Some controls are mandatory (general regulations, contract clauses, etc. when not tied to specific situations)
Some controls are required, but situational (Software development, Payment Card processing systems, etc.)
Some controls are internally mandated, but could be changed based upon the desires of the organization (policies, standards, etc. not directly tied to the items above)
Some controls are not required but certainly good ideas in specific circumstances
Analysis can help with identification, classification (required / optional), justification, prioritization, etc. The further down the list above you go, the greater value analysis plays in decision making.
People need a solution that recognizes and enables them to address the realities of both.