I was hoping to attend a location and see if employees allow me into protected areas and if I am able to perform actions (such as take a computer, get access to the server room, put in a USB etc) to prove that employees need more cyber security awareness training.
When in doubt, refer to NIST. They have a special publication (SP 800-12) that might help you out. That said, the nature of testing physical security is very site-specific, as is the degree to which management or even a board may be OK with this. Personally, I wouldn't test it. I would demonstrate it as part of a security awareness program and make certain points of emphasis. There are a whole host of issues that could arise, not the least of which is your own safety or the inherent risk that someone calls the cops. The mantra that was passed on to me once was "Test systems; teach people." As effective as a test against people may seem, it can trigger embarrassment or paranoia and any number of negative or counterproductive human responses. Showing people how to defeat a lock, clone a card system, etc. is neat, but saying "hey the front desk person just let me walk right in," could trigger some distracting negatives.