change the strategic vision of the senior management of an SME organization, helping to identify current problems and opportunities for improvement related to technology. Therefore, a simple technique is proposed for senior management to understand their current risk situation through specific evaluations that help determine the risk assessment in which the organization is located, triggering the need to have an IT specialist.