I have been in compliance for the last year at a very small bank. We were told that someone else would be doing our internal audits but that didn't work out. I am now being told to risk rate our previous internal audit schedule. I don't even know where to start. Could someone please offer some suggestions.
Thank you for your help.

Actually what you most likely want to do is to risk rate areas of your operations and then schedule the audits around the risk rating with riskier areas being audit priorities and audited more frequently than lower risk areas.

There's really no right or wrong way to do this, but some of the more common criteria for risk weighting are:

Impact on financial results by the operational area
Prior audit findings
Regulatory and compliance scrutiny/risk

The Institute of Internal Auditors website might have some good information. I've not been on that site for a while, so I don't know for sure.