In my opinion the recommendations/suggestions should be the discretion of the person/department to whom the audit is being conducted.
Why have an auditor then? One of the functions of any auditor should be not only to audit for compliance with regulatory requirements, but to ensure that the company is functioning in an efficient and effecitve manner. In order to ensure this, audit recommendations are sometimes made regarding internal controls or even enhancements to the process that might aid the company to function better. In my opinion, this should be the function of the auditor- not the auditee.
If you disagree with a recommendation, talk it over with the auditor - sometimes if the arguement is a good one the auditor will remove the comment from the audit report. If the auditor still feels that the comment is valid, then what we do is leave it up to our Audit Committee's discretion.
Hope this info helps.