Penetration Testing (PT) mainly consists of a VA, but it goes one step further. A penetration-test is the process of actively evaluating the information security measures by simulating an attack by a malicious hacker. The results of the assessment will then be documented in a report, which would be presented at a debriefing session, where corrective strategies can be freely discussed for securing the network.
Vulnerability Assessment (VA) is the process of identifying and quantifying vulnerabilities in a system. A vulnerability assessment is what majority of the companies perform, as the systems being tested are live production systems, and any organization cannot afford to have them disrupted by active exploits, that might even crash the network infrastructure.