This question prompts a variety of different, sometimes conflicting, answers. One reason for this is that there are a number of distinct and separate benefits obtained by performing the exercise itself.
The classical definition of Risk Analysis is one that describes it as a process to ensure that the security controls for a system are fully commensurate with its risks.
This description is reasonable, at the highest level. However, as there are so many other advantages to be gained from employing a fully comprehensive methodology, the objectives are sometimes related to these.
In addition, there are questions relating to HOW security reviews are to be conducted, at what cost, with what detail of recommendation, and so on.
The pages in the next section discuss some of these issues and explore some of the benefits that can be obtained via the application of formal security risk analysis.