Actually what you most likely want to do is to risk rate areas of your operations and then schedule the audits around the risk rating with riskier areas being audit priorities and audited more frequently than lower risk areas.
There's really no right or wrong way to do this, but some of the more common criteria for risk weighting are:
Impact on financial results by the operational area
Prior audit findings
Regulatory and compliance scrutiny/risk