I am going straight out of the MS SQL Server 2008 Training Kit, chapter review for Policy Based Management. Suggested Practice:
"Configure policies to checkthe membership of the sysadmin and db_owner roles".
In this context does this make more sense?