Social engineering audits are important to see if it has worked, and routinely do white hatting to see if employees fall for your attacks.
Social engineering auditing, what do you want to do, do you want to test their vulnerabilities of emails, websites, or what they are doing free devices what to do to define the goal first.
If everything is perfect, then that’s fine, don’t feel like you’ve come out empty handed, it means that a good job has been done.
You have identified almost no vulnerabilities then it’ll be fine, but make sure to report whatever you find
This additionally links back to proactive as you’re still trying to avoid a security incident that could possibly happen in the future, and ensuring the security you implemented is working as intended.