We're running a consistency check on the dpkg status database via check_dpkg (modules/nrpe/files/plugins/check_dpkg). This only checks whether the package status in dpkg is correct, but it doesn't detect situations in which the apt package status is broken (which can e.g. by broken by incomplete dependencies e.g. "The following packages have unmet dependencies (..)"
We should also run "apt-get -s upgrade" to catch such errors, either in a new check or by also testing this in check_dpkg. Strictly speaking those are separate, but also "close enough" to combine them into a single check.