And I wonder why I get migraines...

Our area is starting to go through an internal IT audit. Ok - cool. We are running into a philosophical and soon to be, political matchoff between our areas and Corp Auditing. Why? Because we have host based IDS on our servers, we picked up on their scans, and now they want us to "lower our shields" so that they can come in and do their job... to do their job. Alright I am at a loss so I needs to tap the more experienced of us out there:

So is auditing "correct" in telling us to disable our IDS on our servers so that can do their job?

If so, why?

Thanks in advance for your insights!