I used to work for a pentest company and everytime we engage with a customer, we discover a lot of problems and security issues which we document and submit to the customer.
We discover after a while that another company gets a contract 10x our price fixing the issues we discovered
Assuming the company is voluntarily hiring them, and not being required by a contract or law that needs an independent 3rd party for auditing purposes, it seems like the pentesting company would do an even better job on the inspection if they had a good chance of getting repair work down the line for every issue they found.
If they make up a bunch of minor things that don't matter, you can ignore those and focus on the important ones. I suppose if you don't have any in-house expertise at all to evaluate what they say, the conflict would be more important?
It's simply bad practice to have the people that are involved in the 'checking' making money or being involved in the 'fixing' in any way shape or form.
You'll see this in almost every situation that is somehow related to auditing.
We discover after a while that another company gets a contract 10x our price fixing the issues we discovered