precautions before conducting a penetration test


what can be the harms that may come to an organisation if they do not take appropriate precautions before conducting a penetration test and what would be the negative impacts that could occur? According to me, The key here is use virtualization. This is a main precaution that allows safe handling (isolation) of systems that could otherwise be exploited and leveraged as jump points into an organization infrastructure.