Encryption does not protect against malicious alterations. If you encrypt some data with a stream cipher like RC4 or AES-CTR, then an attacker can decide to flip any bit he wants on the ciphertext, and, upon decryption, this flips the corresponding bit in the plaintext. This allows surgical modifications. With block ciphers in CBC mode, things are a bit less surgical, but still contained enough to allow the attacker to do a lot of nifty things (with CBC and a block cipher with 16-byte blocks, if the attacker flips one bit, then this scrambles the corresponding block and flips the corresponding bit in the next block).
So you need checked integrity as well as encryption. Some modes of encryption for block ciphers, such as EAX, combine encryption and an integrity check. Otherwise, a stand-alone MAC can do the trick (but combining encryption and a MAC properly is not a totally obvious task so you are encouraged to use modes where all the hard specification work has been done, i.e. EAX).
Some people use the term "signature" for a MAC; it is an improper but widespread usage. A MAC, and a fortiori mere unprotected encryption, do not provide non-repudiation. Non-repudiation is about having a proof which can be used against the signer; conceivably, something which could convince a third party like a judge. A computation which uses a shared secret between sender and receiver cannot be a convincing proof, because, by definition, both sender and receiver know it (and the dispute is between the sender and the receiver). Non-repudiation is a complex notion with legal ramifications, but, at the very least, the computer part must use true digital signatures computed over the data which is not to be repudiated (and not only over a shared key).
Side-note: for the same reasons, SSL does not provide non-repudiation, even when a client-side certificate is used. If a SSL server records all about a SSL connection from a client, and the client is authenticated with a certificate, then the server may have a proof that a given client really came by, but the server cannot prove anything to a third party about what the client sent in the SSL tunnel. This is actually a legally challenging issue when it comes to online banking.