If it’s their own intranet and to be accessed from corporate machines it’s no different to using a public CA. Internally-signed certificates are ‘proper’ certificates within a managed environment.
Managed desktops can be configured to recognise additional root certificates with little effort, it’s commonplace on many networks and may already be the case in his environment. Both Windows and Mac OS Server contain all of the tools to deliver effective PKI.
For some unknown reason, you’re assuming that @punitkrjain won’t deploy a CA cert and that users would ever see the SSL warning and criticising him based upon that assumption. How is that helpful?
Of course the moment that a non-corp device signs on to that network it all falls over, but that’s no reason to badger or scaremonger that the org will fail, particularly when you’ve not bothered to ascertain the facts.