Internal scans can be done by any "qualified" internal security person. PCI does not define what qualified means but I suspect the day will come when they start requiring internal folks to become ISA or PCIP. Your QSA determines whether this is being properly managed, not the council. Yes, much room for interpretation. Welcome to PCI.
External (internet facing) scans must be done by the ASV. The ASV MUST do the scanning but you will have access to the reports. The ASV will also handle documentation for exceptions. The ASV is responsible for the validity of that scan, and their license depends on its accuracy. The customer cannot manage that process but they can certainly work with their ASV for remediation consulting and providing documentation to support requested exceptions. What confuses people is you might have access to manage a hosted scanner in your ASV environment. It's not the same as the ASV console.
ASV certification IS awarded to qualified individuals but only if they work for an ASV company. See https://www.pcisecuritystandards.org/training/asv_training.php
for more info