You need to careful with some terms, otherwise things get a little confusing. Because I'm an old guy, my mental model is paper records in a four draw filing cabinet.
I have a draw full of records, but I don't know how many. I not going take them all out and count them. What is more important, I don't need to know how many records there are. The sampling plan doesn't depend on it.
Before taking the sample, decide in advance on the confidence level (95% or 99%) and the upper bound on the error rate. QSIT says, "Select the table based upon how sure you want to be about what is observed. For example, if you are reviewing Device History Records of a life supporting device, you may choose to use Table 2 (99% Confidence). You may choose to use Table 1 (95% Confidence) for the review of Device History Records regarding a device with lower risk."
The common method is pull the samples using the sampling plan in the "0 out of column". Knowing the sample size, select the records at random. (This is called a simple random sample in which each record has equal opportunity to be in the sample.) Classify each record in the sample as either conforming or non-conforming. If a record has one error it counts as one non-conforming record. If a record has five errors, it counts as one nonconforming record.
If you find zero nonconforming records in the sample, then you make a statement about all of the records in the draw, such as "95% confident that the error rate of the records is under 20%". You making a statistical statement about all of the records in the drawer, even the one that were not in the sample.
So, to answer your first question, the total number of records doesn't enter into the calculation.
In your second question you have a sample size from the table of 11, but only 10 records total. Review all 10 records and classify them. In this case, you are doing 100% inspection, so you know the error rate. You don't have to use statistical techniques to estimate it. There is no confidence, you have exact knowledge.
You are exactly right that ISO 19011:2011 allows for both judgment samples and statistical samples. They are both tools in your auditing tool box. Internal quality auditors tend to use judgement samples while external financial auditors tend to use statistical samples, especially in financial control situations. They want a bound on the error rate.
You say, "I don't think the auditors will like my answer of "well, 3 sounded like a good number". I do a lot of auditing for clients, and that is exactly what I say. I commonly use a judgment sample of 3 and, in some rare case go up to five. I can usually make a judgement on the process with only a few records.
Since neither ISO 13485:2016 nor any of the country regulations require statistical sampling for audits, your external auditors are making up rules. Challenge them. Why pay good money for bad auditing!
------------------------------
Dan O'Leary
Swanzey NH
United States
------------------------------
Original Message:
Sent: 18-Jan-2018 09:34
From: Rene' Hardee
Subject: 95% confidence level for sampling
Thanks for your help!
I feel like the QSIT Binomial Staged Sampling Plans in Appendix B of the GHTF Guidance Doc are missing information; namely the total number of records/samples. Are these numbers calculated out of 200 total samples? 500 samples? 1000 samples? The minimum umber in Table 1 is 11, but what if I only have 10 records total? How many do I check then to have 95% confidence?
ISO 19011Section B.3.2 says I can used Judgement Based sampling, but even then, I feel I need a good explanation on why I chose the number of samples that I did. I don't think the auditors will like my answer of "well, 3 sounded like a good number" LOL!
------------------------------
Rene' Hardee
Sr. Regulatory Affairs Specialist
Sun Nuclear Corporation
Melbourne FL
United States
Original Message:
Sent: 17-Jan-2018 07:18
From: Dan O'Leary
Subject: 95% confidence level for sampling
I forgot that I could add a file to a response, so I've attached the GHTF guidance document I mentioned.
Remember that MDSAP does not add any requirements. Instead, provides a coordinated framework to audit the requirements that already exist.
------------------------------
Dan O'Leary
Swanzey NH
United States
Original Message:
Sent: 16-Jan-2018 16:55
From: Dan O'Leary
Subject: 95% confidence level for sampling
First, your external auditors are wrong! Ask them where the requirement is and how they would cite it in a non-conformance report. Such a requirement does not exist.
Sampling records in a quality audit is an interesting problem. There are two approaches.
In a convenience sample, a competent auditor uses judgement to pick samples and "get a feel" for the process. Convenience samples tend to be small, typically 3 to 10 records.
In a statistical sample, the competent auditor determines an upper bound on the error rate. Each record is classified as conforming or nonconforming and the sampling plans use the binomial distribution. The result is a statement such as, "we are 95% confident that the error rate is less than 5%". This approach comes from financial auditing in which the auditor is determining the effectiveness of the financial controls.
There is an MDSAP document that discusses sample sizes, but I can't seem to locate it at the moment. It refers to GHTF/SG4/N30R20:2006 Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers – Part 2: Regulatory Auditing Strategy.
Appendix 1 has two tables that "may be used in determining appropriate statistical sample sizes". One has a confidence of 95% and the other has a confidence of 99%. For example, if you want to be 95% confident that the error rate in the process is less than 5%, then use Table 1 row F. A sample size of 72 with no nonconforming records provides the statement "we are 95% confident that the error rate is less than 5%".
These are the same table used in the QSIT.
There is a technical reason why these tables use the wrong approach, but it is not worth the explanation.
------------------------------
Dan O'Leary
Swanzey NH
United States
Original Message:
Sent: 16-Jan-2018 15:55
From: Rene' Hardee
Subject: 95% confidence level for sampling
Our external auditors told us that for MDSAP compliance, we need to have a 95% confidence level for all incidents of sampling. Can someone either walk me through or point me to a source on how to estimate the minimum number of internal audit records I need to request in order to have a 95% confidence level of an effective internal audit process? Thanks!
------------------------------
Rene' Hardee
Sr. Regulatory Affairs Specialist
Sun Nuclear Corporation
Melbourne FL
United States
------------------------------