What is the reason one hires an independent CPA to check your financial books?
Unfortunately even where employees are trustworthy and capable, it makes sense to periodically review their work.
Even the PCI Security Standards Council has the following as "Testing Procedures"
6.1.b Interview responsible personnel and observe processes to verify that:
New security vulnerabilities are identified.
A risk ranking is assigned to vulnerabilities that includes identification of all “high” risk and “critical” vulnerabilities.
Processes to identify new security vulnerabilities include using reputable outside sources for security vulnerability information.
Are you really performing this function with internal personnel? Can you ensure that it is done with accuracy and efficiency over the long term?
For an independent review to occur by definition it must be "Independent"
That is why we have developed a basic Alpha Security scan to give information to the IT department and management so they can run more efficiently and with higher security.