PricewaterhouseCoopers Independent Audit Report to Hitwise

Scope

We have audited the assertions made by the Management of Hitwise Pty Ltd (Management) which are contained in the Management assertion letter dated 6 August 2007 (refer below) in relation to the Competitive Intelligence Services (Web-ranking processes) for the period 1 May 2006 to 31 July 2007.

Management is responsible for maintaining an effective internal control structure including control procedures relating to the integrity of the Web-ranking processes. We have conducted an independent audit in order to express an opinion on the assertions made by Hitwise Pty Ltd

Our audit was conducted in accordance with AUS 810 "Special Purpose Reports on the Effectiveness on Control Procedures" and accordingly included such tests and procedures as we considered necessary in the circumstances. These procedures have been undertaken to form an opinion whether in all material respects, the control procedures in relation to the Web-ranking process were adequately designed and operated effectively in order to support our opinion on the assertions contained in the Management assertion letter dated 6 August 2007.

This report has been prepared solely for Hitwise in respect to its Competitive Intelligence Services (Web-ranking processes). We do not accept any responsibility to Hitwise for any consequences of its reliance on this report for any other purpose. Although we have agreed that this report may be displayed on the Hitwise web site (Hitwise), we note that Australian Auditing Standard AUS 810 is not designed for public reporting and, accordingly, we do not accept any responsibility for any consequences of reliance on this report by anyone other than Hitwise for any purpose whatsoever.

Inherent limitations

Because of the inherent limitations in any internal control structure, it is possible that fraud, error, or non compliance with laws and regulations may occur and not be detected.

Further the internal control structure, within which the internal control procedures that have been audited to operate, has not been audited and no opinion is expressed as to its effectiveness.

An audit is not designed to detect all weaknesses in control procedures as it is not performed continuously throughout the period and the tests performed on the control procedures are on a sample basis.

Any projection of the evaluation of the control procedures to future periods is subject to the risk that procedures may become inadequate because of changes in conditions, or that the degree of compliance with them may deteriorate.

Findings

As part of this audit we have also reported to Management on particular facts and findings in relation to control weakness identified surrounding the Web-ranking processes. The identified control weaknesses were not of a significant nature that would warrant the issuance of a qualified audit opinion.

Audit Opinion

In our opinion, the assertion by Management that Hitwise Pty Ltd, in all material respects, effective control procedures in relation to the Web-ranking processes for the period 1 May 2006 to 31 July 2007 based on the criteria referred to above, is fairly stated.

Andrew Elsworth
Partner
PricewaterhouseCoopers

Management Assertions
Competitive Intelligence Services Control Procedures

6 August, 2007

During the period May 1, 2006 through July 31, 2007 the Hitwise Service has maintained effective control procedures to:

Methodology and Data Collection

Accurately disclose the methodology for measuring the competitiveness and performance of web sites ( Web-ranking process) on the following web sites:

United States of America ( www.hitwise.com)
United Kingdom ( www.hitwise.co.uk)
Australia ( www.hitwise.com.au)
New Zealand ( www.hitwise.co.nz)
Hong Kong ( www.hitwise.com.hk)
Singapore ( sg.hitwise.com)

Ensure the completeness and accuracy of the data collection process, from ISPs and other data partners, into the Web-Ranking process.

Ensure customer queries over web-ranking information provided on www.hitwise.com are handled in accordance with company policies and procedures.

General Computer Operations

Ensure company controls relation to general computer operations over systems supporting its Web-ranking processes were designed and operating effectively for the following areas:

Change management and program development procedures
Privileged access to programs and data
Backup and recovery of data collected and used during the Web-ranking process.
IT security policy.

Privacy

Ensure the data collection process does not include the collection and storage of personal information which would be in contravention of applicable privacy policies where Hitwise websites are hosted.

Ensure that the Hitwise privacy policy disclosed on the company websites is in adherence with the following list of regional privacy legislations:

United States: Federal Privacy Law; New York, California and Texas State Privacy Law
United Kingdom: The Data Protection Act 1998; The Privacy and Electronic Communications (EC Directive) Regulations 2003
Australia: The Privacy Act 1988; privacy related laws in Telecommunications Act 1997
New Zealand: The Privacy Act 1993
Hong Kong: Hong Kong Personal Data (Privacy) Ordinance
Singapore: Relevant statutes and common law torts (note. no overarching privacy or data protection law in Singapore)

Ensured effective operation of appropriate controls over the maintenance of customer information to ensure:

Completeness and accuracy of customer information
Security of personal information including usage restrictions
Adequate restrictions over customer access to update personal information

Adrian Giles
Founder
Hitwise Pty Ltd