diff --git a/src/controllers/department.controller.js b/src/controllers/department.controller.js
index 91ce6d0..02de0ad 100644
--- a/src/controllers/department.controller.js
+++ b/src/controllers/department.controller.js
@@ -98,10 +98,12 @@ export const createDepartment = async (req, res, next) => {
     const manager = await prisma.user.findFirst({
       where: {
         id: managerId,
+        organizationId, // this line checks the manager is in the same org
         deletedAt: null,
       },
     });
-    //TODO: Check if the manager belongs to the same organization
+
+    // Check if the manager is already assigned to another department
     if (!manager) {
       return res.status(404).json({
         message: 'Manager not found or does not belong to this organization',
@@ -258,7 +260,7 @@ export const updateDepartment = async (req, res, next) => {
       const userInOrg = await prisma.user.findFirst({
         where: {
           id: userId,
-          departmentId: department.id, // Fixed this line
+          organizationId: department.organizationId, // Fixed this line
           deletedAt: null,
         },
         select: {
diff --git a/src/routes/department.routes.js b/src/routes/department.routes.js
index b2df14f..f140e64 100644
--- a/src/routes/department.routes.js
+++ b/src/routes/department.routes.js
@@ -19,14 +19,14 @@ const router = express.Router();
 
 // Admin, OWNER, or MANAGER can access these
 router.get(
-  '/api/department/all',
+  '/api/departments/all',
   verifyAccessToken,
   verifyManagerPermission,
   getAllDepartments,
 );
 
 router.post(
-  '/api/department/create',
+  '/api/departments/create',
   verifyAccessToken,
   verifyManagerPermission,
   validateCreateDepartment,
@@ -34,14 +34,14 @@ router.post(
 );
 
 router.get(
-  '/api/department/:id',
+  '/api/departments/:id',
   verifyAccessToken,
   verifyManagerPermission,
   getDepartmentById,
 );
 
 router.put(
-  '/api/department/:id',
+  '/api/departments/:id',
   verifyAccessToken,
   verifyManagerPermission,
   validateUpdateDepartment,
@@ -49,16 +49,16 @@ router.put(
 );
 
 router.delete(
-  '/api/department/:id',
+  '/api/departments/:id',
   verifyAccessToken,
   verifyOwnerOrAdmin,
   softDeleteDepartment,
 );
 
 router.patch(
-  '/api/department/:id/restore',
+  '/api/departments/:id/restore',
   verifyAccessToken,
-  verifyOwnerOrAdmin, // Use your existing middleware
+  verifyOwnerOrAdmin,
   restoreDepartment,
 );
 export default router;