Paying an expert to come set up a local CA seems rather silly when you'd normally outsource operating one to the people who professionally run a CA
You’d only need internal certificates if someone had set up internal infrastructure. Expecting that person to do a good job means having working certificates be they internal or external.