You are an information system auditor of HDA Inc. You are auditing and reviewing an organization's security policy concerning security awareness training for new employees. When evaluating compliance with this policy, which of the following metrics would serve as the most effective indicator?