Abstract Information Technology (IT) governance in small and medium-sized businesses is a subject that still requires more effort. Many of the studies that deal with this subject refer to large companies. IT governance structures, originally developed for the context of large enterprises such as COBIT, ISO/IEC 35800 or ITIL, when applied to the context of small and medium enterprises, lead to undesirable results and failures in the deployment process. The objective of this work was to perform a systematic mapping on IT governance in small and medium enterprises between 2007 and 2017. Systematic mapping studies are useful for categorizing and summarizing the existing information concerning a research question in an unbiased manner. Thus, from an initial set of 63 papers, a total of 17 research papers were selected for the mapping study. The results obtained allowed us to reach conclusions concerning the state-of-the-art of IT governance mechanisms, theories applied in the context and the consequences of IT governance. From the results of this study it was possible to perceive the low use of relational mechanisms of IT governance in the studied context, the constant need to adapt frameworks such as COBIT and ITIL, so that they can adapt to the reality of SMEs, the wide variety of theoretical approaches and the importance, for SMEs, of the concept of IT value for the business.