If you've got a network large enough that people are bringing in unauthorized machines and leaving them connected to the network, then you should be using NAP rather than auditing DHCP all the time.

One thing that isn't listed here are cloud-based services, people using them at work and moving their files into the cloud without permission is a big security headache that is growing larger. What then happens is they leave the company or can't remember where they put the files or give people access to them that shouldn't have access to them, etc.