Start with the question: "why do I want to audit the IT department?" (and don't say 'because my quality manual say so...'
If there is really nothing documented on the workings of this department start of with a process map on what the company expects from the department or how the department should work.
- how does a project get started and ended (who initiates, who manages the projects, release criteria etc.)
- what is the flow of events regarding development (user requirements, functional req., design, risk assessments, (in)formal testing, reviews, etc...)
- how do you measure software quality
- what quality controls are/should be in place (coding conventions/standards, design and/or code review, verification and validation etc.)
- Who is qualified for what and how is that managed
- audit on change control / configuration management
Many general items from your QMS also apply to your IT deparment.
Come to think of it... I'm assuming it produces software as a product (or part of).
But your IT dept. could just as well handle the infrastructure of an institute...
So, what type of IT dept are we talking about here?
Also, is not having documented how the dept. should work a flaw of the dept. or the management system supporting it?