An office for a travel company has the following setup:

1.	20 current PC with Windows XP Professional OS, and 6 additional new
PC to be added.
2.	16 PCs are connected to 3 small switches.
3.	There is a 1-Mb DSL router with wireless facility.
4.	4 PCs are connected to the router wirelessly.
5.	There is no cabinet for the witches and the router, so they look in mess.
6.	They use share folders and printers. When browsing the intranet
wireless PCs are slower that their peers, although the network icon in
the system tray show excellent or very good connectivity and a speed
of 48 Mbps.
7.	They use a web-based application on the internet to request visas
to the customers. The application is hosted on the government
department of immigration.
8.	They?ve got a database application to store records about their
customers. This database is hosted on one of their computers, but can
be accessed and edited from any PC in the intranet with the
application installed.
9.	The email is hosted by the Internet service provider.

The owner of the company does not trust his IT guy, and he doesn?t
want him to control the IT environment, although he does neither have
the password of the web-based application nor is the administrator of
the database application. He wants me to make his environment more
secure and reliable.

I?m thinking of disabling the wireless facility from the network
because it is less secured and arranging the network stuff in a
cabinet or rack. I?m not sure whether I should suggest a firewall for
such a small company. In respect of the IT guy, I don?t see he is
controlling something important.

I?d like you to help me if you have any good idea to do this job. Is
there any other thing I can do?

I am no expert on Networks, but I've picked up a few points.

The DSL router should be configurable to block incoming activity on all ports
- in effect that acts as a Firewall against incoming assaults

http://www.grc.com/x/ne.dll?rh1dkyd2
The above should take you to the Shields Up section of Steve Gibsons's
excellent site, which will test your ports for vulnerability.

I'm not convinced of the value of a Firewall monitoring outgoing
activity, once something has got into your system, it can 'call back
to momma', which is more of a Trojan problem.

Your WiFi LAN needs checking out, if it is not encrypted, then anyone
could be using your Network (a friend of mine uses another company's
for testing - the other company is blissfully  unaware of what is
going on).

Racking and tidying up cabling is always a good idea, cable ties,
gaffer tape, cable wrappers and Dymo labels on both ends of cables can
save a lot of hassle.
There is also a lot to be said for easy access plastic trunking.

An old time IT manager I know, swears by automatic printer switches
rather than shared network printers - they are cheap, simple and easy
to diagnose if they go wrong.

The worst thing is that the owner does not trust the IT guy.
- getting a second opinion is sensible, but active distrust is ... bad news.

In the past, I have persuaded friends/clients not to follow the advice
of their IT 'consultant' - simple solutions like a patch panel strike
me as a lot stabler than an all singing dancing Unix machine. 
Sometimes IT people like to introduce complexity rather than keeping
things simple.

frde-ga, thanks for your comment.
I?ve forgotten to mention that the router have a password for WiFi.
Anyway It would be better to disable it.

Regarding Gibsons's site reload function stuff!

With WiFi, the trick is supposed to be to encrypt the traffic
- however I agree with you, it does not seem necessary
- link like that is handy for lap tops
- but your setup sounds 'fixed'

Gibson's site is a bit hard to navigate, but his Shields Up port
prober is very useful
- he is quite interesting, some reckon he is a genius and others the opposite 
- my view is that his stuff is well worth reading

Good Luck