I am interested in the windows server security communities view on the benefits of having a 3rd party security audit performed every quarter. If, for example, we already run a set of vulnerability scanners such as nessus openVAS etc against our windows server estate / domains, and fix issues as we find them, what additional benefits / reason is there to pay a significant fee to get in an external audit firm to replicate the same process? Is the independance factor or anything else? Is the independance factor really that important?

Nessus and openVAS are all great products. It comes down to managing risk. For critical infrastructure, especially those that house PII, it may make sense to get a 3rd party to perform a security audit. Just to get another set of eyes and ensure nothing gets overlooked. I can't recall off the top of my head but I remember some regulation (PCI, etc.) is now requiring 3rd party audits. Paul