A Penetration Test Report will tell you the areas of risk found on the day of and within the test's scope. It should provide suggestions and reference material regarding how to remediate the findings. It should also provide you with some information about the risk, how the vulnerability could be exploited, and what data was discovered.
Once the report has been reviewed, an organization may choose to accept some findings as a risk for various business reasons. For example, it may take six months before some software can be updated to work with a new OS version. New vulnerabilities are identified every day, making regular penetration testing or vulnerability assessments essential to ensure you know your risks.