Can you tell me on average how much one would charge to conduct audit, penetration tests and document vulnerabilities for a start-up ?

Assume you have only two front-end end servers and one SQL db server.

Do you normally charge based on IP address/nodes or this has a fixed charge ?
Please advise.