If this is a baseline for "very bad" penetration testing, it makes me think I could start up an "almost competent" low-end penetration-testing business just by blindly following a checklist found on the internet, as long as I used a checklist for the right operating system and proof-read the final report.
There are many, many niches where you could do well by downloading free software from the internet, reading free literature/guides/checklists from the internet, applying a tiny amount of common sense and competency, and then offering related services in exchange for money.
That so many companies manage to screw this up so badly, and still stay in business, indicates that all you need to succeed is some business acumen, the basest level of technical competency, and a little luck! :)
