First of all: I don't work in InfoSec
But I do understand a lot business processes and the Information Technology Industry. As mentioned in previous posts Legals would be a big part. I think it would be worth researching compliance (EG/ What businesses are required to do by law). As I do not work in Pen Testing I'm not 100% sure how much they charge and it would depend on a lot of influencing factors including the cost of contractors, location of the client, size of the client, the scope of the client etc.
The more employees the better I would imagine. If you had say 2 employees working directly in pen testing it could take a considerable amount of time to test a large company. This won't be suitable for the big companies. No good discovering flaws when the malicious hackers have found them quicker then yourself! If you had say 10-15 pen testers, then you could do some serious work. You could divide the team into individual areas of the project at hand. It's all in perspective. You need to strike a good balance between clients and their requirements.
Any other questions, just ask.