When I did code dilligence, I just add it to a list of possible risks... or areas we'd like deeper investigation. Usually go back over it in follow up.