Penetration test authorizations/release statements

["Don Kendrick" <don () netspys com>]

I've been called upon to do some indepth penetration testing at our site as
a preamble to some outside audit . To do it right, I would really like to
have some sort of authorization or release statement from the
bosses....knowing how short one's memory can be if it's not in writing.

Does anyone know any links or have any suggestions on the wording of such
statements?

Thanks,

Don