'Get out of jail free' can still be useful/important for internal terms. In addition to cya, it can also help establish the boundaries and business needs during an incident.
For example, in the event of a incident involving malware on the companies main web farm, can you pull the network to stop additional propogation? Or does the web presence have to remain up and operational at all costs, regardless of how much more difficult it makes containment?
CYA, applies both internal and external in my opinion, although could equally be in the form of a 'procedure' rather than a get out of jail document for internal scenarios.
And in answer to original question; sorry, don't know of any template available for a starting point, despite looking