You should still complete those lagging internal audits and gain the detailed information that the external certification audit won't provide on those processes or areas.
It would be quite illogical if the sole purpose of doing internal audits is to ensure you will not have a finding in the external audits. If your boss feels that he can skip these because that finding was made, then likely he does not see any value in internal audits themselves and that would be your first point to clarify with him. He might even be right, as an ISO certification auditor might accept audit reports that are present, and meet the ISO criteria as evidence of audits being conducted in a manner sufficient to meet their requirements. However, these ISO criteria are not based on measuring value to management at all, and thus might completely miss the fact that management does not even really use the outcomes of the internal audits, or only do so to pay lip-service to the ISO certification organization.
How to clarify the value that internal audits can add? That depends on what value management appreciates. One of their possible values is similar to calibrations of equipment.
Internal audits are irregular check-ups on the consistency and control over processes. If your audit finds it is out of the set bounds (procedure) you could state
Then for your current case (missed audits) you could draw the analogy that if you find a calibration that was overdue, you do not wait until when it would have been due again (add 11 months), you catch-up to see whether there were risks.
Sadly this analogy breaks down somewhat as the subjects of internal audits are not as subservient to nature as the subjects of calibrations; going overdue is less clear of a risk as audits do not explicitly declare that a process is good for the next year.
Processes do not drift at any predictable pace like controlled equipment does, but drift is more subject to turn-over of personnel, equipment or organizational changes, management change, etc.. However, often the intervals are set based on the principle 'often enough for (disconnected) expectation of external parties'. These parties likely won't accept the "I did not audit it last year, as they've had good performance the past 3 times and the changes to the influencing factors have been trivial to minor. I spent my auditors' time on more and deeper audits of risk project or process so-and-so due to our new IT system there, and our newly organized team structure there" rationale.