How to start a Pen Test Consultancy ?

[<vivek_ece_iitg () yahoo co in>]

Hi All !

I am thinking of starting my own Pen Test consultancy.
Though i can (arguably ;-) ) say that i am quite adept
at penetration testing and ethical hacking, i am not 
aware of a "standardised technique" to conduct an audit.

I would appreciate if someone can give me some pointers
on this. If i break up my earliar question into smaller
ones...i'd like to know the following :

1. What tests to conduct ? 
  what all to check ? servers, routers, switches, applications, social engineering ?? 

2. Time Span ?
  The ideal time span a pen tester should take to 
  conduct an audit ?

3. What if my audit leads to a dos on their website ?
  i.e what are the do's and dont's when conducting
  an audit on a live system ? best practises ? 
  legal stuff ? 

4. Pen test report ? 
   what to include and what not ?

5. Money ;-) ?
   How to determine a monetory equivalent for the 
   pen test conducted ? i.e how to bill the 
   customer ?? etc 

6. If you can think of anything essential i missed
out ....please add !

I know i am almost asking you guys to write an "essay"
but i am sure this will be of help to lots of other 
ppl who would one day like to start something of their 
own.

Thanks in advance ! 

Vivek

Bangalore, India

(flames >> /dev/null)