Sales audit

Answer: The following are general steps you should go through for an internal audit, with comments regarding specificities about sales process:
- Know the processes: perform a documentation review of the ISMS and sales processes so you can become acquainted with them and identify earlier if there are non conformities or opportunities for improvement in the documentation regarding the standard
- Prepare a checklist: while performing the documentation review, create a list of things you should look for during the process audit. For example, if the documentation mention a certain policy or record, create items in your checklist to look for that record and to ask the people about their understanding about the mentioned policy. Another critical source is the Statement of Applicability (SoA) and the Risk Treatment Plan. You should look for them to identify which risks and controls are implemen ted for the sales procedure, and use this information to verify if the controls are implemented properly.
- Take notes (a lot of them): do not trust only your memory (you certainly will forget something), so take notes of people you talk to, records you saw and situations you observed. All this will help you write you audit report.
- Write non-conformities that will help: once identified, you should make sure a non conformity is written in a way people from sales department can understand them, or else they will become only another source of problems. So be sure your non conformity statement includes the situation that was observed, the reference to the procedure, standard clause or any other requirement that was not fulfilled, and the evidence you used to confirm the non conformity (e.g., the absence of a record, a review minute, etc.).

Regarding specifically the sales department, you should consider the security of customer's information and the fulfilment of contractual clauses.

This article will provide you further explanation about internal audit:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/