Cyber security training question . Do you guys know the specific processes of doing phishing test

So first I sent out an email to all the users and stuff about how we’re doing a phishing test in the work environment about 100-200 users . . Sent phishing campaign every month of attachment phishing , data entry campaign , etc … gathered the data 📊 people are opening and clicking on the phishing . 100 users sent 37 opened 7 clicked . . Then I made a power point of what to look for in phishing .. and educated users . . Then do I run the phishing test again to see if they have learned from it ? and keep doing phishing test . Should I send phishing test to all new users that onboard ? What should I do with users that keep failing the test ? W