1. ERC20 includes a few functions that enable a user to transfer on behalf of someone else. You can allocate the tokens using the approve function and transfers can be carried out using the transferFrom function.
2. Use a nested mapping to track allocations. Use the first key to denote the actual owner of the tokens and use the second key to store the address that has permission to spend those tokens. Use the final value to store the amount allocated. Create a mapping that follows this structure:

mapping (address => mapping (address => uint256)) internal allowed;

3. Use the approve function to set allowance for each address. It accepts a spender address and a value to allocate. On successful allocation, the function should return a boolean value indicating success:

function approve(address _spender, uint256 _value) public
    returns (bool) { }

4. Save the allocation directly to the mapping with msg.value and the spender address as keys:

allowed[msg.sender][_spender] = _value;

5. Emit an event called Approval to log each allocation process:

// Event declaration
event Approval();

// Raise the event
emit Approval(msg.sender, _spender, _value);

6. To check the approved amount for each account, the ERC20 standard includes a read-only function. Create a function called allowance and set it to accept an approver and a spender address. It should return a unit that represents the allowed amount:

function allowance(address _owner, address _spender) public view 
    returns (uint256) { 
    return allowed[_owner][_spender]; 
}

7. Create a transferFrom function to perform any actual transfer. Its workings are mostly similar to the transfer function but it transfers the balance from another account and includes an additional allowed mapping.
8. Include an initial validation check to ensure that enough token transfers are approved by the origin account. This is in addition to the null address check and balance check that already exist in the regular transfer function:

require(_to != address(0)); 
require(_value <= balances[_from]); 
require(_value <= allowed[_from][msg.sender]);

9. For each transfer, reduce the amount transferred from the allowed token transfers. It will ensure that the spender is not spending more token than is initially allowed:

allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);

10. Deduct the balance from the source account and then add it to the target account to ensure the token transfer occurs:

balances[_from] = balances[_from].sub(_value); 
balances[_to] = balances[_to].add(_value);

11. Emit the Transfer event with the required details and return a Boolean value indicating the successful completion of the process. It is similar to the regular transfer function:

emit Transfer(_from, _to, _value); 
return true;

12. The combined contract is given here. It includes approval and transferFrom functions to allocate and spend tokens:

pragma solidity ^0.4.23;

import "./math/SafeMath.sol"

contract ERC20 {

    mapping (address => mapping (address => uint256)) 
        internal allowed;

   /**
    * @dev Transfer tokens from one address to another
    * @param _from address Address which you want to send 
    * tokens from
    * @param _to address Address which you want to transfer to
    * @param _value uint256 Amount of tokens to be transferred
    */
    function transferFrom(address _from, address _to, 
        uint256 _value)
        public returns (bool) {
        require(_to != address(0));
        require(_value <= balances[_from]);
        require(_value <= allowed[_from][msg.sender]);

        balances[_from] = balances[_from].sub(_value);
        balances[_to] = balances[_to].add(_value);
        allowed[_from][msg.sender] = 
            allowed[_from][msg.sender].sub(_value);
        emit Transfer(_from, _to, _value);
        return true;
    }

   /**
    * @dev Approve the passed address to spend the passed 
    * tokens on behalf of msg.sender.
    * @param _spender The address which will spend the funds.
    * @param _value The amount of tokens to be spent.
    */
   function approve(address _spender, uint256 _value) public 
        returns (bool) {
        allowed[msg.sender][_spender] = _value;
        emit Approval(msg.sender, _spender, _value);
        return true;
   }

   /**
    * @dev Function to check the amount of tokens that an 
    * owner allowed to a spender.
    * @param _owner address The address which owns the funds.
    * @param _spender address The address which will spend 
    * the funds.
    * @return A uint256 specifying the amount of tokens still 
    * available for the spender.
    */
    function allowance(address _owner, address _spender)
        public view returns (uint256) {
        return allowed[_owner][_spender];
    }
}