Bitcoin has the ability to support non-standard transactions; this has so far been disabled in the official client.
You could for example design a non-standard transaction that must be signed by two people before it makes it into a block.
Then all you have to do is give two trustworthy people in your business a private key each and make sure they keep that key safe.
Using the block chain directly is a much safer option IMO than building another layer of security software on top of Bitcoin. The more complexity, the more potential security holes.
This won't completely solve MemoryDealer's first problem as far as I can see it: the user sends a transaction to a Bitcoin address owned by the company. This is a standard transaction, anyone who manages the wallet can use those bitcoins and send them somewhere.
If you want to use a non-standard transaction to force two people providing their private key, you'd have to resend those bitcoins as soon as you get them (or maybe wait till they got confirmed a bit, to lower fees) to an address owned by you, but with a custom scriptPubKey on the TxOut that checks for two keys instead of the usual one.
Back on the topic:
To solve this, I would make bitcoin run on one computer and keep it locked away: no users are allowed to touch it. Around this I would make a layer that can interact with bitcoin that provides everything the user needs and can log everything happening, like OP suggest.
I don't think scalability will be too much of an issue: this is just a small interface around bitcoin and so shouldn't be too resource intensive.
--
Titeuf