I would block icmp messages where ever possible. There may be cases where you have to permit icmp - path mtu discovery relies upon the receipt of icmp unreachable messages (only type 3 code 4 - fragmentation needed messages) and some snmp managers will ususally require it to tell if a link is up or down outside of snmp traps.
How are you managing the routers now? Via an Out-Of-Band (OOB) network or is your management station in-band. If you need to allow icmp only allow the echo, echo-reply and unreachable messages. I would use an acl to only accept echo and echo reply from mgmt. stations, and I would use a rate-limitation to prevent icmp from tying up too much resources (cpu and bandwidth).
There may be a way to restrict the unreachable message to the code=4 value, instead of all unreachables. This way if your router has other acl entries, it will not send a admin prohibited code of an unreachable type. I am not sure how to code it. This way path mtu discovery can still work.
I hope this helps.