There isn't a Sarbanes-Oxley for Idiots book, unfortunately, since a lot of S-Ox is still like HIPAA... open for legal interpretation.
Sarbanes-Oxley, in a nutshell, is designed to ensure non-fraudulent financial reporting by publically traded companies. It enforces personal responsibility for the "C-levels" within these companies. In other words, they sign their name saying that the financial report is accurate and hasn't been tampered with. Should it not be, they could face jail time. Along with that, they sign on saying the internal controls designed to produce accurate financial reporting are in place and working. Internal controls hit heavily upon IT. For instance, who has access to the database server where the source data comes from? Controls to prevent unauthorized access must be in place. In addition, auditing mechanisms must be in place. And they must be tested and working.
For organizations outside of "publically traded" status, there are copy cat laws and regulations coming out that apply to all companies, regardless of status. Indiana's language changes to its RFP process is a good example.
K. Brian Kelley