A couple, hopefully, simple ideas.
Generate emails intended to lure individuals to a suspicious website designed for your specific engagement. For example, send a link to a sample of people to conduct a satisfaction survey. Use surveymonkey.com or something similar, by setting up an actual survey so you can see if employees actually respond. While this is a legitimate site, employees should know to be suspicious of hyperlinks in emails, particularly if employers have not notified employees of the upcoming survey.
Impersonation of people such as customers or vendors to gain information through telephone conversations with various personnel. For example, from an external phone, call various employees and impersonate a customer and try and obtain confidential information, or say you're a consultant working with IT and need to confirm certain settings on their computer (e.g. systems used, passwords to those systems, step them through finding the software version, service pack, and product ID information for key programs.
Also Google 'social engineering examples' and you'll be amazed at what you find. Have fun and good luck!
_________________________
"Who would have thought that the thing that would save this company would be work. And pancakes." - Michael Scott-The Office