Troubleshooting MOSS Excel Services synchronization job event log errors

On a production server we kept getting the following event log error 6483 every minute:

Application synchronization failed for Microsoft.Office.Excel.Server.ExcelServerSharedWebService.
Reason: System policies must have Full Control.
Techinal Support Details:
Microsoft.SharePoint.SPException: System policies must have Full Control.
at Microsoft.SharePoint.Administration.SPPolicy.SPPolicyRoleBindingCollection.AddById(Guid id)
at Microsoft.SharePoint.Administration.SPPolicy.SPPolicyRoleBindingCollection.Add(SPPolicyRole policyRole)
at Microsoft.Office.Server.Administration.SharedResourceProvider.EnsureWebApplicationPolicy(SPWebApplication webApplication, String userName)
at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeWebApplicationPolicies()
at Microsoft.Office.Excel.Server.ExcelServerSharedWebApplication.Synchronize()
at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeApplications(SharedComponentSecurity sharedApplicationSecurity)

It took me a long time to debug the error as it was alone and I could not figure out what the text System Policies Must Have Full Control meant. Finally I stumbled across another newsgroup posting that suggested it might have to do with the Web Application Policy settings. When I changed those the errors in the event log stopped.

What I Changed:
I went into Central Administration and under the Application Management tab I clicked on the Policy for Web Application link under the Application Security section. Then for each of my web applications I checked to see if any account had the Account Operates as System checkbox selected. (Which I did for one account on each web application) Once I unchecked that box for that account on each web application the error ceased.

Confession:
I checked that box thinking that the account in question (which was a farm admin account) would somehow benefit from it but I did not really understand what it did. The verbage provided on the page is not very helpful it seems only to indicate that the account's name (display name?) information won't be registered in logs, permissions & etc but instead it will appear as a system action. Anyway I guess this qualifies as one of those don't use a setting if you don't understand how it works situations.

So I have another question to take with me to the SharePoint Conference in March to get a better understanding of what that checkbox does and when to use it or not use it.