By the sounds of things, you've got to bring in qualified external testers to prove compliance with some kind of agreement (CHECK / PCI / Etc).
In my experience, those agreements have strict methology that must be followed, and so the external testers will have to conduct the testing in that method to cover themselves, before they do any 'real' testing.
So yes, they'll typically run automated tools (nmap / nessus / etc) to do the low level information finding and low hanging fruit stuff as that's required, and they won't be able to skip this stage.
Once they're through with that, it depends on how good the testers are, and how much time they've been allocated. Typically on a large network the first automated steps take a long period of time, and thus are costly, so management don't want to put in additional funding to find the 'real' issues, so the results of the test are nothing more than you could do yourself internally.
My advice would be to secure funding for the external testing to pass the contractual requirement you've got, and then secure separate additional funding to bring in the 3rd party to target specific security concerns you've got. If you don't know where your weak areas are, you've better off asking for a scenario based penetration test instead, but bare in mind this can get costly.