An audit team discovers a significant control weakness related to customer data protection. However, the audit's scope was primarily focused on financial transaction controls. What should the audit team do regarding the control weakness that falls outside the audit's scope?