JP indeed thats true for most pen test you'd be much better off having a second or third person doing the audit. If you're patching up certain holes, I believe its ok to do your own penetration test by using tools which exploit those holes. One thing that many users will do though, is run the tests from the same box that they're patching up. Correct me if I'm wrong but wouldn't it be much more effective and productive running the tests from a computer outside the network. At least run the test from an outside computer first then check for intrusion from inside the network.