For one thing, you're incurring one more SHA1 invocation than you need; for another, you're clumsily duplicating HMAC, which has other security features (albeit not hugely practical ones). But the core feature of HMAC is indeed hashing the secret separately from the message.