As part of my CCE studies, they give you a sample of a "Chain of Custody" form. Maybe you could change it and use it for pen-testing. It's in Word, don't think it has any kind of copyright or anything. If you want I could send it to you for you to look at it.

Here's the info that I find useful:

Risk: H/M/L
Severity: H/M/L
Probability: H/M/L
Remediation effort:H/M/L
Issue: (describe the problem: vulnerability, Host/IP, how it can be exploited
Affected: (identify the affected devices: PIX firewall, PrintServer1, etc.)
Business impact: (like loss of operation services, theft of bandwidth, etc.)
Remediation (How to fix it)

Of course you want an overall summary and a description of the methods used and the IPs/DIDs/etc. that were tested.

The sans site has some basic templates in their reading room if my memory is correct. Also, I like to include a print out from Nessus and then do some pretty graphs with excel. Seems like people like to see a lot of pages with graphs and print outs even if they have no idea of what it means. The key is to include a final page summary that is easier to follow. Put it all in a nice binder and they will feel they got their moneys worth.