1. If your network and devices are all set correctly, then it is a set and go and you will get information of all your devices automatically.  
   any new devices added, if setup correctly and in the correct ranges will auto add
   You will get lots of data back if you want (all routing on routers / switches, windows services, processes, SQL databse information, IIS information, VMWare)
2. The data you are manually adding should be certified and is known to be correct / good / active.   however,... is it ?   Are you sure ?
3. Mainly security.  
   wrong credentials
   security not configured correctly on devices - SNMP ACL or Traps,
   credentials have insufficient rights to Windows - designed or unintentional (devices not attached to a domain, GPO's not applied correctly)
   insufficient rights to SQL / IIS, etc
   Too much data for your requirements
   If you need to scan specific devices, you may need to create own probe
   SNMPv3 is currently not supported (Been told it is in Fuji)
4. Making sure you have all the information as it is a manual process
   Keeping the data upto date - use Data Certification

We use Discovery in our main Datacenters and the Windows / VM information is very good.

Linux for us is not so good as we use Suse and i have not yet writtent anything to discover the devices, but its coverage is limited and the devices are in our CMDB via the VM Scans.

We have performed a scan of all the Network gear globally.   We got good returns of data compared to our monitoring tools, but when checking against a Cisco Managment tool we realised there are various items of kit (mainly switches in local offices, so not under global control) that we are not scanning.   Initial investigations show these are down to SNMP not being configured correctly, or an ACL/Trap set so the Servicenow MID servers cannot scan.   We are addressing

We are just finalising a global Firewall upgrade and the set standard is SNMPv3.   As we are on Calgary this is proving to be fun, but I will soon have something in place to scan all the addresses of our ASA/ISR/ASR's and bring that into Servicenow - even if it is basic.

For Domain Controllers and all local kit in China, we import that via a JDBC link from the relevant LANDesk cores.   Domain controllers are blocked for security reasons and as all our devices have LANDesk, it is easier to import all workstation information from LANDesk that perform a number of scans.

It does take some time and we do have a scheduled job that runs weekly to look at any asset not updated for over 3 months and then mark it as "retired".

These CI's are not visible in any form so cannot be chosen

we have seen an issue in Calgary where some SQL information is not updated, so when we have an SQL server retire, there are BR's set to search any SQL information / IIS info and then mark that retired too.