Sarbane-Oxley Act is a fundamental act that focuses on regulating corporate behaviour to protect financial audit records.
For the nitty gritty of Sarbane-Oxley Act: http://www.soxlaw.com
There are three key sections for IT Security; it is section 302, 404 and 802
For section 302, it is about corporate responsibility for financial reports. It is key to certify the validity of the financial reports using set controls.
For section 404, it is about management assessment of Internal Controls. It is the responsibility of the executive/auditor to confirm the effectiveness of the internal audits
For section 802, it is about implementing criminal penalties for altering documents. This section mandates the protection and retention of financial audit records.
As i would look at it, it works in sync with a set regulation of internal controls, which might stem from a NIST/ISO standard or government regulatory notions, and this act works as a policer to keep /maintain financial records securely.