I am going straight out of the MS SQL Server 2008 Training Kit, chapter review for Policy Based Management. Suggested Practice:

"Configure policies to checkthe membership of the sysadmin and db_owner roles".

In this context does this make more sense?