Jeff,
If I remember some detailed debug logs, it may be that the work is done in order of creation of the policies. I seem to recall the policy numbers were increasing in the log.
I do know that exceptions are processed first and then rules. Both types are evaluated in order of increasing "cost".
I also reall that a particular rule is only evaluated once and the results used by any other policy that has that rule.
JGT