well what do you plan on proposing? what kind of security? physical? digital? both? social engineering attempts? is this a pen test? or just a "textbook" type audit where in theroy things should be right? are you doing only network equipment or the computers on the network? what type of place are you auditing? the type a business will determine greatly how you submit a proposal.

reguardless you will need to state what you want to do, why you want to do it, and why it will benefit the person you are doing it for. include costs, downtime, risk analysis.

templates for this type of thing are not that good becasue they go on such a case by case basis.