I don't understand why people act like this is a new way of working. Hundreds of ISO certifications require independent audit. Functionally this can be done in many ways, like source code access by human reviewers, or static scanning with signed results. What's important is not who looks, be it PwC, Deloitte, or industry peers. It's important whats being looked for, and what standards are being followed.