LKKS Logo

Account & Access Management Policy

Effective Date: 2026-06-29

Applies to: All LKKS internal staff with OT Request access

Document owner: LKKS IT Administration

Purpose

This document explains how user accounts, access rights, approval responsibilities, and system activity monitoring are managed within the LKKS OT Request System. It applies to all LKKS internal staff with access to the platform.

1. User Account Administration

User accounts are created and managed only by authorized LKKS IT Administrators. Staff cannot register their own accounts.

  • Accounts are created for new staff when they join.
  • Roles are updated when a staff member's job responsibilities change.
  • Accounts are deactivated when a staff member leaves or no longer needs access.

2. Role Assignment

Access within the OT Request System is determined by the role assigned to each account. Roles are assigned based on approved job responsibilities. Each staff member receives only the access needed to perform their assigned duties.

RolePrimary Responsibility
AdminSystem administration, user management, and audit log access
HREmployee records and system records management; read access to all OT requests
SupervisorCreate, edit, and submit OT requests; manage supporting proof files
ManagerReview, approve, reject, or correct OT requests within their assigned department or approval area
Audit / AccountingCharge code management; edit approved OT records; operational record maintenance

3. Approval Area

Managers can review, approve, reject, or correct OT requests only for the department or area assigned to them.

  • Each manager's approval area is assigned and maintained by LKKS IT Administration.
  • Assignments are reviewed regularly to reflect current business needs.

4. Activity Logging

The OT Request System records important activities to help monitor system usage and maintain accountability:

  • OT request activity — creation, editing, submission, approval, rejection, cancellation, correction, and deletion
  • Proof file activity — upload and deletion of supporting proof files
  • Account and access changes — account creation, deactivation, role changes, and signing staff out of active sessions
  • Sign-in and security events — sign-in attempts, two-factor authentication activity, password changes, and security incident reports

Activity logs cannot be edited or deleted and are available only to authorized staff responsible for reviewing system activity.

5. Access Review

LKKS IT Administration regularly reviews system access to ensure it remains appropriate. Reviews cover:

  • Active accounts and their assigned roles
  • Inactive or dormant accounts
  • Approval area assignments for Managers
  • Administrative privileges

6. Job Responsibilities

6.1 Supervisors

  • Create OT requests for the staff they are responsible for.
  • Edit Draft and Submitted requests before a final decision is made.
  • Upload and delete supporting proof files on Draft and Submitted requests.
  • Submit requests for manager review before the overtime activity takes place, where possible.
  • Cancel their own submitted requests before a decision is made.
  • Monitor the status of requests they have submitted.

6.2 Managers

  • Review OT requests submitted within their assigned approval area.
  • Approve requests that meet requirements, or reject requests that do not, providing a reason.
  • Correct approved requests by changing their status from Approved to Rejected when necessary.
  • All approval actions are recorded in the activity log.

6.3 HR

  • Maintain employee records used for OT calculation and reporting.
  • Maintain departments, agencies, schedules, and other system records.
  • View all OT requests for payroll and operational purposes.

6.4 Audit / Accounting

  • Manage charge codes used to assign OT costs.
  • Edit approved OT records when corrections are needed for payroll accuracy or audit requirements.
  • View all OT requests for audit and reporting purposes.

7. Security Controls

The OT Request System uses the following security measures:

  • Sign-in required — all staff must sign in before using the system
  • Access based on assigned roles — the system checks your permissions before allowing any action
  • Two-factor authentication — required for all accounts
  • Activity logging — all significant actions are recorded with user, timestamp, and event detail
  • Administrative monitoring — activity logs are reviewed by authorized administrators

8. Exceptions

  • Approved requests may be corrected — changed from Approved to Rejected — when necessary for business operations. A documented reason is required.
  • Rejected and cancelled requests cannot be returned to an active status.

9. Contact

For questions about this policy, account creation, role assignments, or access reviews:

LKKS IT Administration

This policy applies to the OT Request System only. It covers how accounts are managed, how access is assigned, and how the system is controlled. It does not apply to other LKKS systems or platforms.