Vulnerability Assessment:
This is the process deployed to find out the flaws in the target itself.  This is because the organization has already determined the flaws or weaknesses and has to prioritize the issues for fixing.

Penetration Testing:
In this method, the attempt is to find the vulnerability of the target itself. The process is to establish if the security measures the organization has implemented are sufficient to protect it from being hacked and if the system and network are well protected.