Appendix D-1 — Illustrative Management Assertion and Service Auditor’s Report for a Type 2 Examination (Carved-Out Controls of a Subservice Organization and Complementary Subservice Organization and Complementary User Entity Controls)